You may have heard that credit card processing in the United States will be changing as of October 15, 2015 as chip and pin credit card technology enters the mainstream. However, for many, the details are fuzzy. The following are questions posed by our clients about this new weapon in the fight against credit card fraud.
- What is Chip & Pin technology and why is it being introduced in the United States?
Credit card fraud has reached epic proportions in the United States. It’s almost impossible to read the paper without learning of a new breach. To make matters worse, while the US accounts for one quarter of global credit card use, half of the credit card fraud occurs in this country. Many attribute this to the fact that unlike Europe, Canada, Latin America and the Carribean, we have not yet moved from magnetic swipe cards to the more secure Chip & Pin technology.
Chip and Pin Credit Cards , or EMV (named after Eurpopay, MasterCard and Visa, the originators of the standard), was first introduced in Europe in 1999. These credit cards contain a computer chip embedded in the card which is read at the point of sale.
- Why are EMV cards more secure than magnetic swipe cards?
Magnetic swipe cards contain unchanging data. Whoever has access to that data can replicate the original card and make unauthorized purchases at point of sale. In contrast, the chip embedded in an EMV card creates a new, unique code for each transaction. This means that stolen information from one transaction cannot be used a second time when a counterfeit card is presented at the point of sale.
- How will EMV cards impact transactions?
Unlike magnetic cards which require users to swipe a magnetic strip in the right direction, EMV cards are inserted into a slot and remain there until a transaction has been completed. Vendors will be responsible for purchasing new equipment in order to process point of sale transactions with these cards.
- Will a chip-card work at a retailer that doesn’t support EMV?
Yes. At least initially, EMV cards will be equipped with both chip and magnetic strip technology so commerce is not disrupted.
- How does the switch from mag-swipe to EMV cards impact online sales?
While EMV cards reduce the use of physical counterfeit cards at the point of sale, stolen credit card information can still be used for phone and internet sales. In Europe, the implementation of Chip & Pin technology led to increased online fraud as criminals, blocked from using their stolen data in stores, moved to the internet. We can expect the same migration to occur in the United States which means that online vendors will have to be more vigilant in their security practices.
- Is it true that vendors, as opposed to the payment processor or issuing bank, will be liable for credit card fraud as of October 1, 2015?
Not always. Vendors will be liable for card-present fraudulent transactions involving an EMV card if the vendor has not changed its system to accept chip technology. However, liability will not shift in connection with card-absent transactions, or cards that do not have EMV technology.
- If my business accepts Chip & Pin, does that mean I don’t have to worry about PCI?
No. Although EMV will help to reduce credit card fraud, it is not encryption. Businesses that handle, processes, store or transmits credit card information will still be required to comply with PCI.
So, what do we tell our clients who process credit cards about October 15, 2015? If your business involves card-present transactions, get your new equipment sooner rather than later. There could be hardware shortages as fall approaches. If your transactions are primarily card-absent, because the implementation of EMV will shift credit card fraud toward ecommerce, examine your payment acceptance methods and be alert to suspicious transactions.