A customer purchasing something with a chip credit card.

Can swiping chip cards be risky?

Saturday, December 05, 2015

How to keep your business and your customers safe

If you run a small business, chances are you take credit cards as a payment method. While credit cards are a great way for your customers to pay at your business, they do come with risks. Since businesses now must accept EMV chip-enabled credit cards, it’s important to know what they are and what risks they carry. Most notably, is it risky to swipe this type of credit card since it has an EMV chip? These are important questions small businesses owners like you should know. To start, we’ll define and discuss the importance of EMV chip cards.

What is an EMV chip credit card?

EMV is a relatively new technology that stands for Europay, Mastercard, and Visa. This technology is now on all credit cards, including cards from other credit card issuers like American Express and Discover. These chip cards use EMV chip technology, a security feature that makes it more difficult for thieves to steal card data while also lowering the chance of identity theft. EMV chip card readers prompt customers to insert their credit or debit cards for more secure transactions than those that take place using traditional magnetic stripe cards.

Besides inserting the card into the payment terminal, EMV cards can also support contactless card reading, also known as near field communication, or NFC. You may recognize this functionality as tap to pay or the way you use your phone to pay with Apple Pay®.

EMV chips contain secure algorithms that generate new authentication codes for every transaction. These codes are then sent to the issuing bank, which confirms the transaction before processing, helping prevent credit card fraud.

This security feature is a significant advancement in credit card processing. Before EMV chips, retailers swiped the card’s magnetic strip to process the card number and get a customer’s signature, verifying that they were the cardholder and authorizing the transaction. They’d then compare the signature to the signature on the back of the credit or debit card. However, this approach has some security risks because many cardholders wouldn’t sign the backs of their cards. Sometimes, merchants wouldn’t check these signatures, rendering the process less effective.

But with EMV chip cards, there’s an added layer of security. There are two verification modes for these chip cards during a credit card transaction: Chip-and-Signature and Chip-and-PIN. While these sound obvious, one requires the cardholder to sign while the other requires the cardholder to input a PIN. Now that you know a bit more about EMV chip cards and how they work, let’s talk about swiping chip cards.

Should a retailer swipe a chip card?

When a consumer has a chip card, is it really that risky for your business to process a payment by swiping it instead of inserting it into an EMV chip enabled card reader? The short answer is yes. In fact, EMV chip cards replaced magstripe cards because EMV chip cards are more secure. By swiping an EMV chip card, you’re essentially nullifying the security features in place, exposing the customer to potential fraud, and increasing your fraud liability in the process. Let’s explain why swiping a chip card can be bad for your business:

Your business is responsible for any losses due to fraud: If a fraudulent transaction occurs, consumers have some protections. Unfortunately, your business doesn’t have the same good fortune. Therefore, in the event of fraud, you’re responsible for recovering lost profits or goods. As you know, losing money is not good for business, especially if you have no course of action to recoup these fraudulent charges.

Your business could suffer penalties as a result of fraudulent purchases: When credit card information is stolen and fraudulent purchases happen, it’s not just the money of the transaction you can miss out on. You can suffer other penalties, from chargebacks to account suspensions and even account terminations. This is especially true if your business has a pattern of fraudulent transactions happening at your company.

Your business has an obligation to read the EMV chip card: While the magnetic stripe will work to process the transaction, it should only be swiped as a last resort. That’s because of EMV liability shift – an agreement between the credit card companies and merchants that puts more responsibility on business owners for accepting swipe cards instead of chip cards. If you swipe instead of using the EMV chip, a customer can dispute the transaction and render your company defenseless. Because you didn’t follow the agreement laid out in the EMV liability shift, your customer’s charge will be reversed and the chargeback will be awarded to the customer regardless of any facts or documentation. This is known as a fatal chargeback, and it can eat into your financial bottom line.

To further understand the EMV liability shift, let’s take a look at how risky swiping credit cards can be for a company.

EMV liability shift: Who is responsible?

As you can see, one change in the credit card landscape is who will be held responsible for fraud. These specific conditions can highlight the importance of always doing your best as a business to utilize the EMV card reader for credit card payments. It’s important to note that the acquiring bank will certainly pass on any fines directly to the merchant in question. Here’s how the liability shift breaks down the responsibility for fraud:

  • If the counterfeit is a magnetic stripe card with track data copied from a chip card and the point of sale (POS) payment terminal does not have chip-reading capability, the acquirer is liable for counterfeit card transactions.
  • The issuer is liable for all other counterfeit card transactions, no matter the POS terminal capability.
  • If the payment card has an EMV chip and a preference for signature verification, and the POS terminal does not have chip-reading capability, then the acquirer is liable for lost or stolen card transactions.
  • If the payment card has an EMV chip and a preference for PIN verification, and the POS terminal does not have PIN verification enabled, the acquirer is liable for lost or stolen card transactions.
  • The issuer is liable for all other lost or stolen card transactions, no matter the POS terminal capability.
  • The issuer is liable for the widest range of fraudulent transactions, although these certain scenarios now shift the responsibility to the acquirer.

Of course, it’s important to remember that EMV liability only applies to in-person, card-present transactions. For online or card-not-present transactions, it’s important to follow best practices to ensure safe and secure transactions at your business. When it comes to accepting credit cards at your business, EMV chip cards represent the safest and most secure way to avoid fraud.

Ready to work with a payment processor who can help you prevent fraud?

Heartland is the point of sale, payments and payroll solution of choice for entrepreneurs that need human-centered technology to sell more, keep customers coming back and spend less time in the back office. Nearly 1,000,000 businesses trust us to guide them through market changes and technology challenges, so they can stay competitive and focus on building remarkable businesses instead of managing the daily grind. Learn more at heartland.us.