It was a typical morning at Avery’s coffee shop at the corner of Sahara Avenue and Fort Apache Road. Owners Sherman and Linda Ray were greeting customers and crafting orders, blissfully unaware of the impending tsunami that was building each time they swiped a customer’s credit card.
Then Kelly Gaines came in for her usual cup of coffee. She is the Las Vegas territory manager for Heartland Payment Systems, the company providing credit card processing equipment and service for Avery’s. She was also there to teach the Rays about the credit card liability shift, slated to take effect Oct. 15.
This year in the United States, credit card fraud liability for hacking is estimated to exceed $10 billion. After Oct. 15, liability will fall on the entity using the lesser technology.
For the Rays, that technology is a dated low-tech card reader connected to a telephone line.
Although major retailers such as Target, Office Depot, and Kohl’s, have been preparing for the liability shift for the past two years, most small businesses are unaware of the liability shift and the possibly devastating financial consequences.
To avoid this liability shift, businesses must replace their credit and debit card “swipe and sign” point of sale terminals, and invest in new readers that accept the securer EMV credit and debit cards.
Those new terminals cost $150 to $500 each and could cost even more over time if the equipment is leased. Many businesses have more than one terminal, so the costs to change out the equipment can mount.
But the risk of not upgrading could be devastating.
EMV — which stands for Europay, MasterCard, and Visa — is often referred to as “chip-and-PIN” or “smartcard” technology. It has been a credit card industry standard in Europe since 1994. This technology has driven credit card fraud down to fairly low levels — France claims an 80 percent reduction, for example.
There are three major manufacturers of point-of-sale terminals — VeriFone, Ingenico, and Equinox — and third-party vendors distribute their equipment. These vendors bundle these front-end card readers with other services such as back-end software, clearing house processing, and customer loyalty card programs, which could greatly improve customer repeat business.
With most of these companies, a multiyear contract is required for their service.
Some companies are using the liability shift as a sales tool and are offering “free” card reader equipment. But as the saying goes, the devil is in the details. The offer usually comes with a condition that the business also switch to that company’s credit and debit card processing service.
Look closely at the terms and conditions of the agreement, small-business advocates warn. What happens if you don’t like the service? Are there penalties for canceling? Also ask about customer service.
It is important, when considering card processing services, to consider customer service and whether the company has local representatives that can help you with services that suit your business. You will also want to ask about the availability of online technical support should you experience a software or hardware failure.
Although Oct. 15 is the date of the liability shift, businesses will have until Oct. 15, 2018, to complete the technology transition. The industry consensus is that after 2018 the “swipe and sign” feature on all point of sale machines will be turned off.
It is important to note that, if your company security is breached before you upgrade your point-of-sale terminals, your company will be liable for damages and repayment of customer accounts that are hacked.
EMV cards offer better security because they use embedded microchips instead of magnetic strips to transmit cardholder data. The microchip uses a dynamic cryptogram — think random electronic password — that is unique to every transaction, and thereby preventing any attempts to duplicate a transaction.
The dynamic cryptogram generated by a smart card also protects against “card skimming,” which occurs when the magnetic strip information from a credit or debit card is captured without the cardholder knowing, and then used to make online purchases.
Card skimming information can also be used for “card transplant” fraud, whereby fraudsters use inexpensive devices to copy a cardholder’s magnetic strip data to a blank card to make purchases or, in the case of ATM cards, to withdraw cash from the cardholder’s account.
Chase Bank spokeswoman Erin Smolenski stated, “By the end of 2015, the majority of Chase plastics will be chip-enabled. Currently, many of our credit card portfolios including our business cards offer chip-and-pin. Chase EMV debit cards will be available by the end of the year. Our ATMs are being updated to accept embedded chip cards.”
Nevada State Bank, Bank of America, and Wells Fargo are also converting their ATMs and supplying their customers with EMV-embedded credit and debit cards.
Like most small-business owners, the Rays must pay close attention to the overhead costs they might incur with any new system.
They are exploring their options with Gaines to see which equipment upgrade both protect their business from the coming liability shift, but also work with the investment they’ve made in the system they have.