By John Canfield
Let’s take a step back. EMV stands for Europay Mastercard Visa, and as you might guess from the name, it’s a standard designed by the credit card companies for microchips that interface with the payment networks. EMV cards contain a chip that stores and transmits credit data in a cryptographically protected way. Compared them to traditional cards, EMV cards are much harder to steal data from, and also harder for criminals to copy in order to make fraudulent purchases.
The catch is that in order to take advantage of the advanced security features that EMV provides, the card has to be processed on an EMV compliant terminal by reading the data off the chip rather than the magstrip.
What exactly happens in October?
After October, all credit transactions that are processed using a magstrip when they could have been processed through EMV will impose additional fraud liability on the merchant. The best way to understand it is that they’ll basically become the way online transactions are now: you as the merchant getting hit with chargebacks, and chargeback fees, whenever fraud occurs.
Since the total amount of fraud expected to hit U.S. businesses is expected to top $10 billion this year, that means there’s now even more incentive to update your terminal to a newer model that can take advantage of EMV if the threat of a Home Depot-esque disaster where hackers steal all of your customer’s payment information from you wasn’t motivation enough.
What about online businesses?
While it’s true that online transactions won’t be affected by the liability shift, there are a couple of other things that go along with it that will affect you.
The first is card reissues. As the new standard is adopted, banks and financial institutions will be reissuing an estimated 2 million cards with the new chips to their customers, potentially invalidating any credit data you might have stored. That will lead to more support calls, and a big headache especially for subscriptions businesses that rely on the ability to charge a stored card each month.
The other issue is fraud. It might seem strange, but there will probably be a spike in online fraud as brick-and-mortar businesses adopt EMV, even as total rates of fraud go down. This is something that’s been observed in other markets that have already gone through this. For example the UK, which transitioned to EMV-enabled cards in 2005, there was a 78 percent increase in card-not-present fraud by 2008. Simply put, the increased difficulty of committing credit fraud in store will drive some of that fraud online.
What can I do?
The good news is that if you don’t feel ready to flip over to EMV in October, you aren’t alone. Very few businesses are EMV-ready yet. It might be best to think of the EMV refresh as something that will happen over the course of 2016 rather than something that happens in October.
Nonetheless, now is the time to be thinking about this. If your small business uses POS terminals, you need to be in touch with your terminal supplier to find out what their plans are for updating, and you need to educate your employees to process the new cards correctly. If you’re an online business, particularly one operating on a subscription model, you need to figure out if your payments technology provider has re-authorization technology in place, and implement it if it does to lessen the impact of the coming wave of reissues. And everyone should be on the lookout for fraud.
By starting your planning now, you can ensure that this transition happens as smoothly as possible, with minimal impact to your business.
By John Canfield, head of Trust and Safety at WePay. Follow him at @WePay.