Are You Ready?
Credit Card Fraud Liability Falls To Businesses On Oct. 1
Credit card companies are taking action against hackers by beefing up the security on their cards and card processing systems. Breaches, like the 40-million credit card breach at Target during the 2013 holiday season, have prompted the companies to create a new way to process transactions using EMV credit cards. The new cards, which stand for Europay, MasterCard and Visa, feature a computer chip that authenticates each individual transaction in efforts to make the EMV cards more counterfeit-proof. The chips are expected to greatly reduce fraud in the United States, which has doubled in recent years. What’s more, U.S. credit card companies have given businesses a deadline of Oct. 1, 2015 to become compatible with the new cards or they may have to assume the liability for any fraudulent transactions.
If all this information is news to you, you’re not alone. Wells Fargo / Gallup Small Business Index conducted a report in July that showed a majority of small business owners are unaware of the impending EMV liability shift on Oct. 1. The survey showed only 49 percent of owners that accept point-of-sale payments reported they were aware of the shift.
A Business’ Responsibility
Businesses need to upgrade their in-store technology and internal processing systems to read the new EMV cards by Oct. 1, 2015 or they could be liable for any fraud committed by cards used at their business. Currently, any losses incurred fall back on the payment processor or issuing bank. But, after the Oct. 1 deadline, the liability falls to the party that is the least EMV-compliant. For example, if a customer paid for a part with an EMV card, but your processing equipment wasn’t upgraded to accept chip technology, you would be liable for any fraud. New processing machines will require EMV cards to be “dipped” rather than swiped. Near field communication processors can also be used.
The cards differ from regular credit cards because of the tiny metallic squares located on the front of the card. These squares store unique transaction codes. Traditional magnetic strips, located on the back of the card, contain unchanging codes. Unchanging code is easy for counterfeiters to replicate. The data can be used over and over again for fraud because it doesn’t change. But with the new chips every time an EMV card is used, the chip creates a unique transaction code that cannot be used again. If the information was stolen, or hacked - like from Target - it couldn’t be used again. The processor wouldn’t recognize the transaction code and the card would be denied. Credit card companies will use both chips and strips on cards until the change is complete.
That change over to EMV cards is expected to take some time. Credit card companies estimate that 70 percent of credit cards and 41 percent of debit cards will be EMV by the end of 2015. Currently there are 120 million EMV cards already out there with an estimated 600 million in consumers’ hands by the end of the year.
Even with the liability issue, the Wells Fargo report showed many of the businesses surveyed will either be late to upgrade, or don’t plan to upgrade to EMV at all. Only 31 percent said their existing credit card processing system accepts chip-enabled cards. Of those that don’t, just 29 percent of said they intend to make the change before the Oct. 1 deadline. Another 34 percent of business owners reported they will at some point in the future after October, and 21 percent say they never plan to upgrade.
To help change these numbers, Wells Fargo has pursued a series of actions to build awareness, prepare small businesses for the EMV liability shift and encourage business owners to adopt EMV chip-card technology, including providing EMV-capable equipment to customers since 2012. In addition, all new and re-issued Wells Fargo Business Credit Cards and Business Elite Cards provided to customers are chip-enabled.
For more information you can download the Visa U.S. Merchant EMV Chip Acceptance Readiness Guide here.