Important information if your business accepts credit cards at the Point of Sale (POS).
The Europay, MasterCard and Visa Cards (EMV) Compliance mandate, also known as the Chip Card compliance mandate, went into effect October 1, 2015. The payment industry’s transition to Chip Cards is intended to improve security and reduce credit card fraud. While merchant services should always be treated with high security, EMV compliance will greatly enhance a business’s processing and transaction flexibility and security.
Important: The transition to Chip Cards includes a shift in liability that could put your business at risk. If your business accepts Chip Cards at the Point of Sale but you do not upgrade equipment and systems to read Chip Cards the liability will shift to whichever party is the least EMV-compliant in a fraudulent transaction. For example, if your business has not upgraded to Chip Card readers and a compromised card is used in your store your business could be found as the least compliant in the chain of payment processing.
Why the transition?
The magnetic stripes on traditional credit and debit cards contain fixed, and highly sensitive data. Whoever has access to that data gains all of the card and cardholder information necessary to make purchases. With Chip Cards each use creates a unique transaction code that cannot be used again. While Chip Cards will not prevent all data breaches they will make them much more difficult.
Note: Because fraudsters know about the transition to Chip Cards they may be more likely to target businesses that still use traditional credit card processing systems.
Liability Shift – Critical information
The liability shift that is part of the EMV Compliance Mandate means that issuers and merchants that do not upgrade to EMV compliant devices but choose to accept transactions made with EMV-compliant cards assume liability for any and all transactions that are found to be fraudulent. The liability shift has been described this way: The party, either the issuer or merchant, who does not support EMV, assumes liability for counterfeit card transactions. In this scenario issuer refers to banks, credit unions, and any other financial institution issuing credit or debit cards.
What else you should know:
- The EMV Compliance Mandate applies to Accel, American Express, China UnionPay, Discover, MasterCard, NYCE Payments Network, SHAZAM Network, STAR Network and Visa
- The liability shift only pertains to fraudulent transactions where the magnetic stripe was read (customer presents a Chip Card but the merchant does not have the equipment needed to read the chip). It does not apply to contactless transactions (eCommerce, mobile payments)
- There is no anticipated liability shift for fallback transactions. Fallback transactions are considered magnetic stripe transactions and liability remains with the card issuer
Steps you can take to become compliant, improve security and reduce risk
We’ve outlined five steps you can take now to enhance your payment systems and avoid being the weak link should a fraudulent transaction occur at the POS.
1) Assess your current Point of Sale system: You may need to update your system’s hardware, software or both.
2) Consult with the appropriate parties in your payment networks find out what you need to upgrade, the associated costs and applicable liability shifts. You may need to spread out costs and allow adequate time to adjust to this new way of processing payments.
3) Evaluate your payment technology: If you are using an older system this might be the time to upgrade to a system that accepts both Chip Cards and contactless mobile payments such as Apple Pay. This is a great way to enhance customer service and stay competitive.
4) Review security: Even though Chip Cards are more secure than traditional magnetic stripe cards, fraud may still occur. When you talk to your payment services providers ask about the security measures in place to protect your customers’ data. Also, because Chip Cards are still a new technology, develop a plan for accepting payment in the event that your EMV-compliant technology breaks down.
5) Train your employees and customers: Chip Card devices require customers to insert their Chip Card and wait until the transaction is complete before removing. It usually takes 5 to 10 seconds longer than the traditional method.
Final Note: Each payment network determines its own policies and practices (including but not limited to rules regarding liability and timing of the liability shifts). As a result, it is highly recommended that you consult with your respective payment networks regarding applicable liability shifts and rules.
Categorised in: Security
This post was written by Profit Wise Accounting