There’s a new global standard for credit and debit card transactions. Merchants who haven't upgraded to EMV (Europay, MasterCard, and Visa) technology by October 1, 2015 may be surprised to find they face a dramatic increase in potential fraud liability.
If you haven’t yet upgraded, you’re not alone. According to a recent report released by the Federal Reserve Bank of Chicago (this link will download a PDF of the report), a third of small business owners aren’t even aware of the upcoming shift in who’s responsible for fraudulent point-of-sale card transactions. According to the same report, it’s small- and mid-sized businesses that are at greatest risk for absorbing the costs of such fraud.
Why is the transition happening?
The recent increase in data breaches (like those widely reported at major retailers, for instance) has led to a substantial rise in counterfeit card activity. A magnetic stripe is fairly easy to skim and duplicate, which leaves consumers – and merchants with whom criminals “shop” – vulnerable to transactions completed with reproduced cards.
An EMV chip, meanwhile, includes a number of safeguards – including static and dynamic data points and encryption coding – which makes a card much more difficult to duplicate. Overseas merchants and card issuers, many of whom upgraded to EMV or EMV-like technology more than a decade ago, have already seen a dramatic decline in fraudulent point-of-sale transactions. The U.S. accounts for almost half of all global fraud losses today, due primarily to a non-EMV compliant infrastructure. The transition is expected to decrease counterfeit point-of-sale card fraud by bringing U.S. card issuers and merchants up-to-date with what has become the global standard for card present transactions.
Will the EMV shift affect my business?
Data hacks at prominent retailers often make headlines; however the ensuing counterfeiting of cards and subsequent rash of fraudulent credit transactions does not, even though U.S. card issuers lost $3.89 billion in 2014 due to the use of counterfeit cards. That’s why many merchants may not realize the potential chargebacks they face when responsibility shifts.
Your business can be affected in the following ways:
- If you’ve already upgraded your hardware, your potential liability is low. As long as employees use the EMV chip reader properly (read: staff training will be key), the issuing bank will be responsible for any fraudulent transactions.
- If you’re using a magnetic stripe card reader to process an EMV-chip enabled card and a fraudulent transaction takes place, the business owner will be responsible for any resulting charges.
- If you’ve upgraded your hardware but use your magnetic stripe reader to process a non-EMV chip enabled card because the card issuer has not upgraded to EMV technology, the issuer will pay the losses from any ensuing fraud.
In other words, as of October 1, the party with the least up-to-date technology will ultimately be responsible for the cost of fraudulent point-of-sale activity.
What if I haven’t upgraded my technology?
As you work toward your upgrade strategy, it’s worth recognizing that – as the number of EMV-compliant transactions expands nationwide, so will the risks faced by non-compliant merchants. After speaking to their merchant card processors, many business owners will be pleased to find that an upgrade will be less time and money intensive than expected but will offer greater mitigation of fraud activity.
Your bank or financial professional can work with you to decide when and if it makes sense to upgrade to EMV-chip compliant technology, based on your current tolerance for fraud and the potential associated costs.