Discussions about payment security for small to midsize businesses often focus on card data theft and the measures available to help protect businesses from it. Securing data is an important and complex problem, to be sure. But business owners should take care not to neglect the other side of payment security...fraud.
Fraud and card data theft are both essentially theft. But whereas the goal of card data theft is stealing sensitive cardholder data including card numbers, social security numbers and cardholder address, the primary goal of fraud is stealing goods and services.
Until very recently, U.S. businesses have had to rely on mostly manual processes to guard against fraud. In the past few years, the U.S. payments industry has been gearing up to implement a new payment authorization technology called EMV. On October 1, 2015, the card issuers (Visa, MasterCard, AMEX) are shifting the liability for fraudulent transactions where the card is present to the merchant if they do not use EMV technology to process the payment.
EMV provides better security against fraud because the card data needed to complete a transaction is embedded in a microchip on the credit or debit card. EMV technology makes it virtually impossible to create cloned or counterfeit cards, and increases card data security by requiring cardholder authentication that verifies that the card belongs to the person using it. The transaction is made by inserting a chip card to an EMV-enabled chip card reader instead of swiping it through a standard magstripe reader the way traditional credit cards are processed.
With EMV, the cardholder has to be present to enter a PIN number or signature to complete the transaction. This reduces the burden on merchants of having to be on alert for suspicious cards or identifying suspicious behaviors on the part of fraudsters. If you don’t plan to implement EMV in the near future, you should consider brushing up on these warning signs and card acceptance best practices. Industry experts anticipate that fraudsters will begin seeking out vulnerable merchants that have not implemented EMV as the gap narrows for easy targets.