Swiping credit cards will soon be a thing of the past.If your business isn't ready, it won't just be left behind — it may become history, too.
The deadline to implement EMV chip readers is finally here, and merchants who have yet to make the switch will be held liable for fraud-related losses from purchases made at their stores. For some small businesses, covering these losses may be enough to close up shop.
For instance, say customers are forced to swipe their credit cards because your terminals aren't equipped with EMV chip readers. By the time you find out about the security breach at your store, an identity thief has already stolen your customers' information and had the time of his life going on a $50,000 shopping spree. Guess who's responsible for that $50,000, plus any associated fees and fines? Your business. And it's totally not worth it.
To help you better understand EMV — and what it means for your business — here's a quick primer on EMV standards and expert advice specifically for small business owners.
What is EMV?
Since individual organizations can only do so much to halt cybercriminals, the credit card payments industry has instituted EMV policies to fight credit card fraud. The government has also stepped in to lead a nationwide effort to better protect consumers. In October 2014, President Obama issued an executive order to implement enhanced security measures for consumer finances. Part of this order, which is detailed in a White House fact sheet, requires payment card issuers to embed cards with more-secure EMV microchip technology by October 2015.
EMV, which stands for Europay, MasterCard and Visa, is a global credit card standard that enhances the security of in-person card transactions. EMV technology allows sensitive cardholder data to be stored in a chip, rather than in the traditional magnetic stripe found on most payment cards today.
How EMV works
EMV technology is very simple on the customer's end. Instead of swiping the magnetic strip of a credit card, one end of the card is "dipped" into the EMV reader so it can scan the embedded EMV chip.
In an article on CreditCards.com, author Sienna Kossman explained that every time an EMV card is used for payment, the chip generates a unique transaction code that cannot be used again. This provides a huge advantage over traditional cards, whose magnetic stripes contain unchanging data that can be stolen and replicated over and over again by hackers.
EMV cards provide an additional layer of security by requiring a PIN input instead of a signature when authenticating purchases, said Dax Dasilva, founder and CEO of point-of-sale system provider Lightspeed.
For EMV technology to work, the point-of-sale (POS) system where the card is used must be equipped to read and communicate with the microchip, said Tyler Vaughey, vice president of U.S. small merchants for American Express.
Card issuers are beginning to issue chip-embedded credit and debit cards, but not all merchants have made the switch to EMV POS terminals yet. Once the industry-wide EMV policy takes effect, any merchant without chip-enabled systems may be held liable for any fraudulent transactions that occur, Vaughey said.
Switching to EMV
An American Express survey found that small businesses know how real the possibility of a breach is. Sixty-seven percent of U.S. small merchants said preventing and protecting against credit card fraud was very important to running their business, and 52 percent felt they are more vulnerable to fraud than larger companies. But this group in particular is woefully unprepared for the transition to EMV technology: Nearly half of the merchants surveyed were unaware of the fraud liability shift occurring in October, and 38 percent either haven't decided or do not plan to upgrade to EMV-enabled POS systems.
Those who do not plan to upgrade pointed to the hefty price tag (57 percent), difficult software upgrades (29 percent) and consumer education challenges (28 percent) as their main barriers to implementing EMV technology. While the switch will indeed require an up-front investment, it's more than worth it if you want to save yourself legal and financial trouble in the future.
"Switching to EMV will mean adding new in-store payment technology and internal payment-processing systems all while complying with new liability rules, but it's a crucial investment," Dasilva told Business News Daily. "As of now, if your ... systems are not updated by Oct. 1, 2015, your business ... would be required to pay to cover all fraudulent activity out-of-pocket. Small businesses often can't afford to take on this kind of liability, and being ahead of the game will make your small business appear even more trustworthy and established."
What if customers don't have EMV cards?
Although merchants have an EMV deadline, many cardholders have yet to receive updated, EMV-enabled versions of their credit cards. This isn't something merchants have to worry about, however, as long as they have already made the switch. Having implemented EMV technology also has the added benefit of zero liability for swiped purchases.
"EMV-compatible terminals and machines are also set up so they can swipe traditional magnet stripe cards, so if a consumer walks in to the business without an EMV card they will still be able to process the transaction," said Suneera Madhani, CEO of Fattmerchant, a credit card processing solutions provider.
However, the business will not be responsible for fraud-related losses from those swiped transactions.
"If a business has implemented the technology, but customers don’t have a chip card, the liability burden remains with the banks," said Matt Schulz, senior industry analyst at CreditCards.com. "Generally speaking, the only case in which the liability burden shifts is when a credit card holder has a chip card but the merchant doesn’t have the technology to accept the chip card."
What to do if you miss the EMV deadline
Not implementing EMV technology isn't really an option, experts say. Missing the Oct. 1, 2015 deadline means a business is already at risk for significant financial risk, so they should prioritize the upgrade.
"If a business hasn’t upgraded to EMV technology by the deadline, they should make plans to do so as soon as possible," Schulz advised. "While it is definitely expensive to make these upgrades, the reality is that the merchant's risks facing far greater costs if they end up getting stuck with the bill for future credit card losses."
Lastly, financial risk aside, businesses should make the switch now to stay ahead of the game. EMV technology is already the standard around the world and it is the future of payment processing.
"EMV is not a technology trend that will fall by the wayside," Madhani added. "We are the last country to adopt this technology, and we will only continue to see the development of EMV and contactless technologies."
Correction: An earlier version of this article indicated that the EMV fraud-liability shift was government-mandated, rather than an industry-wide policy.
Updated Sept. 30, 2015. Additional reporting by Nicole Fallon Taylor.