Accepting credit cards just became a riskier and more expensive proposition for small business owners. As a law firm specializing in data breach prevention and response, we know that the United States lags behind comparable markets globally in credit card security. As a result, the nation has experienced a marked increase in credit card fraud in recent years. To combat this rise, major U.S. credit card issuers have introduced chip-cards, also known as “E.M.V.” cards, which is the worldwide standard for cards equipped with computer chips and the technology used to authenticate chip-card transactions. (E.M.V. stands for Europay, MasterCard and Visa, the companies that created the standard). Chip-card technology frustrates counterfeiters accustomed to stealing and duplicating the static data on magnetic stripe credit cards. The transition to chip-card technology coincides with a shift in liability for fraud. On October 1, 2015, the liability for card-present fraud shifted to whichever party is the least E.M.V.-compliant. If your business fails to upgrade to E.M.V.-compliant technology, you could bear the cost of a fraudulent transaction at your point of sale.
Credit card fraud in the U.S. has doubled in the past seven years, largely due to increased protection in the rest of the world resulting from the widespread adoption of E.M.V. cards. Banks and merchants lost over $16 billion dollars in 2014 on fraudulent transactions. Nearly half of these targets were based in the U.S., which accounts for only 21 percent of the world’s card transactions. Thieves obtain card information through data breaches and card skimmers and produce duplicates of the cards using the stolen data. Chip-cards will not protect against fraud following physical theft and offer no added protection online. However, roughly fifty percent of credit card fraud occurs onsite and accounted for 13.7 million fraudulent transactions in 2012 totaling $2.3 billion in charges. Aligning credit card security in the U.S. with other major global markets should diminish the disproportionate targeting of American merchants.
E.M.V. technology will not provide absolute protection against data breaches and theft, but it will limit the consequences. The magnetic stripes currently on credit cards in the U.S. store unchanging data. Thus, a credit predator who accesses the data on the magnetic stripe then possesses the information necessary to make purchases. Also, counterfeiters can easily replicate data from copied magnetic stripes to create duplicate cards. The chip in E.M.V. cards creates a unique transaction code with every use. Any stolen information would not work in a second transaction and a counterfeited card would be denied. Chip-card technology frustrates the efforts of onsite credit thieves and should drastically reduce fraud-related costs for both merchants and issuers.
Major U.S. credit card issuers, including MasterCard, Visa, Discover and American Express, established an October 1, 2015 deadline, after which time the liability for card-present fraud shifted to whichever party is the least E.M.V.-compliant in a fraudulent transaction. If a cardholder with an updated chip-card completes a transaction at a merchant lacking the capacity to accept E.M.V. technology and fraud occurs, the merchant is liable. Issuers published detailed schedules of the transition to E.M.V. technology ahead of the deadline in hopes of encouraging compliance among merchants. Merchants who failed to update their systems are on the hook for fraudulent transactions at their points of sale and potentially face high costs in the event of a large-scale data breach. Consumers will not be involved with or responsible for fraud charges resulting from an issuer’s failure to distribute chip-embedded cards or a merchant’s inability to accept the E.M.V. card.
Issuers will still reimburse consumers in accordance with their zero-liability policies. The issuer will then check the merchant’s E.M.V. compliance to allocate liability for the fraud. Merchants prepared to accept chip-cards will not be liable for any fraud resulting from a transaction at their point-of-sale, including any resulting fraud chargeback costs.
Consumers increasingly prefer credit card transactions to cash. Going cash-only is an option for the very few, as experts estimate only 23 percent of all point-of-sale purchases will be made with cash by 2017. Typical credit card processing companies charge up to 5 percent on everything a company earns from credit card sales, including processing costs, interchange costs and statement fees. The potential for fraud liability potentially adds to the cost of doing business and the process of transitioning to E.M.V. technology can be both time-consuming and expensive. While merchant compliance with E.M.V. standards will help combat credit card fraud in the U.S., the transition can feel arduous for entrepreneurs with smaller profit margins forced to dedicate valuable resources towards an effort with greater apparent benefits for issuers.
A survey of small-business owners conducted in July found that nearly 70 percent were unaware of the looming October 1st deadline and 21 percent of those who knew about the deadline did not plan to make the switch. Only around one in four American merchants switched over to the E.M.V. system ahead of the deadline, with preparedness among small retailers even lower at around one in five businesses. While larger retailers have widely transitioned into the chip-card system, many point-of-sale credit card processers used by smaller businesses have yet to add E.M.V. capabilities. In addition, many smaller businesses use devices with mobile card acceptance technology, such as Square, which are included in the shift in liability. Square offers two E.M.V.-compliant payment readers, neither of which were available for sale ahead of the deadline. Square has offered to cover E.M.V. liability shift-related charges for sellers who pre-order a new reader.
Many small businesses consider themselves as offering low-risk goods and services and are balancing the costs associated with E.M.V. conversion against the risks of being liable for fraudulent transactions. Currently, some credit card processing companies are offering merchants deals on transitioning to the chip-card system. Your small business may find that syncing an upgrade with the credit card industry’s shift in liability makes sense economically, while minimizing risk in the event of fraud. And, of course, a bigger risk comes from being the only business left on your block susceptible to old-fashioned magnetic stripe bandits.