So, what’s the deal with chip cards?

chip card.jpeg

An overdue upgrade

In October of 2015, the US finally decided to join Europe and the rest of the world by upgrading from existing credit card swipe technology (the same “technology” as cassette tapes). Chip Cards are also known as EMV which stands for Europay, Mastercard and Visa. EMV is the global standard for credit cards equipped with security chips and the technology used to authenticate chip-card transactions. The rollout in the US has been anything but smooth, with some large retailers still swiping your chip cards more than 2 years later.

Shifting liabilities

The biggest change in October 2015 was the “Liability Shift”. Since that shift, merchants have been liable for all fraudulent transactions that don’t utilize EMV technology. Even with a signed receipt or video evidence, the merchant is still responsible! If a customer disputes a charge and files a “chargeback” with their credit card company, the merchant will automatically lose the dispute if they are not utilizing EMV readers. The merchant will not be paid for their product or service and will additionally be liable for any processing fees including additional chargeback fees.

Not accepting chip cards is a magnet for fraud

Now that we are two years past the liability shift, savvy criminals and grifters know that they can take advantage of this system. Restaurants and retail shops are particularly vulnerable to these crimes. Con artists are aware they can purchase (often very expensive) items, meals and services, then dispute the charges with nearly no consequences. The only recourse available to merchants is through the legal system, which can end up costing more than the fraudulent transaction.

Many solutions are still not EMV ready

Have you noticed a large grocery chain or big box store not yet accepting EMV? It could be because they have a combination of point-of-sale (POS) systems, processors and other technology (#paymentstacks) that still haven’t completed the EMV upgrade. Moreover, many simple solutions like mobile card swipers don’t offer a chip reader and are waiting to be EMV ready. Even if they do have the technology, the extra time it takes for a chip card transaction adds a significant cost by slowing down the checkout process.


$5,000 Per Card Breached: Data Security is Every Merchant's Responsibility

PC security CC.jpg

There are threats every day

Equifax. Target. These companies have become shorthand for data breaches. If you or anyone you know has been hacked or simply had their credit card stolen, you know what a pain it can be. Unfortunately for merchants, the pain and the penalty are much worse. Every day there are threats from hackers, criminals and nation-states attempting to figure out a way to steal customer payment data. The challenge for merchants is to stay one step ahead.

Many merchants are PCI non-compliant (even if they think they are)

PCI compliance is all too often an afterthought for businesses accepting credit card payments. Every business with a merchant account must both attest to and comply with Payment Card Industry (PCI) standards. Unfortunately, too many processors see PCI compliance as another way to charge an extra fee and the result is merchants aren’t educated or taking PCI compliance seriously. This can have major consequences like...

Fines are no joke

The last thing any business wants is to have their name in the headlines with the word “breach”. The PR hit alone can be insurmountable. On top of that, fines for violating PCI compliance start at $5,000 per record breached. That means if you have a single card stolen, and it is used for 5 fraudulent transactions, you could be facing $25,000 in fines (5X$5,000 Per Record Breached)! Most breaches involve hundreds, if not thousands, of cards and the fines can be astronomical.

EMV is not the gold standard, P2PE is

Chip cards have been around for years in Europe and the rest of the world, but do they make you any safer? The truth is, they are an upgrade from the old swipe technology (which is the same tech as cassette tapes and 8-tracks). Ultimately, the only way to really protect sensitive payment data for in person and over the phone/mail order transactions is with Point to Point Encryption (P2PE). Point to Point encryption means that sensitive data is secured from the second it is dipped, swiped or keyed, using encrypted hardware and software.

Follow the golden rule

You wouldn’t want your own credit card information written down and stored, or saved on a someone’s computer, would you? Then you shouldn’t do that with your customer’s information either!. Treat your customers payment card data the way you would want your own data treated.  There are several cost effective solutions that can provide peace of mind to know that you are not just PCI compliant, but as secure as possible with their sensitive data. Running a business is enough stress, the last thing anybody needs is a breach.