3 facts on chip enabled credit cards and security
By now, you’ve certainly heard about the chip-enabled credit cards that are becoming standard in the United States. Hopefully, you've already upgraded your terminals and systems to accept EMV chip cards at your locations. If not, you should speak with your payments processor today about making the switch to protect your business and your liability. Here are three quick facts about EMV chip credit cards and security.
Fact #1: Chip cards don’t prevent data breaches and can’t stop all forms of fraud, but they make information stolen from them less useful
The security of chip-enabled cards comes from that small computer chip that is embedded right into the card. On traditional credit and debit cards, the magnetic stripe contains unchanging data that is used each time a purchase is made. So, if a fraudster hacks a payments system and steals that data, the data associated with that card can be used successfully in subsequent purchases. This has made magnetic stripe cards prime targets for hackers, especially in the United States where we’ve been much slower to adopt EMV technology.
With an EMV card, however, the chip generates unique payment data for each purchase. While the shopper has “dipped” his card into the payment terminal, the chip generates unique, one-time-use-only transaction data that is sent across the network for processing. If a fraudster intercepts EMV chip card data, it cannot be used in subsequent transactions since it’s already been used once before. So, while EMV technology does not actually prevent data breaches from occurring, it does make it much harder for criminals to successfully profit from the sensitive data they steal.
Fact #2: Along with EMV chip cards comes a shift in fraud liability.
With magnetic stripe cards, if a shopper uses a counterfeit, stolen or other compromised card in your store to make a purchase, the money that the consumer loses from that transaction falls back on the payment processor or issuing bank—depending on the card’s terms and conditions. However, after the October 1, 2015 U.S. EMV liability shift, accountability for card-present fraud shifted to whomever—payment processor, issuing bank or merchant—is least EMV compliant. This change will hopefully bring the entire payment industry into compliance with EMV as quickly as possible by encouraging compliance to avoid the costs and loss of consumer confidence that can come with a breach.
Fact #3: If you don’t upgrade your terminals to accept chip-enabled cards, you may be liable for fraud losses.
Upgrading your terminals and systems to support EMV chip card acceptance is an important step in reducing your liability and should also reduce the likelihood of fraudulent card presentation at the physical point of sale. Depending on the type of fraud that is committed, your company could be held liable in terms of financial repercussions and loss of consumer confidence in your brand. Especially until all U.S. merchants and financial institutions have fully converted to EMV technology, the U.S. remains a big target for data theft. Don’t leave your company vulnerable. Make sure that you’ve done all you can do to be ready to support this important new technology.