August 24, 2015 It’s been nice knowing that accepting a fraudulent credit card could only cost your shop, or the consumer, a small amount of money. Considering the enormous overall annual cost of credit card fraud ($7 billion, by one estimate), we should all be grateful to the credit card companies and banks who have assumed this liability. That may change for retailers who are unprepared for the “liability shift” coming up soon as part of the movement towards “chip” cards. According to Nathan Wright, in a blog for Wind River Financial (our card processor), “The general effect of the new rules coming into effect on October 1st say that the least secure party to a transaction must foot the bill for fraudulent purchases. If your business isn’t accepting chip transactions and PINs by October 1st, you will be considered less secure than a bank that is issuing chip cards.” We didn’t think that we had to replace our terminals, since they’re not that old — and can accept chip cards without a problem. But they do not have this ability to have customers input their four-digit PIN number if they have a card that requires this (a practice that is common in Europe already). Once we decided to upgrade, we had to make sure that we got terminals that could still accept our gift cards, and process our preferred customer points. Credit card processors and POS system providers are scrambling to make sure they have everything working compatibly by the magical date of October 1, 2015. And the credit card companies themselves are busy replacing some 600 million cards. Credit card fraud is more common online, of course, and in electronic and jewelry stores. But is it worth the risk not to upgrade your system? EMV, which stands for Europay, MasterCard and Visa, is the new global standard for credit card security: cards now have square computer chips in addition to magnetic strips, and this technology allows providers to authenticate every chip-card transaction. The advantage of these chips is spelled out in this quote from Dave Witts, president of U.S. payment systems for Creditcall, in an article for Creditcards.com ”If someone copies a mag stripe, they can easily replicate that data over and over again because it doesn’t change. Unlike magnetic-stripe cards, every time an EMV card is used for payment, the card chip creates a unique transaction code that cannot be used again. If a hacker stole the chip information from one specific point of sale, typical card duplication would never work because the stolen transaction number created in that instance wouldn’t be usable again and the card would just get denied.” Chip and signature cards are less secure than the chip and PIN cards that have reduced fraud in the United Kingdom by as much as 67%. Although the majority of the chip cards being issued in the US at this time don’t require a PIN number, this will probably be coming. You don’t want to have to turn down a sale because your business lacks the ability for customers to privately enter their PIN information. And despite the cost of converting to new terminals and systems, reducing credit card fraud — and avoiding having your shop liable for it — is worth the investment. Happy Retailing, Carol “Orange” Schroeder PS The illustration for today’s blog comes from an article on EMV technology for consumers — many of whom are puzzled about this change in technology. You might consider including something in your next store email blast explaining that you are doing your part to reduce the cost of credit card fraud.