NEWS FROM THE EDGE

Tech Tips and Advice from the Experts at Dynamic Edge

Alert: New Changes to Credit Card Security Policies Could Cost Your Business

In the wake of recent massive data breaches and increasing rates of credit card fraud, US card issuers  are migrating to a new chip-based card technology (formally known as EMV—Europay Mastercard and Visa). Currently, most US credit cards operate by magnetic strip—technology that can be captured and copied relatively easily. Most other countries use a small chip on the credit card to authenticate transactions. This chip technology implements cryptography and a several other security features ensuring multiple dimensions of protection against card fraud, which cost US banks $8.6 billion annually [1].

American card providers are launching EMV with chip and signature—to start— with aims to migrate to more secure chip and PIN down the road.

The first round of EMV cards – many of which are already in consumers’ hands – will be equipped with both chip and magnetic-strip functions to prevent disruptions to consumer spending during the migration to chip technology. For most consumers, this card migration is trivial as they have little stake in fraud prevention—many credit cards heavily advertise zero consumer liability [2].

Unfortunately, this card shift could add substantial costs to your business if you fail to comply with new credit card policy changes from the nearing chip migration.

Businesses will need to ensure their point of sale readers are compatible with the new chip technology. A chip reader costs about $40; with a PIN keypad, it can run about $100.

Businesses will be held responsible for credit card fraud*— Today, if an in-store transaction is conducted using a counterfeit, stolen or otherwise compromised card, consumer losses from that transaction fall back on the payment processor (creditor). After the chip migration, if a customer uses a chip card and the merchant either has not changed its system or swiped the card by accident and the transaction was fraudulent, the cost of the fraud will fall back on the merchant.

*Online transactions and other transactions that do not require physical cards are exempt from the new policies.

Below is a brief summary of anticipated policy changes for major US credit cards.

emv-deployment-milestones

Courtesy of SmartCard Alliance

Major creditors— Visa, Mastercard and Discover— have all announced that October 2015 as the official date for transitioning to EMV technology. It is crucial that you are prepared with new POS equipment and processes to accommodate new restrictions. Any parties not chip-ready by October 2015 could risk facing much higher costs in the event of a large data breach.

1 Hinde, Stephen. “Identity theft: theft, loss and giveaways.” Computer Fraud & Security 2005, no. 5 (2005): 18-20.

2 Douglass, Duncan B. “An examination of the fraud liability shift in consumer card-based payment systems.” Economic Perspectives 33, no. 1 (2009).

Comments are closed.