I am sure you have started to hear all the hubbub about the new microchip credit cards. But some may have been hearing some half truths or misinformation, like your transactions won't be paid to you bank if you do not use the chip or that a card swipe machine will not work after the end of this year. While these are up front false, there are some parital truths in what they are trying to convey, so let me try to clear up a few points for you here.
The new debit and credit cards are called EMV cards for "Europay, MasterCard and Visa" that developed the technology used in Europe. With all the wide spread credit card fraud taking place the last few years here in the US this technology is now going to become the norm here as well, like it or not.
Fact: In 2014 the U.S. make up only 24% of the worlds credit card sales yet it was responsible for nearly 50% of all fraud worldwide. And the U.S. has had the most card fraud in the world for the last 5 years.
Unlike the magnetic stripe that could only hold a set amount and series of coded information on it to be read or copied but any machine designed to do so the chip is in fact a mini computer.
That besides holding set information like your account number, name, address etc it is able to create a unique transaction impression code every time it is used that is only good for that one transaction and can not be used again to make a new transaction.
These cards are also called dip cards, meaning that the chip must be dipped into a reader for them to work. Unlike the NFC "near field communication" or RFID "radio frequency identification" tap cards that only need to be tapped or brought within a few inches of a Wi-Fi reader to process a transaction. These have come under fire for being too easy to steal money by thieves using their own wireless machines and just brushing up to wallets and purses. These are not the same thing. But there will be some cards equipped with both the EMV and RFID in the same card chip.
The one problem with the new dip cards will be that a transaction will take much longer than a swipe since the computer on the chip must sit inside the reader for the entire transaction to collect information about your transaction before it can authorize and then create and send back the unique transaction code. When you understand how much it has to do the 3-4 seconds it takes is really not that long at all, but it is not as fast as a simple copy swipe of information like the magnetic cards. Plus depending on the amount or location the card holder may still have to enter a PIN or sign for the transaction to be complete.
Now let us move on to the liability part. In recent years card fraud was sometimes the responsibility of the card processing company that accepted the transaction or would ultimately rest with the bank of the card holder depending on the laws of each state and how much information was accepted before allowing the transaction. But after Oct 1, 2015 the liability will shift to the party that is allowing the highest chance of fraud.
Merchants that do not have or use an EMV reader will be 100% labile for any fraudulent transactions. Processing companies that do not require an exact address and CVV match would be next and if both the merchant and the processer did their part only then would it fall to the issuing bank for that card to be responsible to pay for the fraud. Right now some processors allow transactions without CVV numbers by processing them at a higher rate than those with verified CVV's, but this has also recently been changing depending on the company.
Moving forward cards will still have a magnetic swipe strip and yes they can be used, just like hand entry, phone and online transactions will still be allowed, just understand that if this card has been cloned or stolen you as the accepting merchant will the one holding the empty bag and be out the entire amount of that transaction for not using EMV. Or if your processing company allows you to process that card without an address or CVV match you might be able to get all or some of the money owed from them since they let it go through without those fail safes, but the bank the card was drawn on will have 0% responsibility.
So what about a internet transaction. What if like us you take payment upfront or after the fact online? Well as long as you have supplied your processor with the correct card info of the card number and expiration date, the billing address info and CVV and the processor accepts all of these as valid, then liability falls to the processor, not you or the issuing bank for now. EMV does nothing to protect an e-commerce sale so this is where the liability most likely will still fail to the processing company and if they do their job of verifying what they can only then down to the issuing bank.
Banking institutions have been pushing for this change ever since 2012, when EMV became available, to try and reduce the hemorrhaging costs card fraud has been causing them. For example U.S. card fraud losses soared to over $5 billion up 14.5% in just one year from 2013-2014 for all U.S. credit card issuing institutions.
So you do not have to panic about the Oct. 1, 2015 deadline and spending money you may not have for EMV reading equipment. Just understand that you will be taking a risk if that card you except is a counterfeit or has been stolen. But since most of your customers are home or business owners the chances of them trying to use a card with stolen numbers is very, very small.
I hope this information has been helpful and if you ever have a question with your chemicals Soap Warehouse is here to help, please give us a call, 800-762-7911.