How Does The 2015 EMV Liability Shift Affect The Service Industry?
Chances are, if you run a small business, you’ve heard something about the EMV liability shift that takes effect in October 2015. The shift will affect the retail industry in obvious ways, but businesses that offer services rather than tangible goods will be equally affected.
Exactly how much you’ll be affected depends on how you process credit card payments.
Card Present Transactions
If your service business bills in-person with PoS hardware, then you’ll be facing the same EMV environment as retailers. Starting in October, liability for fraudulent charges made with the credit card present will fall on the party who hasn’t made an investment in EMV security features.
For the card issuer, investing in EMV security features means equipping credit cards with security chips that are harder to counterfeit than magnetic strips. For the merchant, it means using EMV PoS hardware that can take advantage of the card’s security chip. If both (or neither) parties have made the investment, then liability will be resolved in a similar manner to how it was before the shift. However, if only one party has adopted EMV technology, the party that didn’t make the investment will be held liable.
If you do process a lot of in-person transactions, but don’t have a traditional retail PoS hardware setup, there are a healthy number of peripheral options available that will allow you to take advantage of the new standard.
Card Not Present
If you process credit cards as card-not-present (CNP) transactions–online, over the phone, or through an online payment gateway integrated with, say, booking software–then there’s both good and bad news ahead. On the bright side, the new EMV standards won’t directly change the way you do business. You’ll still be processing EMV cards based on the customer’s credit card number.
The bad news is that you’ll probably soon be feeling a butterfly effect rippling out from the new standards. Contrary to conventional wisdom, CNP shenanigans currently make up a fairly small minority of credit card fraud: less than one-in-five fraudulent transactions. If Europe’s experience is any indication, that’s about to change. Fraudsters, who will now have to contend with counterfeit-resistant EMV-technology, will likely turn their attention to the next easiest target: CNP transactions. Not only will that increase the chances that your business will experience CNP fraud, but payment gateways and banks, concerned about the vulnerabilities, will begin to adopt new standards and terms/conditions in the hopes of minimizing their exposure.
Up until recently, banks in America have largely considered CNP fraud a minor nuisance as they were able to chargeback fraudulent purchases to the merchant. Merchants have since responded by adopting voluntary security features like 3DSecure, now owned by EMVCo., to help avoid chargebacks. While many of these systems have some serious flaws at the moment, increased CNP fraud is likely to increase interest and research in them, particularly any system that can take advantage of EMV or tokenization.
Should You Worry?
Not really. Not yet. America’s EMV roll-out is still in its early stages and will no doubt be working bugs out of the system over the next year or two. In the meantime, you’ll want to stay up-to-date on the newest security developments, particularly if you’re processing CNP transactions, as online security standards find more effective ways to navigate the new credit card security frontier.