Credit Card Processing Updates- Are You Prepared?

If you own a small business and you accept credit card payments, there’s a new requirement for credit card processing that needs your immediate attention. The Payment Networks’ Liability Shift, associated with EuroPay, MasterCard and Visa (EMV) is slated for impact in October, 2015.

Introduced in the U.S. as Phase I of the EMV migration roadmap, the introduction of a new security chip to consumer credit cards are just being rolled out to card holders and will be phasing out the old magnetic stripe cards of the past few decades. As a result, businesses will need to install new card readers to process information stored on the chips. Beyond the card reader, businesses will also need to address how they process transactions, including how they house personal information about their customers. Those businesses that do not have the new technology in place by October 1st will then be held responsible for any fraudulent transactions or security breaches that occur taking responsibility firmly out of the hands of the payment processing firms and placing it squarely back in the hands of the businesses. The exception to the new rule is for automated fuel dispensers, which are required to take part in the transition but not fully until October, 2017.

What does this mean to U.S. businesses large and small alike?
There are an estimated 1.24 billion payment cards and 15.4 million point of service (POS) terminals in use globally. The U.S. is the largest single user of payment cards will be one of the last geographic regions to roll out the new chip-based technology. While the U.S. has been slow to accept the transition from magstripe technology to chip, waiting has significantly impacted both consumers and payment processors. Annual costs of fraud are estimated at $8.6 billion per year and experts believe that the number will steadily rise to over $10 billion if the U.S. doesn’t make inroads toward new technology fast.

New cards won’t need to be swiped in the magstripe readers. Instead, consumers will ‘card dip’ or ‘tap’ the card either into a terminal slot or on a scanner and then wait for the chip to be read and transaction to be processed. The ‘dipping’ or ‘tapping’ allows the card’s data to flow between the card chip and the financial institution to verify the card’s legitimacy and create a unique transaction ID. While the process isn’t as fast as the swipe technology, it will provide a significantly tighter transaction that will be much harder to replicate and steal. Most financial institutions are issuing contact cards, meaning that the card must be ‘dipped’ into the terminal rather than just tapped or waived near a terminal scanner.

A recent survey by Manta, an online small business community site, polled 1609 businesses and asked them if they planned to adopt the new payment card technology in their small business. A majority of the respondents didn’t even know about the requirement or the deadline of October 1st. If you haven’t heard about the new requiremets from your payment processor there are a few things you can do:

1. Call your payment processor and ask about your small business’ liability and requirements with regard to processing the new credit card chip information.

2. If you are using Intuit, Square or Capital One, odds are you have already been introduced to the technology via educational materials. Square was reportedly giving away an initial 250,000 readers for a limited time. And other payment processors are also entering the mobile payment market in time for this deadline.

3. Investigate whether your technology has Tokenization encrypted payments available. Tokenization is a process that replaces personal sensitive data with unique identification that will protect consumers without compromising security or the necessary data processors and businesses need.

4. The first round of EMV cards will contain both the magstripe and the chip in order to allow businesses catch up time to the technology. If your new card terminal hasn’t been fully enabled yet, don’t fret. You can still swipe and process the transaction in the old way. You just won’t have that extra level of chip security until the terminal is brought online.

5. Understand your liability if you don’t make the switch. While you can still process the new cards with old school methods, just understand that the largest part of the EMV migration is the accompanying liability shift. Those issuers and merchants using non-EMV compliance devices will now accept liability for any and ALL transactions that are found to be fraudulent. Whenever card fraud occurs, the payment processors and card issuers will determine what happened. As part of the liability shift, whichever party has the lesser technology will bear the liability for the fraud and be required to pay the damages. The concept is that if everyone must bear the brunt of the fraud, that they will also jointly participate in investing in technology to drive fraud out of the system entirely.

Costs for businesses to upgrade can range from as low as free in Square’s giveaway, to several thousand dollars depending on the volume of readers needed and the back end software used to handle complex payments. In some cases, the readers also tie to inventory, customer and vendor information. Industry specific systems such as restaurants will face the most severe impact as they have highly structured systems that will need retrofitting in order to meet the new requirements. Depending on the business’ infrastructure and hardware requirements, the new readers won’t just be plug and play either. Changing card readers and software may require assistance in the form of a consultant or time with your payment payment processing vendor to integrate the technology into your current systems.

The upside to all this is that your security, which may have been lacking previously, has the opportunity to receive a much-needed upgrade. That’s something you can take to the bank in the form of solid public relations with your customers. Consider developing a small consumer education campaign of your own to talk about the security upgrades and how that will help your customers in the form of added protections. In the wake of huge international security breaks at companies like Target and TJ Maxx, consumers will welcome a little added protection and reassurance.

Copyright Information 2015 Professional Association of Small Business Accountants. Presented by TMA Small Business Accounting, P.C., P.C., a PASBA member firm located in Indianapolis, Indiana.
Please be advised that, based on current IRS rules and standards, any advice contained herein is not intended to be used, nor can it be used, for the avoidance of any tax penalty that the IRS may assess related to this matter. Any information contained in this article, whether viewed or subsequently printed, cannot be relied upon as qualified tax and accounting advice. Any information contained in this article does not fall under the guidelines of IRS Circular 230.