EMV Chip Card is the New Standard – Are you Compliant?
NEWS – The new EMV chip card standard has been in effect since October 1, 2015, but businesses have been slow to make the switch. An October survey of 1,300 business owners by Newtek Business Services found that only 41 percent were EMV compliant, and 53 percent of these had no plans to become compliant. While some businesses may be willing to court the risks of non-compliance, digital banking consultant Mark Ranta warns that non-compliant vendors are playing roulette with their business by risking potentially devastating liability costs in the event of fraud.
If your business isn’t EMV-compliant yet, here are some things you need to know about how the new standard affects you and what you should do if you want to avoid the risks of non-compliance.
How the New Cards Work
The EMV card update eliminates some of the vulnerabilities inherent in magnetic swipe cards. With magnetic swipe cards, identifying information is permanently embedded in the card’s strip. This makes it possible for thieves to steal card information by copying the strip and creating a duplicate card, known as skimming and cloning.
EMV cards replace the card’s strip with a small chip. The chip stores card information and generates a unique code for each transaction. This code can only be used for an individual transaction and cannot be copied and reused for additional purchases. This makes EMV cards useless to card-skimming thieves. Some EMV cards add a second layer of protection by using a PIN known only to the cardholder, making even stolen original cards useless to thieves.
EMV cards are dipped into a card reader rather than being swiped. This can take slightly longer to process than magnetic cards because users must wait until checkout is complete before dipping the card and then until the card makes an encoded “handshake” with the terminal and bank authorization system.
While merchants are making the transition to EMV card readers, most cards currently include magnetic strips as a backup processing option. This is intended to be gradually phased out after full EMV adoption is completed over the next few years.
Where You’re Still Vulnerable
While it’s true that EMV cards beat out magnetic swipe cards in person, when shopping online, all bets are off. Online, no matter the type of card you or your customers use, anyone is at risk of falling victim to identity thieves who track account numbers and passwords in order to access your personal information. Be aware of spamming emails and pop-ups that mimic legitimate banks or businesses and try to get you to login. Always verify you’re on a safe site before entering your personal data, and encourage your online customers to do the same.
Because of increasing concerns over identity theft, numerous companies, including Lifelock, offer services that monitor a client’s credit and protect his or her identity. Some employers even offer identity theft insurance to help reduce the amount of money and time spent on repairing the damage done if and when the crime is committed. Consider investing in a company-wide policy that protects your employees should they be targeted in a cyber crime. In the long run it will better benefit your business if your employees have peace of mind and a reliable resource should the worst happen.
What the New Standard Means for Businesses
The new EMV standard places additional liability for credit and debit card fraud on merchants who are not EMV-compliant. With the new standard, the party in a transaction who is least EMV-compliant is liable when fraud occurs. For example, if a merchant does not have an EMV-ready terminal and a customer swipes his or her card and the magnetic data is stolen, the merchant is liable for any fraud that occurs. The same holds true if a thief swipes a copied card at a non-EMV-compliant terminal.
However, if a thief swipes a copied card at a merchant using an EMV-compliant terminal, the card issuer rather than the merchant is liable. EMV-compliant merchants are likewise not liable if a customer does not use a chip card or if a thief uses a stolen chip card. Online transactions are also the responsibility of the card issuer rather than the merchant.
To make the transition to EMV, Ranta recommends first talking to your point-of-sale provider about terminal upgrade options. Choose a POS solution, such as Sage Payment Solutions, that can also handle contactless mobile payments to reduce the amount of time your customers spend waiting for EMV terminals to process checkouts. Sage Payment Solutions also lets you view, manage and control your money, so you know where your business stands at all times.
Training your employees and customers to use the new checkout system ensures a smoother transition. Teach your employees how to assist customers with chip card transactions and what to do in case a transaction malfunctions or a customer does not have a chip card. Teaching your employees about the security benefits of EMV also helps them communicate the advantages of chip cards to customers, making customers more comfortable with the transition. Finally, it’s advisable to test your new system out at a specific terminal or store before making a full transition to EMV.
Understanding how the new EMV cards and portals work is the first step to being EMV-compliant. Don’t take risks with your business and upgrade your entire system to be compliant with the new standards.