WHY THE EMV LIABILITY SHIFT SHOULD TOP SMALL BUSINESSES’ PRIORITY LIST
You’ve likely heard the letters EMV by now. Standing for Europay, Mastercard, and Visa -- the three companies that pioneered this smart chip credit card system -- EMV is a more secure way to use payment terminals that are already in place in much of the world. And now it’s about to become the U.S. standard too.
Starting October 1, 2015, banks and businesses that haven’t upgraded to EMV will be liable for any credit card fraud. Credit card companies are currently liable for any fraud, to the tune of $10 billion a year. The U.S. is presently home to nearly half the world’s fraud, and the number of incidents has doubled over the past seven years, in part because the U.S. is among the last countries in the world to rely on swipe-and-signature credit card technology, which is easily intercepted and used by fraudsters.
Many of the larger retailers have already made the switch. But a number of small businesses have been holding off, for various and valid reasons, from the expense to the inconvenience. But ultimately, upgrading is the right choice and sooner is better than later. Here’s everything you need to know about the October 1 deadline and what you can expect.
What changes on October 1?
On October 1, liability for fraud will shift. Credit card companies are currently responsible for fraud, but that burden will lie on merchants or banks, depending on the caliber of their technology. If merchants still use swipe-and-signature terminals, but a customer has an EMV card, the merchant is responsible for any fraud. On the other hand, if the merchant has an EMV terminal, but the bank issuing the card is still using swipe technology, the bank is liable.
Why is EMV more secure than swipe credit cards?
Magnetic stripe cards use the same encoded information for every transaction. If a fraudster steals that code, he can use it again and again. EMV cards use a unique code for every transaction. Data breaches are still possible, but a hacker who steals an EMV code will find it much harder to profit from the breach.
How much will the EMV liability shift cost?
Each terminal alone could cost $500 to $1,000, according to researcher Javelin Strategy & Research. There are 13-14 million point-of-sale devices in the U.S. to replace.
In addition to hardware and installation, there are training costs for both employees and customers, and the potential for slower checkout times as everyone learns the new system. And of course the switch is designed to prevent risk, not bring in more revenue.
What happens if merchants ignore the EMV liability shift?
The sticker shock of the conversion has many smaller retailers willing to risk the liability in order to avoid the cost of accepting EMV cards. But while the price of EMV could total hundreds or thousands of dollars, depending on your number of payment terminals and locations, the millions of dollars in potential fraud costs make upgrading seem like a good insurance policy.
Additionally, ignoring the deadline could make your store more vulnerable to fraud as perpetrators target smaller retailers that have been less willing to make the conversion.
4 reasons why every mom and pop shop should switch to EMV as soon as possible
A recent report by Boston Retail Partners estimates a 650 percent surge in EMV use this year, but not all retailers are on board. While many major stores have already made the switch or are in the process, estimates suggest only 50-60 percent of all U.S. retailers will have made the switch when the October deadline arrives. Here’s why you should be part of the group planning to upgrade:
- Avoid the cost of liability. Credit card companies pay out $10 billion in fraud charges every year. While you might balk at the cost of upgrading terminals, lost productivity, and the learning curve for employees and customers, the millions of dollars you might have to pay for fraudulent charges is reason enough to accept the cost of upgrading.
- Better serve your customers. Rarely does a week go by without news of another data breach. While data will never be completely secure, switching to the EMV system is a clear sign to your customers that you take their data security seriously and are willing to pay to protect their information.
- Dodge the fraud push before October. But you should take action now. Many experts are foreseeing a rise in fraud as October approaches, as fraudsters take what might be their last opportunity to exploit stripe card systems. These attacks are more likely to be directed at the small businesses less likely to have adopted the EMV standard.
- Get the technology while you can. With tens of millions of payment terminals to replace and thousands of stores moving to adopt the same technology, any delay in upgrading could leave you waiting for back-ordered equipment and service providers to have a free moment to help set it up. Start now so any delays don’t push the October 1 deadline out of reach.
The switch to EMV cards is better for consumers and retailers, both large and small. While there’s an initial cost to setting up this new system, the resulting retail environment will be more secure and less vulnerable to the billions of dollars in fraud cases that hit the U.S. every year. By taking steps now to solve this problem, you’ll be free of liability and better able to secure your customers’ card information come October 1.