To Chip or Not to Chip: Understanding Chip-Based Credit Cards in Your Small Business

Published by BradyRenner CPAs | October 26, 2016

Today, small business owners — particularly those engaged in the retail sector — are being relentlessly bombarded with new options and requirements surrounding customer payments. For thirty years, the payment model was relatively stable and revolved around the ‘big three’: cash, check or credit. In the last few years, that list has now expanded three-fold to include:

  • Cash
  • Checks
  • Credit Cards
  • Debit Cards
  • Gift Cards
  • Apple Pay
  • Google Wallet
  • PayPal

In addition to the overwhelming diversification of payment methods, businesses are experiencing rapid changes in how payments are managed, as upstart providers such as Square, QuickBooks Payments (formerly Intuit GoPayment) and others challenge the traditional merchant banking system.

In the midst of all of this, small businesses have another change to consider: The advent of chip-based credit cards.

The traditional ‘legacy’ credit card in the United States is a relatively low-tech piece of plastic, consisting of raised numbers (originally created to support carbon-copy credit card receipts in the pre-digital era), and a simple magnetic strip. The card number and other information is contained on the strip, which is then read by a magnetic reader. This reader does not provide any inherent security and is easily copied, and as a result, credit card fraud in the United States has reached record highs.

Beginning in October 2015, the U.S. credit card issuing banks began transitioning to a new card design, called EMV. EMV stands for EuroPay, MasterCard and Visa, and is a digital standard that was created by those three organizations and originally implemented in Europe in the last decade.

The advantage to EMV technology is that it allows for encrypted, digital verification that the card being presented is legitimate and not a counterfeit. In addition, EMV can also be used in conjunction with a PIN code to securely match the customer presenting the card with the account itself.

In the U.S., two versions of the card may be issued over time. One is a contact-based card that will be used in a manner similar to what we see today. Instead of swiping a card, the customer inserts the card into a reader and the card is held in the reader slot for a few seconds while the digital verification is completed. You may have noticed by now that this approach is beginning to be accepted at more and more merchants.

The second version is a contactless card, which uses Near-Field Communication (NFC) to allow the customer to essentially wave or tap the card on the reader and have the data transmission take place wirelessly. To date, this version has not been commonly implemented in the U.S., and most banks and merchants are focusing solely on the contact-based card model at first.

At first, it may seem that the decision of whether to accept EMV cards at your small business is as simple as looking at the cost of the equipment upgrade and your customer preferences, then determining if you want to make that investment now or, perhaps, later.

However, the change in technology is not arriving on its own. Rather, it is being accompanied by a change in how the entire U.S. credit card industry operates. Traditionally, banks were responsible for the cost of liability associated with card fraud. However, with the delivery of EMV cards into the market, banks are changing their interchange agreements. As a result, merchants who haven’t upgraded to chip-reading systems are being forced to accept liability for fraudulent transactions in situations where an EMV card could have prevented the incident from taking place.

This liability shift was planned in phases: retail merchants began taking on liability as of October 2015; ATM operators begin taking on liability as of October 2016; and gas station operators who provide automated fuel dispensers (i.e. pay-at-the-pump systems) begin taking on liability in October 2017.

In the end, the liability alone makes it essentially a given that small businesses need to switch to EMV technology. Ironically, small businesses are those most at risk from this change. Large companies may be able to absorb some level of fraud liability, but for a small business, one fraudulent transaction or a single series of incidents tied to a single counterfeit card, could quickly result in bankruptcy.

Therefore, any small business who hasn’t made the change already, needs to make this a top priority for action today.

Here are six steps you can take to initiate your small business transition to EMV technology:

1. Talk with your merchant bank about the costs, options and steps involved in upgrading to EMV-compliant point-of-sale (POS) systems.

2. Review your merchant bank and interchange agreements to properly understand your security responsibilities and legal liabilities, as they may have changed.

3. Research options for integrating your POS system with your accounting software, if you have not done so already. Since you are going to have to upgrade, this may be an ideal time to ensure that your financial systems are current and are operating as effectively as possible.

4. Determine whether this upgrade may also be the right time to enhance your overall payment capabilities. The cost of upgrading to an EMV system that also supports contactless payments, versus one that does not, may be minimal and therefore it might make sense to make a series of upgrades together.

5. Consider online transactions and examine how to close security loopholes. EMV cards are obviously only helpful when a transaction takes place in person (i.e. the card is physically present). For online transactions, enhanced security protocols are increasingly available and should be considered. These may include added authentication steps, fraud detection technology and transaction security scoring services.

6. Train your staff and create new policies to ensure that any time a chip-based card is presented, that it is indeed inserted into the chip reader. Right now, a lot of larger retailers have installed EMV terminals but are still asking customers to swipe all cards. That means that customers are confused, and they may arrive at your business and swipe when they should insert. Every time an EMV card is swiped instead of inserted into the digital card reader, your liability for fraud increases.

These six steps can help position your small business to achieve a safer and more secure payment system that also supports your customer’s need for security and desire for flexibility in payment options. Taking the time to drive a strategic upgrade to EMV today is a critical investment you can make in the future of your small business.

Image Credit: Paul Sableman @ Flickr (Creative Commons)