Are You Ready for the Merchant Liability Shift?
In less than a month, retailers are supposed to have implemented the new EMV chip technology in an effort to limit credit and debit card fraud.
But many small to mid-sized businesses aren’t even aware that they will be required to upgrade their payment terminals and some banks haven’t issued new cards, opting, instead to issue them as accounts renew.
On Oct. 1, retailers are supposed to finish upgrading to the new Europay, MasterCard and Visa (EMV) point-of-sale systems while banks should have replaced cards that use the old magnetic stripe technology with more secure cards that have microchips.
Currently, when a customer uses a stripe card, the card issuer – a bank or credit card company – is liable for any fraudulent purchase. However, after that Oct. 1 date, if a customer has a chip card and the merchant doesn’t have the proper card reader, the merchant must pick up the tab if fraud is involved. The banks and credit card companies will only cover the bill for chip cards used in EMV chip card readers.
“While this is a significant shift in getting a handle on fraudulent card transactions, it will still take time for many merchants to be fully compliant even if they plan on being compliant,” said Eric Walker, a Sword & Shield principal consultant and PCI Qualified Security Assessor. “The EMV transition for gas pumps is not until October 2017, so many small gas station owners will probably not transition until they are forced to comply with that deadline.”
Walker said that other small businesses simply do not have the capital to reinvest in a POS system that is compatible with EMV technology and therefore probably will not make the changes.
Three major retailers, Walmart, Walgreens and Target, suffered a major point-of-sale data breach less than two years ago and are already compliant. But, a nationwide Wells Fargo/Gallup Small Business index survey shows most SMBs are not.
The biggest reason, the survey said, is that many smaller merchants aren’t even aware of the merchant liability shift and it’s looming due date.
And, while some merchants are aware of the shift, many say they can’t or won’t purchase the new readers because of cost.
The survey revealed that 29 percent of business owners are or intend to make the shift before the deadline and another 34 percent say they will do it, but after Oct. 1. However, 21 percent said they never intend to purchase the new equipment.
Walker said merchants that are not preparing for the transition to EMV need to determine if their business can survive the potential losses associated with fraudulent transactions.
“The biggest risk to merchants not using EMV is from customers worried about their credit card security,” he said. “If a customer feels that a merchant is not protecting their credit card information they are more likely to stop shopping at that merchant.”
Sword & Shield is not a reseller of EMV equipment, but we are experts in mitigating risk and provide incident response services in the event of a compromise.