Image source: Photospin.com
2014 was the year that so many businesses want to forget. It was the year that cyber thieves (hackers) broke in to company databases and stole sensitive customer data. Businesses like Home Depot, Target, Sony, JP Morgan Chase, Stapes, and Wendy’s are just a few on the long list of victims.
But possibly more embarrassing than these individual names is the reason for all of these data breaches that caused customer data to be sold on the black market. Simply, the United States doesn’t employ the same security protocols as other countries so hackers attacked. Now, the United States is quickly taking steps to employ what other countries have already done: EMV cards.
What is an EMV Card?
EMV is short for Europay, MasterCard, and Visa. The less techie term is chip cards because these credit cards have a microchip on the front. EMV isn’t anything new. It began in 1999 and by the early 2000s numerous countries around the world had embraced it. Now, Discover, American Express, numerous banks, payment processors, and vendors are using EMV cards.
Because the United States has a more complex financial and political system, adopting EMV technology took longer than expected. Second, banks and payment processors knew that the cost of issuing new cards would be significant and retailers would have to invest in new payment terminals. Nobody wants to spend money to solve a problem that doesn’t exist. Now that cybercrimes are costing businesses so much money, the investment makes sense.
Will customers still sign when they make a purchase?
In the United States, yes. EMV cards come in two different types. Chip and PIN and chip and signature cards. Chip and PIN cards are the EMV card of choice in most other countries. Instead of signing, customers simply input a PIN number. For now, the United States is adopting Chip and signature cards where people only have to sign. No PIN required.
The federal government would like companies to embrace Chip and PIN technology but that won’t happen—at least in the beginning. Experts say that Chip and PIN cards only protect against lost or stolen cards—a very small problem compared to data breaches.
Chip and signature cards won’t work at many international businesses. People who travel overseas frequently know to ask their bank for a chip and PIN card.
How does it work and what do I need?
Traditional credit cards have a magnetic strip that holds the information necessary to make the transaction. That information never changes so thieves that steal the information can create new cards or use the information to make online purchases. On an EMV card, the chip creates a new number for each transaction. If somebody steals the information from an EMV card transaction, it’s worthless because they can only use it once.
EMV cards require a different type of payment terminal. Businesses will have to upgrade in order to accept these cards.
What if I don’t upgrade?
On October 1, 2015, the “liability shift” took place. Prior to this, when hackers or anybody stole a person’s credit card or credit card information, the payment processor was responsible for the damages. Once the liability shift happened, the person with the most antiquated technology became responsible fore the liability.
For example, if the person uses an EMV card at your store but they swipe the card using the magnetic strip because you have not upgraded your payment terminal, you are responsible for the damages because you have the most antiquated systems.
If you have an EMV capable payment terminal but the person’s issuing bank didn’t issue a new EMV card, the bank is responsible.
In other words, you have to upgrade your systems to avoid liability.
How much will the new equipment cost me?
Estimates show that U.S. businesses will spend a collective $8.6 billion to replace their POS technology. Javelin Strategy & Research says that businesses will pay between $500 and $1,000 per payment terminal for the upgrade but that’s not necessarily the way to look at it. Along with the EMV upgrade, payment technologies like Apple Pay and payment systems like it are expected to become popular with consumers. Not having the most up to date technology for payment processing may put your business at a disadvantage. Upgrading because of the liability shift also allows you to upgrade to the most current technology available.
Will these EMV cards protect against online fraud?
Unfortunately, they won’t. Transactions that happen online are called, “card not present” transactions. (CNP). EMV technology only works when the card is used at the proper payment terminals. Chase is warning its customers and businesses that hackers will likely go after these CNP transaction more aggressively once EMV technology in place. But banks and credit card issuers know that and are working to address the issue.
The day when businesses without EMV payment terminals may become liable for any fraudulent charge initiated at their business has passed. Upgrading isn’t cheap but one fraudulent transaction might cost more than the one time cost of upgrading. If we learned anything from 2014, when data breaches happen, the damage is massive. As a small business, you may not have the resources to handle the liability that comes with antiquated technology. In that sense, upgrading your payment terminals becomes a bit like an insurance policy.
© 2015 Attard Communications, Inc. All Rights Reserved. May not be reproduced, reprinted or redistributed without written permission from Attard Communications, Inc.