Sea change in credit card liability for small business

New requirements for merchants will cause a significant shift in business liability for certain types of credit card fraud. But many business owners are not ready and even more have not heard about this change in payment processing.

How are payment processing requirements changing liability?

Two types of payment fraud will be targeted by this change: lost-and-stolen credit cards as well as counterfeit credit cards. Online sales and manual entry of credit card account information will not be affected.

Vendors that fail to adopt the EMV chip-and-sign technology may be liable for these two types of credit card fraud. Vendors who do adopt the new technology should continue to enjoy the same level of fraud protection as they have previously. The new requirements specifically designate the party without EMV capabilities to be liable for any fraud as it pertains to lost-and-stolen credit cards or counterfeit credit cards.

Most credit card companies have already issued EMV-enabled cards, and many merchant processors have enabled their EMV transaction processing systems. This leaves the liability change largely in the hands of business owners.

What is EMV chip-and-sign and how does it work?

An EMV chip (illustration).The new EMV technology embeds a microprocessor chip in the credit card — this provides a more secure authentication mechanism that does two things:

  1. verify the card’s physical presence; and,
  2. transmit unique data for each credit card transaction.

EMV chip-and-sign mitigates the amount of account information compromised from insecure credit card terminals. It also prevents a malicious employee from easily stealing customers’ cards for creating counterfeit copies.

The EMV chip is visible on most newer cards as a small brass-colored square (see the above right graphic). The primary goal of EMV chip technology is to reduce fraud and improve credit card security. EMV is an industry acronym stands for Europay, MasterCard and Visa.

When is the deadline to convert to this technology?

October 1, 2015 will be when the credit card payment processing liability shift will occur in the United States for most businesses. Merchants processing credit cards at their location must have EMV chip-and-sign readers setup at all point of sale devices to ensure compliance.

How can I prepare my business for these new requirements?

Contact your credit card payment processing service and ask:

  • how the new requirements effect your account;
  • when the changes will take effect for your account (if not October 1st); and
  • what steps your business needs to take to prepare.

Payment processing hardware may need to be upgraded, in some cases payment processing software may also need to be upgraded.

About the author

Alexander G. Chamandy is a seasoned IT professional with 20 years of industry experience and a lifelong Arlington resident. He has deep expertise helping small businesses with a number of IT issues, including cybersecurity, data recovery, networking, deploying and maintaining servers as well as open source software.

If your small business needs IT support or consulting, contact Envescent, LLC for expert help. Our company helped over 15,000 clients in the Washington, DC area and beyond since 1999.

Posted in cybersecurity, payment processing, small business.