As a savvy business owner that accepts credit and debit cards, you should aleady know the dangers of failing to upgrade to an EMV-compliant terminal–
Just in case you need to refresh your memory, this article will tell you everything you need to know about EMV compliance in 2017:
What Is EMV?
EMV stands for Europay, MasterCard and Visa.
These three companies founded the organization that established the new standards for EMV chip technology in order to shift liability and reduce their fraud losses.
On the plus side, EMV technology enhances credit card security through improvements in the way chips store and communicate data making chip cards harder to counterfeit than magnetic stripe cards.
Industry standardization of this technology means chip cards work worldwide at any payment terminal that can process them.
What does chip technology mean for small business?
For your small business, EMV compliance in 2017 simply means upgrading your terminal to a model that can process payment cards via EMV chips or magnetic strip.
Officially, EMV compliance rules went into effect October 2015, though gas stations have until October 2017 to comply.
But do you know what can happen if your business doesn’t comply with the credit card chip law?
Well the good news is it’s not a legal matter; you can’t get arrested for non-compliance or anything like that.
However, if you’re still processing credit cards with a magnetic strip, your business will be held automatically responsible for any fraudulent charges made by someone using a chip card.
This may not be a big deal for a small corner cafe, but for small businesses selling big-ticket items, you could be on the line for thousands of dollars.
Not to mention, fraud risk is even higher in certain lines of business where card-present fraud is higher, like jewelry, electronics, and designer goods.
Basically what this means is that if a customer comes in a charges $1000 on a EMV chip card, and you use the old magnetic card swiper to ring them up, that customer can dispute the charge and you as the EMV non-compliant merchant would have no legal recourse.
EMV compliance protects your business from liability.
It doesn’t matter if your customers aren’t using EMV-enabled cards; not everyone has one yet.
As long as you are EMV compliant, you won’t be liable for fraudulent swiped transactions whether they come from chip transactions or swipe transactions.
Card issuers will remain liable for POS fraud.
While switching systems can be a pain, you should look at it an opportunity to reevaluate point-of-sale providers to get better service and save money.
The worst-case scenario if you don’t comply is that a customer commits card-present fraud and charges more than your business can afford to lose.
For small businesses that process lots of small-dollar transactions, the costs of upgrading to an EMV compliant terminal may be prohibitive.
They’ll have to weigh the expense of upgrading against the possible POS fraud losses from not upgrading.
If you choose not to upgrade, you may want to budget for fraud losses and implement additional checkout controls such as checking customer ID and asking customers to use a PIN where possible.
Best Credit Card Readers for Small Business
In order to be EMV compliant, your business needs:
- to use a countertop credit card terminal
- point of sale (POS) system
- OR a mobile card reader that can read EMV chip debit cards and credit cards.
These devices have a slot at the top or bottom where a customer can insert their card so the device can read the card’s EMV chip.
Some require the customer to enter a PIN to complete the transaction, while others require the customer to sign.
You may need to update your business’s software, too.
Do EMV compliance laws apply to merchants using a mobile card reader?
If that’s you, protect yourself by getting a device that lets you accept both chip-enabled and magnetic stripe cards.
Here are three options:
- Square chip reader ($29.99)
- Square contactless and chip reader ($49.99)
- PayPal chip card reader ($79.99), which also accepts near-field communication (NFC) payment methods such as Apple Pay and Android
A downside of the new EMV technology is that payment processing times are slower with chip cards than with magnetic stripe cards.
Some EMV cards coming out also contain NFC technology however, which is the fastest option available.
If you’re concerned about slower transaction times as a result of processing chip card transactions, consider upgrading to NFC technology and educating your customers on how to use it.
EMV technology still isn’t perfect
EMV technology does not prevent data breaches nor can it protect cardholders in the event of a data breach.
The technology makes card-present fraud more difficult, but not impossible.
Your business needs to take other steps to prevent data breaches, such as hiring a third-party data security company.
Instead of learning a new skill outside your area of expertise, let an outside expert protect your customers’ data.
They can make sure you’re payment card industry (PCI) compliant, monitor your POS system for tampering, set up proper firewalls, configure antivirus software, detect and resolve any weaknesses in your system.
Even so, the simple theft of an employee’s laptop with valuable customer data can cost a business millions–
And you may not even realize how bad the damage is at first.
Consulting firm Deloitte found that 90% of the impacts of a data breach on a business are hidden and don’t fully surface until two or more years afterward.
These hidden losses include higher insurance premiums, disruptions in business operations, loss of reputation, and lost customers.
The obvious and immediate costs of a data breach include first notifying customers, then:
- protecting them– perhaps by providing a year of free identity theft monitoring from a third party
- paying regulatory fines for not being PCI compliant
- hiring a public relations firm to help you manage the crisis
- paying attorney fees and litigation
- strengthening cybersecurity
- and investigating the breach.
Doing Your Part to Prevent Credit Card Fraud
Implementing point-to-point encryption and tokenization can reduce fraud during the payment authorization process.
Point-to-point encryption encodes payment card data from the time a card is swiped (or dipped) until it reaches the payment processor.
Tokenization uses a randomly generated set of numbers called a token instead of the actual card number so that if thieves intercept the number, it’s useless to them.
These technologies work with EMV to create even greater transaction security.
Further, following PCI data security standards (PCI DSS) will help to keep your network secure and limit physical access to customers’ credit card data.
You’ll also need to prepare for the likely increase in online fraud as card-present fraud becomes more difficult.
Learn from the experiences of retailers in other countries that adopted EMV technology earlier than the United States; they saw online fraud skyrocket.
With an awareness of this risk, you may be able to better protect your business against it (if you conduct online sales.)
Besides PCI compliance, the most basic protections include using an address verification system and requiring the cardholder’s CVV2 or CVC number.
EMV Compliance: The Good, The Bad, & The Ugly
The new chip cards don’t solve all fraud risks— far from it.
Most EMV cards still contain magnetic stripes; without them, they couldn’t be used at older payment terminals.
Further, chip-enabled cards can still be used to make fraudulent payments online or by phone.
Industry experts say it will probably be several years before the transition from magnetic stripe to EMV cards is complete.
The important thing for small business owners looking to protect themselves is to have an EMV-compliant system in place for in-person transactions so that fraud liability doesn’t fall on their business.