The Liability Shift in Credit Card Processing That Business Owners Need to Understand
Counterfeit cards make up about 37 percent of credit card fraud in the US. The reported cases in 2014 alone add up to nearly 32 million, or three times the number of cases reported the year before.
This alarming increase represents an elevated risk to credit card issuers and credit card holders alike. The new technology of chip-embedded cards was put into use with the intention of decreasing the rates of credit card fraud. These chips went into Europay, MasterCard, and Visa (EMV) credit and debit cards. When the chip is accessed during a purchase, the card sends a single code to initiate the payment process. This code is unique for every transaction, so the transaction code can never be used again, providing greater security against fraudulent use.
By comparison, the magnetic strips which the chips replace use static, unchanging data to process the card, giving criminals an opportunity to replicate the data into a counterfeit card. Chip cards can’t prevent all kinds of fraud or data breaches, but they are much more difficult for fraudsters to profit from. EMV chip technology should significantly reduce credit card fraud for merchants and consumers.
EMV is Here
The EMV deadline for merchants to implement the new chip readers at POS stations has come and gone, and as of October 1, 2015, these new credit cards can be used nearly everywhere there are POS terminals – though gas stations compliance has a later deadline of October 2017. One consequence is that liability for credit card fraud has now shifted dramatically. Traditionally, the institution issuing the card was held accountable for losses due to fraud. However, with the new EMV cards, liability falls to any merchant or financial institution that did not implement the new chips.
Delays and Costs
Though the deadline imposed by EMV has long passed, many banks and merchants still have not integrated the chips into their business operations. Only 70 percent of consumers have been issued these cards, but only about 30 percent of merchants have the necessary hardware to accept them. The reason for this seems to be simply the costs involved. Adoption of EMV technology has been particularly slow for smaller entities for some good reasons:
- Well over a billion cards, both debit and credit, need to be upgraded to EMV chips, but the cost for each card equipped with the technology is nearly $4.
- At least 15 million POS terminals will have to be upgraded with chip readers, at a cost of at least $500 each, and in some areas closer to $1,000.
- The total cost to industry of a complete upgrade for both cards and POS hardware amounts to nearly $7 billion.
These are some steep price tags for small businesses, and even small banks, which many are not able to commit to even with the threat of being held liable for fraud losses.
Although EMV technology hasn’t been fully implemented, the liability shift is still in effect. If your business takes in-person credit card transactions from conventional EMV cards, you are at risk of covering any fraudulent purchases. While upgrading POS systems to accept the new EMV cards can be costly, the risks of getting stuck with the cost of fraud could be even higher.
However, you also have the option of protecting your company with purchase of cyber liability insurance. Most of the policies issued will require that you are updated to accept the new chipped cards, but it’s still less expensive than total liability. Even if you do manage to get a policy but forego the EMV requirements, your coverage could be severely limited.
Both upgrading and insuring your business with a sound cyber policy can protect your interests in a number of different situations, such as:
- Computer viruses
- Ransomware, or cyber extortion
- Loss of data
- Dos (denial of service) attacks
- Regulatory fines
- Infringement of intellectual property
- Data breaches
And of course, credit card fraud.
There are many different versions of cyber liability insurance, so coverage and premiums will vary. Discussing all your options with your insurance company will give you a better picture of your terms, costs, and level of protection. You may also consider your priorities; if credit card fraud is your chief concern, that should be the bulk of your coverage.
EMV cards are making physical purchases safer from fraud, but many companies also do internet sales where chips won’t help. Yet if you have an online store or service that accepts traditional chip-less EMV cards, you could still be liable for any credit card fraud or data breaches involving credit card information.
EMV Chip Benefits
Upgrading your POS systems with the new technology may cost you more than you’re willing to part with, but it does offer clear benefits:
- The first is lesser risk of debit or credit card fraud for both you and your customers. This indicates to customers that you value their business and have taken action to ensure they can make purchases safely. It also protects you against liability if fraud does occur.
- Should you opt for cyber insurance for additional protection, you’ll get better policy premiums if you have EMV technology already in place. Underwriters will consider you a lesser risk. Vendors, contractors, and investors will also see you as a more reliable partner if they are assured you’re taking steps to protect your business against fraud and minimize any risks of counterfeit transactions.
Like it or not, the new chipped cards are the new standard and the credit card industry’s major players are expecting compliance from all merchants. Failure to adapt to the new EVM technology not only denies you revenue as more people being using them, it puts you at serious risk if those who stick with magnetic swipe cards get defrauded – something that happens fairly frequently.