Published in the Union Leader
Q. More and more of my customers are paying with credit cards that have chips in them. Do I need a chip-based credit card reader?
A. Credit card companies – not retailers or consumers – have historically absorbed the liability for fraudulent credit card transactions. That will change on October 1, 2015. If your business does not use EMV equipped card readers to process credit cards that utilize the new chip technology, then your business – not the credit card company – will be liable for fraudulent transactions.
The credit card industry in the United States has been transitioning for the last several years to cards that utilize embedded chips, in addition to the older magnet strip technology. The reason is that the vast majority of credit card fraud occurs from the “skimming” of numbers from “swiping” a card’s magnet strip through a card reader. Target, Home Depot, and TJX are just a few examples of such recent breaches affecting hundreds of millions of consumers.
Retailers outside of the United States started many years ago transitioning to chip technology, which is called “EMV.” Outside of this country, about 70% of all credit card readers employ EMV technology, compared to the relatively negligible adoption of EMV domestically. As a result, the approximately $10 billion of annual domestic credit card fraud accounts for nearly half of global fraudulent credit card transactions, even though only about one quarter of all credit card transactions worldwide occur in the United States.
On October 1, 2015, there will be a change to the rules that major credit card companies apply to retailers and other credit card processors. If fraudulent transactions occur using cards with chips, and the retailers/processors did not use EMV equipped card readers, then the retailers/processors – not the credit card companies – are liable for the fraudulent transactions. By contrast, if a retailer/processor uses an EMV reader to process a chip equipped card, the credit card company is liable. Also, credit card companies remain liable for fraudulent transactions using credit cards equipped only with a magnet strip and not the chip technology.
Because about 40% of credit cards in the United States presently have embedded chips, domestic retailers and credit card processors face significant potential liability for fraudulent transactions. As a result, if your business processes credit card transactions, you should promptly convert to EMV enabled credit card readers.
Cameron Shilling is Chair of McLane Middleton’s Privacy and Data Security Group. He regularly manages data security audits, prepares and implements written security policies, addresses day-to-day security issues, and investigates and remediates security breaches. He can be reached at 603-628-1351 or [email protected].
Know the Law is a bi-weekly column sponsored by McLane Middleton, Professional Association. We invite your questions of business law. Questions and ideas for future columns should be addressed to: McLane Middleton, P.O. Box 888, Manchester, NH 03101 or emailed to [email protected]. Know the Law provides general legal information, not legal advice. We recommend that you consult a lawyer for guidance specific to your particular situation.