That was the word on credit cards in 2015 from a pair of local bank officials told members of the Mill Valley and San Rafael Chambers at a Content & Coffee event on March 27 at the Renaissance Entrepreneurship Center.
So what can merchants do to combat it?
While the world of credit card fraud is complex, Sandy Barron, AVP/Regional Manager for Redwood Credit Union, and Dan Lanting, a Business Sales Consultant with Wells Fargo Merchant Services, said the short-term solution was quite simple: upgrade your credit card reader before October 1 to avoid the specter of being liable for credit card fraud. New readers cost a few hundred dollars to buy on average, the bankers said.
The chambers hosted the event to educate their members about a major transition happening later this year. Credit card providers are replacing all “swipe-the-stripe” cards with those embedded with a microchip, with customers inserting the cards into a slot instead of swiping the stripe. Customers will still sign to validate most transactions, but the new system, known as EMV, will lead transition from swipe-and-sign to chip-and-PIN, enabling the use of PIN numbers if card issuers decide to add them to their cards.
The critical piece for merchants is the coming liability shift for so-called “card present” transactions that occur in person with the customer – not online or over the phone.
“This issue is only for card-present transactions,” Lanting emphasized.
Whereas financial institutions bore the brunt of credit card fraud liability in the past, that all changes on October 1.
“With the coming liability shift, both the financial institution and the merchant have an incentive to be EMV compatible,” Barron said. “If a merchant accepts a counterfeit card and they don’t have an EMV terminal, the merchant is liable for that loss. It’s that simple.”
The U.S. is the last major market to still use the old-fashioned swipe-and-sign system – Europe switched to the EMV system a decade ago and the rest of the world followed soon after – and it’s a big reason why almost half the world’s credit card fraud happens in America, despite the country being home to about a quarter of all credit card transactions. According to 2013 data, though the U.S. makes only 24 percent of all credit card sales worldwide, it is responsible for nearly 50 percent of global credit card fraud.
Barron noted that banks in Nigeria, long linked to Internet scan emails, have a policy that block the use of the credit cards they issue to be used in the U.S. “because of the amount of fraud that occurs here,” drawing laughter from the crowd.
While the U.S, lagged behind the world in adopting a more secure system for credit cards, the large-scale theft of credit card data from retailers including Target and Home Depot in 2014 changed everything, Barron said. He said that while the theft of the data from 210,000 Citibank credit cards in 2010 “sounded like a lot at the time,” the hack of data of 40 million credit cards in 2014 was stunning.
“The world changed when Target happened,” he said, noting that data from 56 million credit cards were stolen from Home Depot soon thereafter.
According to the Wall Street Journal, financial executives told a Senate Judiciary Committee in 2014 that once the country transitions to the new system, these kind of hacking attacks will be much more difficult to pull off.
“Your protection is to have an EMV terminal,” Barron said.
Merchants will still be able to take a swiped card, but as long as merchants have the EMV technology, they won’t be on the hook for fraud, Lanting added.
The pair also touched on a wide array of additional payment services, noting that Square readers will be able to read chip cards. They also focused quite a bit on Apple Pay, which the tech giant unveiled in September 2014. The system, which works only on iPhone 6 and 6 Plus, uses NFC (near-field communication) that leverages a dedicated chip in the phone and terminal, as well as Apple’s TouchID thumbprint identification system, Lanting said.
Users register a credit card with their iPhone, take a photo of the card, this connecting Apple and your credit card provider. Apple then transfers the card data via the provider’s security vault.
“It’s the next level of security in terms of keeping the bad guys from getting the data,” Barron added. “It is the most secure way to complete of a transaction short of handing them cash.”
The good news for merchants, they said, is that one reader will suffice for all of the above.
“All of the equipment we’re putting out there are EMV compliant and can take Apple Pay,” Lanting said.
For more info, call your credit card services provider, or email us at firstname.lastname@example.org and we can direct you to a local expert on this issue.