Category: Best Practices for Merchants
April 21st, 2015 by Elma Jane
An advanced strain of malware called “Punkey,” is capable of attacking Windows point of sale terminals, stealing cardholder data and upgrading itself while hiding in plain sight.
Researchers from Security vendor Trustwave discovered the new strain. The investigation found compromised payment card information and more than 75 infected, and active, Internet Protocol addresses for Windows POS terminals.
Punkey poses a unique threat to payment networks, particularly because it also can download updates for itself.
If the malware author has a new feature it wants to add or updates to get rid of bugs, it actually pushes the malware down from the command and control server, revealed by Trustwave’s SpiderLabs research center. Punkey operates like a typical Botnet.
The malware hides inside of the Explorer process, which exists on every Windows device and manages the opening of individual program windows. Punkey scans other processes on the terminal to find cardholder data, which it sends to the control server.
The malware performs key logging, capturing 200 keystrokes at a time. It sends the information back to its server to store passwords and other private information.
A year ago, security vendors warned retailers against using Windows XP at the point of sale, since Microsoft stopped supporting Windows XP security patches. However, even Punkey is not attacking Windows due to any vulnerability in the systems, so even merchants with newer versions of Windows are at risk.
Punkey just runs like any Windows binary would. Even if the system is upgraded or a new system is put in place, criminals are still getting malware on the POS in other ways.
Many retailers use remote desktop support software, which fraudsters take advantage of, they steal a password and install malware like a technician would install any software.
While Punkey represents a more sophisticated POS malware than Trustwave has seen previously, merchants can still protect themselves through attention to basic security best practices.
Merchants should update antivirus and firewall protections, monitor the remote access software, establish two-factor authentication and check network activity daily for anything out of the ordinary. Unfortunately, many organizations have neither the expertise nor the manpower to perform these tasks.
Posted in Best Practices for Merchants, Credit card Processing, Credit Card Reader Terminal, Credit Card Security, Mobile Point of Sale, Payment Card Industry PCI Security, Point of Sale Tagged with: card, cardholder, cardholder data, data, Malware, Merchant's, payment, payment networks, point of sale, POS terminals, retailers, terminals
April 20th, 2015 by Elma Jane
With each year comes a new set of security risks businesses need to be aware of. The threats that have seen the most growth over the last year include point-of sale (POS) malware, malware traffic within secure and encrypted HTTPS websites and attacks on computer systems designed to control remote equipment.
Everyone knows the threats are real and the consequences are dire, so we can no longer blame lack of awareness for the attacks that succeed. Hacks and attacks continue to occur, not because companies aren’t taking security measures, but because they aren’t taking the right ones.
The large number of highly publicized POS breaches last year has heighted the need to make sure that businesses that use these devices are properly protecting them.
Malware targeting point-of-sale systems is evolving drastically, and new trends like memory scraping and the use of encryption to avoid detection from firewalls are on the rise. To guard against the rising tide of breaches, retailers should implement more stringent training and firewall policies, as well as reexamine their data policies with partners and suppliers.
For many years, businesses thought using a secure HTTPS Web connection protected them from a security breach. That no longer appears to be the case. While the increased number of businesses moving to a more secure Web protocol is a positive trend, hackers have identified ways to exploit HTTPS as a means to hide malicious code. Since the malware transmitted over HTTPS is encrypted, traditional firewalls fail to detect it.
Just as encryption can protect sensitive financial or personal information on the Web, it unfortunately can also be used by hackers to protect malware. One way organizations mitigate this risk is through SSL-based Web-browser restrictions, with exceptions for commonly used business applications to avoid slowing company productivity.
Several identified trends and predictions for the coming year, including the following:
Android will remain a main target for hackers. More sophisticated techniques will be developed to hinder Android malware researchers and users by making the malware hard to identify and research.
As wearable technology becomes more prevalent, expect to see malware start to target these devices.
Digital currencies, including Bitcoin, will continue to be targeted.
More organizations will enforce security policies that include two-factor authentication, which will likely increase the number of attacks on these technologies.
Posted in Best Practices for Merchants, Credit Card Security, Mobile Point of Sale, Payment Card Industry PCI Security, Point of Sale Tagged with: (POS) malware, Android, bitcoin, Digital currencies, point of sale, POS breaches, security breach, SSL-based Web-browser
April 13th, 2015 by Elma Jane
With only six months to go before the EMV chip-card liability shift takes effect, many U.S. merchants are not yet aware of the EMV migration.
When the Oct. 1 liability shift takes hold, merchants not accepting the new chip-card technology will become liable for any losses resulting from payment card fraud at the point of sale. Some merchants have stated that they would rather trust their existing security measures than pay for the upgrade to EMV, but others still need to educate themselves on the benefits and drawbacks of EMV – and it’s not even clear how many are out of the loop.
The challenge is that no one really knows about the level of EMV readiness because there is no single, common way to reach all of the merchants of all different levels and sizes at the same time.
Instead, various organizations are picking bits and pieces of the market they can reach and do everything they can to inform and help merchants to determine if they are moving toward chip-based technology or not.
EMV cards improve security at the point of sale by including technology that makes them resistant to counterfeiting. They can also be used with a PIN to address stolen card fraud. Though the card networks set an October deadline for conversion to EMV technology, it is not a mandate; companies will still be able to handle credit card transactions even if they do not have EMV technology in place.
And even the merchants that have the right technology installed may not be using it properly. During the EMV preparedness process, it has become apparent that installed EMV terminals had not been turned on or otherwise were not fully capable of accepting EMV transactions.
The confusion extends to the banks as well. Not all issuers will be ready for EMV, and some have outright stated that they do not think it will be possible to meet this year’s deadline.
In a move designed to get more small-business merchants on board with EMV, Visa Inc. introduced a 20-city small business chip education tour last month.
The real measurement of the implementation will be in transaction volumes, or actual chip-on-chip transactions.
Even though the liability shift is just six months away, still really early to make a determination on all of this.
Posted in Best Practices for Merchants, Credit Card Security, EMV EuroPay MasterCard Visa, Point of Sale, Visa MasterCard American Express Tagged with: card, chip card, EMV, emv cards, EMV terminals, EMV transactions, fraud, Merchant's, payment, point of sale, visa
April 6th, 2015 by Elma Jane
Merchant Cash Advance – A lump-sum payment to a business in exchange for an agreed-upon percentage of future credit card and/or debit card sales. The term is now commonly used to describe a variety of small business financing options characterized by short payment terms (generally under 24 months) and small regular payments (typically paid each business day) as opposed to the larger monthly payments and longer payment terms associated with traditional bank loans.
Merchant Cash Advance companies, provide funds to businesses in exchange for a percentage of the businesses daily credit card income, directly from the processor that clears and settles the credit card payment. A company’s remittances are drawn from customers’ debit-and credit-card purchases on a daily basis until the obligation has been met. Most providers form partnerships with payment processors and then take a fixed variable percentage of a merchant’s future credit card sales.
The Term Merchant Cash Advance – may be used to describe purchases of future credit card sales receivables, revenue and receivables factoring or short-term business loans.
This structure has some advantage over the structure of a conventional loan. Most importantly, payments to the merchant cash advance company fluctuate directly with the merchant’s sales volumes, giving the merchant greater flexibility with which to manage their cash flow, particularly during a slow season. Advances are processed quicker than a typical type loan, giving borrowers quicker access to capital. Also, because MCA providers like typically give more weight to the underlying performance of a business who may not qualify for a conventional loan.
Merchant Cash Advances are often used by businesses that do not qualify for regular bank loans, and are generally more expensive than bank loans. Competition and innovation led to downward pressure on rates and terms are now more closely correlated with an applicant’s FICO score.
There are generally three different repayment methods:
Split withholding – when the credit card processing company automatically splits the credit card sales between the business and the finance company per the agreed portion. The most common preferred method of collecting funds for both the clients and finance companies since it is seamless.
Lock box or trust bank account withholding – all of the business’s credit card sales are deposited into bank account controlled by the finance company and then the agreed upon portion is forwarded onto the business via ACH, EFT or wire. The least preferred method since it results in a one-day delay in the business receiving the proceeds of their credit card sales.
ACH withholding – when structured as a sale, the finance company receives the credit card processing information and deducts its portion directly from the business’s checking account via ACH. When structured as a loan, the finance company debits a fixed amount daily regardless of business sales.
Posted in Best Practices for Merchants, Financial Services, Merchant Account Services News Articles, Merchant Cash Advance, Merchant Services Account Tagged with: ach, bank loans, business loans, checking account, conventional loan, credit card processing, credit card sales, credit-card, debit card, finance company, loan, MCA providers, merchant, merchant cash advance, payments
March 17th, 2015 by Elma Jane
Merchant Cash Advance – A lump-sum payment to a business in exchange for an agreed-upon percentage of future credit card and/or debit card sales. The term is now commonly used to describe a variety of small business financing options characterized by short payment terms (generally under 24 months) and small regular payments (typically paid each business day) as opposed to the larger monthly payments and longer payment terms associated with traditional bank loans. The term Merchant Cash Advance may be used to describe purchases of future credit card sales receivables, revenue and receivables factoring or short-term business loans.
Merchant Cash Advance companies, provide funds to businesses in exchange for a percentage of the businesses daily credit card income, directly from the processor that clears and settles the credit card payment. A company’s remittances are drawn from customers’ debit-and credit-card purchases on a daily basis until the obligation has been met. Most providers form partnerships with payment processors and then take a fixed variable percentage of a merchant’s future credit card sales.
These Merchant Cash Advances are not loans – rather, they are a sale of a portion of future credit and/or debit card sales.
This structure has some advantage over the structure of a conventional loan. Most importantly, payments to the merchant cash advance company fluctuate directly with the merchant’s sales volumes, giving the merchant greater flexibility with which to manage their cash flow, particularly during a slow season. Advances are processed quicker than a typical type loan, giving borrowers quicker access to capital. Also, because MCA providers like typically give more weight to the underlying performance of a business who may not qualify for a conventional loan.
Merchant Cash Advances are often used by businesses that do not qualify for regular bank loans, and are generally more expensive than bank loans. Competition and innovation led to downward pressure on rates and terms are now more closely correlated with an applicant’s FICO score.
There are generally three different repayment methods:
Split withholding – when the credit card processing company automatically splits the credit card sales between the business and the finance company per the agreed portion. The most common preferred method of collecting funds for both the clients and finance companies since it is seamless.
Lock box or trust bank account withholding – all of the business’s credit card sales are deposited into bank account controlled by the finance company and then the agreed upon portion is forwarded onto the business via ACH, EFT or wire. The least preferred method since it results in a one-day delay in the business receiving the proceeds of their credit card sales.
ACH withholding – when structured as a sale, the finance company receives the credit card processing information and deducts its portion directly from the business’s checking account via ACH. When structured as a loan, the finance company debits a fixed amount daily regardless of business sales.
Posted in Best Practices for Merchants, Merchant Account Services News Articles, Merchant Cash Advance Tagged with: ach, bank loans, business loans, checking account, conventional loan, credit card processing, credit card sales, credit-card, debit card, finance company, loan, MCA providers, merchant, merchant cash advance, payments
March 10th, 2015 by Elma Jane
If you can’t accept credit cards for your business, you are losing out on potential revenue. Most people don’t carry more than $20 in cash with them at a time, and people who use credit cards tend to spend more than their cash-carrying counterparts.
These days you can turn your smartphone or tablet into a credit card reader, but which service should you choose? What do you need to consider when deciding?
NTC is here to help you understand all the intricacies of taking credit card payments with your smartphone or credit card.
Credit card reader or Wedge are useful in a variety of industries and for businesses of all sizes. Arts and crafts business accepting credit card payments at conventions and other events. A pub that gives its servers credit card readers rather than having to pay for everything at the bar. POS systems with a mobile integration can swipe your card on the spot rather than taking credit cards over the phone when ordering delivery.
If you work in one of these fields it might be time to think about getting a wedge:
Arts and crafts vendors: Do you sell your wares at conventions, art shows, and other big events? You could be a book reseller, an artist, a jewelry maker, a clothing retailer, or even a makeup seller.
Food Service: Food trucks were among the earliest adopters of mobile card readers, but there is no shortage of restaurants that are using them now. There are companies both offer POS systems in addition to their mobile card readers, which is perfect for delivery services.
Service providers: If you don’t have a brick-and-mortar office or base of operation where customers visit you, or if you conduct your business in your customers’ homes (carpet cleaners, plumbers, lawn care, mobile dog groomers, exterminators, etc.), a credit card reader/wedge gives you flexibility as well as credibility, as well as added security.
Understanding the Costs of Accepting Credit Card Payments
In the traditional business model, to accept credit card payments you would have to set up a merchant account. A merchant account typically entails a detailed look at your credit history and business.
Credit card companies assess a small fee to merchants for processing payments. With merchant accounts and card readers, the cost is built in and deducted automatically, so you don’t have to worry about paying it yourself. With a merchant account, you typically get lower rates because of the decreased risk.
It’s not just the standard fees that you need to worry about when you want to accept credit card payments. There are costs hidden everywhere, so let’s address some of these issues:
Internet Availability Typically, smartphone and tablet card readers need some sort of Internet connectivity, via a cellular signal or Wi-Fi. Most smartphones these days are capable of becoming Wi-Fi hotspots, so you can create your own Wi-Fi. However, this option relies on your phone’s data plan. The more transactions you make, the more data you use.
Compatibility You also need to make sure that your devices are compatible with the card reader. Check the list of compatible devices before you commit to one service over another.
Also note that you’re going to usually have to enable location services on your phone.
Card Compatibility, Manual Entry Fees, Location There are card readers that seems to work best with a specific device. You’re typically going to pay more for manually entering credit card numbers because of the greater risk – the card doesn’t have to physically be present to complete the transaction.
Likewise, you’re usually going to pay more for accepting international cards, and you’re not always going to be able to accept payments outside the U.S.
Taxes and Tips Several mobile credit card readers will let you add sales tax to the base purchase without requiring you to calculate it, which is handy if you’re not fond of math or just want the transaction to go more quickly.
As an alternative, you can build the sales tax into the listed prices, which some of your customers might appreciate.
Finally, depending on your industry, you may want to check that the credit card reader you use allows your customers to add a tip.
Time to Get Your Money The final cost to consider for credit card readers is more of a convenience fee than anything — it’s the time before you can access your money.
If you’re in a high-risk industry or have a high volume of business, you are probably better off obtaining a merchant account and using one of their mobile solutions.
You’re also going to want to worry about refunds and chargebacks. If, for whatever reason, a consumer complains to his or her credit card company and there’s a chargeback.
Features to look For in Your Credit Card Reader Features-wise, you can at least expect the basics to remain consistent across smartphone credit card readers: you can swipe cards, manually key them in, and issue receipts. It’s the little things that will ultimately set one service provider apart from the rest. Some of the things you may want to look out for include:
Record-Keeping for Cash and Checks Sure, you can manage your cash intake the old fashioned way and let your bank deal with checks. But some credit card readers, (which doesn’t actually require you to swipe cards, but more on that later) will let you create digital receipts for cash and check transactions as well.
POS Integration Depending on your needs, you might want to look for a service that has easy POS integration.
E-Commerce Integration Likewise, look for easy integration with an online store, if you have one. Easy integration is ideal for centralizing your accounts.
Accounting Integration & More Do you use an accounting service? If so, you might prefer the ability to transfer your data directly from your card swiping service to your accounting software.
Invoicing If you do custom orders, offer services, or provide goods to a business, you’re all too familiar with invoices. With some services, you can generate invoices through them and send them to clients via email. The biggest advantage to this is simply that you get your money quicker because there’s no need to cut a check and send it through snail mail.
Voids and Refunds It’s unfortunate, but you do need to make accommodations to process refunds and void transactions. Sometimes your finger slips on a key and you don’t notice until afterward, and sometimes the customer just changes their mind. Make sure that you understand how to use these features in whichever service you choose.
Card Reader Design Needless to say there is more than a bit of awkwardness trying to balance a phone with a 5.1-inch screen in your hand while also stabilizing the card reader while swiping the card. Especially when you’re working with limited table space. It’s worth looking at the card reader and the device it’s attached to and making sure that the design works for you.
Permissions for Multiple Users Do you have several employees? The ability to give permissions to multiple users comes in handy here. With it, you can enable employees (or your friends) to accept payments without giving them full access to your account. This is great if you happen to have multiple booths at events, or if you send multiple employees out on location and each one needs to be able to accept payments.
Accepting credit card payments doesn’t have to be a terrifying prospect, even if you’re running just a small-time business. You can get a mobile credit card reader for free in many cases, and while you won’t pay the lower fees associated with traditional merchant accounts, the costs are still readily manageable. What you need to consider are the hidden costs — not necessarily in the service providers, but the ones that come from using a data connection, or requiring Wi-Fi. How soon you get your money should also be a top priority.
Posted in Best Practices for Merchants, Credit Card Reader Terminal, Mobile Payments, Mobile Point of Sale, Smartphone, smartSD Cards Tagged with: (POS) systems, card reader, chargebacks, credit card reader, credit cards, e-commerce, high risk, merchant account, Merchant's, mobile card readers, mobile integration, POS, processing payments, Service providers, wedge
February 27th, 2015 by Elma Jane
Here are the Frequently Asked Questions:
You’re probably finding yourself staring at your old credit card machine and worrying about the cost of buying a new machine. The transition doesn’t have to be an expensive one, but it pays to be educated as you consider this important upgrade.
Things you need to know in the form of a brief FAQ.
Where To Buy an EMV Credit Card Terminal?
All the same places you can buy or rent a non-EMV terminal, for the most part. The vast majority of the time supported EMV machines can be reprogrammed just like their non-EMV predecessors. While credit card terminal tampering has occurred in the past, it is not common and is even less easily achieved with new EMV terminals.Terminals have built-in anti-tampering features to prevent this. Your provider is free to either charge a reprograming fee, or simply refuse to reprogram outside machines. While they can reprogram, there’s no law saying that they have to.
Is It A Must to Have an EMV-Compliant Machine?
NO BUT THERE IS RISK. NFC (Near Field Communication) is the technology used by digital wallets for contactless payments. NFC EMV terminals can be considerably more expensive than standard EMV terminals. You can buy a separate NFC reader without replacing your existing EMV terminal.
Does an EMV Chip Card Reader Cost Much?
NOT VERY MUCH! These terminals are really not more expensive that the old terminals. You can find them as cheap, especially if it’s refurbished. There’s no reason to sign on to an expensive non-cancellable lease. If you’d rather rent than own, at least look for inexpensive rental options. If you want a wireless terminal or an NFC-capable terminal, the prices will be a little bit higher. But for baseline EMV-compatible chip card readers, it’s a pretty minor investment even for a very small business.
Does EMV Terminal Upgrade Really Needed?
Technically? No, but it would be like buying a new computer and not getting a virus protection program. Worse because you have financial data on. Your CUSTOMER! Practically? You should!
If you stick with your old non-chip credit card terminal, you will still be able to run transactions. All chip cards are also equipped with the same magnetic stripe used previously, so you can still swipe them. The difference is that if one of those chip cards that you swipe is used fraudulently, you will now be liable. The rationale behind this is that if you had upgraded your terminal, the fraud could have been prevented. Therefore you are held accountable. You might be tempted to think that your small businesses is unlikely to be a victim of such fraud because it hasn’t happened in the past. But consider that all of the big retailers will be upgrading to the EMV terminals, which is likely to drive fraudsters to more vulnerable outlets (ie, small businesses). So I don’t want to be a fear-mongerer but for the fairly small business expense of a terminal upgrade you get a lot of fraud protection. If it prevents just one instance of fraud in the years to come, it has likely paid for itself many times over.
For most merchants, it’s not that expensive or difficult to switch over to EMV equipment and the insurance that the switch will provide you with is well worth the effort. So start thinking about it, and don’t wait until the last minute. The last month before the liability shift occurs in the US, equipment providers will be backed up with orders, making the transition less smooth. So there’s no time like the present to start looking into chip card machines. It might even be a good time to think about switching providers.
Posted in Best Practices for Merchants, Credit Card Reader Terminal, Credit Card Security, EMV EuroPay MasterCard Visa Tagged with: chip card readers, chip cards, contactless payments, credit card machine, credit card terminal, credit-card, Digital wallets, EMV, EMV compliant, EMV machines, EMV terminal, magnetic stripe, Merchant's, Near Field Communication, nfc, NFC reader, NFC-capable terminal, wireless terminal
January 26th, 2015 by Elma Jane
Accept Electronic Payments in Their Currency,
Convert it to Yours
DCC or Dynamic Currency Conversion is a system where the Visa or MasterCard holder in a foreign country can shop on an American based web site that displays prices in their own local currency. The web site can offer multiple choices as to which country the shopper is based in and the shopper can be immediately familiar with the pricing of goods and services.
Exchange rates are in constant flux. Dynamic Currency Conversion utilizes a Bank Reference Table (BRT) otherwise known as a Card Recognition Table (CRT). This table is updated on a daily basis so that transactions have the most up to date conversion rate for transactions. Your web site holds pricing information in $USD, and based on the selection of the shopper, prices are converted to their native currency. Even if the shopper does not choose the correct currency, at the time the card information is presented, the system automatically recognizes that the card is foreign and applies the appropriate currency and exchange rate.
At the close of the transaction an invoice or receipt can present the total to the customer in their currency, along with the merchants local currency along with the exchange rate that was applied. In today’s global business environment, this level of convenience to the customer insures they are comfortable with the transaction from shopping cart to the door. Your business reaches foreign nations expanding your market while presenting new opportunities, increasing your businesses bottom line.
On the merchant end, all transactions are settled in $USD. Reporting mechanisms can display the consumers pricing and the exchange rate they paid for analysis and cost reduction.
Currency Conversion
- Accept currencies from other nations.
- Convert funds to US Dollars.
- Set prices in local currency to avoid confusion or calculation.
- Works with e-commerce as well as Mail Order / Phone Order.
- Ease the sales process for your customers.
- Increase customer familiarity.
- Immediately convert currency to avoid value gaps.
Posted in Best Practices for Merchants, Electronic Payments Tagged with: Bank Reference Table, Card Recognition Table, consumer, conversion rate, currency, customer, Dynamic Currency Conversion, e-commerce, electronic payments, exchange rate, invoice, MasterCard, Merchant's, receipt, shopping cart, transactions, visa
January 23rd, 2015 by Elma Jane
Technology and software are among the most important investments a company can make, especially when it comes to security. Growing demand for IT services and security solutions prove that business owners know the threats that are out there and want to do something to guard themselves against cybercriminals.
With a well-rounded security solution a business might purchased, and with all the recommended features a business might need, was the investment really worth it? Security solutions provider Trustwave, found that organizations of all sizes are wasting their security dollars and none more so than small businesses.
Small businesses spent an average of $157 per user on security software, compared with $73 per user in larger companies. Nearly 30 percent of that investment ended up underutilized or never used due to non- or misuse of security controls and features. And yet, companies still increased their spending by 44 percent.
Why did businesses end up letting their security software go partially to waste, despite significant increases in IT spending?
Many organizations cited a lack of resources: Either IT staff was too busy to implement their security solutions properly, or didn’t have the manpower to do so.
With the alarming number of high-profile corporate breaches, businesses of all sizes are aware that they need to invest in top-of-the-line solutions. IT professionals expect a 43 percent increase in their use of cloud-based or managed security services. But the financial constraints many small companies face can prove to be an obstacle to proper security.
A few IT-related tips to help save money, which can then be reallocated toward the technological and staffing resources needed to protect a business.
Monitor software usage and eliminate solutions that aren’t being used. Seek out products that are designed for small business. Some companies offer free or discounted versions of their product to very small companies. Track any IT/software purchases to ensure you’re within your budget.
Posted in Best Practices for Merchants Tagged with: breaches, Security, security software, services, software, solutions provider, technology
January 21st, 2015 by Elma Jane
With a crucial deadline, the payments industry is starting to look at just what kind of fraud liability and how much fraud merchant acquirers will have to assume if their merchants aren’t ready to accept Europay-MasterCard-Visa (EMV) chip cards by October.
While issuers currently absorb losses under card-network rules, that burden will shift to acquirers this fall in cases where the fraud occurs at merchants unprepared for EMV.
As a result, acquirers will have to reckon with a whole new category of risk exposure.
In card-not-present transactions, acquirers have faced this, but in the overwhelming majority of cases they’ll be confronting it for the first time.
Surprisingly, for all the talk in the industry about the imminent arrival of EMV, it appears few acquiring executives have fully accounted for what the shift really means for them.
Some 24% of U.S. point-of-sale terminals are “EMV-capable,” while 9% of debit/prepaid cards issued, and 2% of credit cards have EMV chips so far. But while terminals may be technically capable, it isn’t known just how many of these merchants have the software and trained personnel to accept EMV.
Foreign issuers, especially, may be licking their chops at the prospect of offloading their consumer-fraud risk onto U.S. acquirers. For years and years, these non-U.S. issuers have invested in EMV, but the U.S. is still using the mag stripe. So non-U.S. issuers appear to be very aware of the liability shift.
To be sure, acquirers’ increased risk exposure may be relatively short-lived. Under the network rules, liability rests with the issuer in cases where both the merchant and the issuer are EMV-compliant. That could be nearly universally the case within a few years. By 2018, nearly all cards and terminals will be compliant.
But that still leaves open the question of how many of these terminals will really be running chip card transactions.
The issue isn’t so much about terminals as about software. Many mid-size merchants are using so-called integrated solutions that run payments as part of a larger business-management system. That means acquirers must work with a number of other parties to reconfigure software, and that presents a challenge when it comes to getting masses of merchants EMV-compliant.
The bigger problem is the integrated point-of-sale market.
While the liability shift may impact acquirers, not all them are convinced their exposure will rise all that much. Some argue the risk of loss from lost/stolen/counterfeit cards at the point of sale is low and not likely to rise, especially for small-ticket merchants.
Fraudsters, are much more inclined to practice their trade online, where the risk of being caught is lower, compared to face-to-face transactions.
Posted in Best Practices for Merchants, Credit card Processing, Credit Card Reader Terminal, Credit Card Security, EMV EuroPay MasterCard Visa, Visa MasterCard American Express Tagged with: card network, card-not-present, chip cards, credit cards, debit/prepaid cards, EMV, EuroPay, fraud, integrated solutions, mag stripe, MasterCard, merchant acquirers, Merchant's, payments, payments industry, point of sale, terminals, transactions, visa
