Tomorrow is the deadline that Visa and MasterCard have set for banks and retailers across the US to roll out a new system for more secure bank cards with microchips embedded in them. This change could potentially affect all types of businesses. Continue reading to find out how it may impact you and what actions are necessary.
How could EMV affect me?
While only establishments processing card-present transactions will be affected directly; companies that accept internet, phone or mail orders (card-not-present transactions) could experience dangerous side effects as a result of this change.
The way fraud liability is handled will be changing on October 1, 2015. If your customers use a chip enabled card for purchases made in person and you do not have an EMV reader, you may be liable for certain costs from counterfeit or stolen cards during card-present transactions. Previously, if businesses swiped a counterfeit or stolen card, the bank assumed the loss. To encourage retailers to adopt the more secure technology of EMV/chip cards, card issuers plan on shifting that loss to merchants, effective Oct 1.
Even if you strictly process card-not-present transactions, don’t breathe a sigh of relief just yet. An article published on creditcards.com states, “In every country that has switched to EMV cards — and the United States is the last developed country to do so — online fraud has jumped, says online fraud expert Brian Krebs.” The article goes on to explain, “as the ability to use counterfeit cards in stores dries up, fraudsters are expected to turn to other forms of fraud that prey on different vulnerabilities. At the top of the list, payment security experts say, is using stolen card numbers to buy stuff from the Internet. If counterfeiting physical cards is more trouble, criminals will naturally turn to buying items online with stolen credit card numbers. That’s been the pattern elsewhere, says Justin McDonald of The Fraud Practice, an anti-fraud consulting company.” Likewise, it wouldn’t be surprising to see an increase of credit card fraud in phone and mail orders as well.
What do I need to do?
If you process face-to-face credit card transactions, one of the first steps you need to take is to purchase EMV hardware. All of your customers’ cards will soon have their own embedded chip. Switching to an embedded reader may help reduce your liability for costs associated with certain kinds of credit card fraud. Click this link for a useful Step-by-Step Guide to EMV Migration for Small Businesses from Intuit.
If you accept internet, phone or mail orders, the coming spike in card-not-present fraud means you will need to improve controls to ensure that you know your customers are authentic. As with any type of fraud prevention, no single point solution will suffice. Merchants must take a layered approach to their defenses, for the best results. To read about some of the available technologies that can help reduce the impact of the rising tide of threats, check out this white paper prepared by research and advisory firm Aite Group, entitled Card-Not-Present Fraud in a Post-EMV Environment: Combating the Fraud Spike. Also helpful is this link to an article from smallbiztrends.com outlining 10 Tips for Preventing Online Credit Card Fraud.
For more information on avoiding payment fraud, check out Community Merchants USA’s resources online.