Small Businesses Now Liable for Fraudulent Transactions
Capital One's Head of Small Business Cards shares his findings
Beginning on October 1, 2015, all businesses in the US will be held liable for fraudulent transactions (instead of credit card companies) when the transaction in question occurs without using the new EMV chip and pin processing technology.
My first question when I heard about this news is why exactly this shift is occurring all of a sudden.
Given the high volume of data breaches over the past year, we've seen just how vulnerable the traditional magnetic strip cards can be.
When your transaction is processed using this technology, your information is not as secure as it's passed from the merchant to the credit card processor, leaving your information open to being captured.
The best solution we currently have to this insecure credit card data transfer is rapid implementation of EMV chip technology.
This morning, I had the opportunity to speak with Buck Stinson, Head of Small Business Cards at Capital One. I asked him to share with me, how this new liability shift over to businesses is going to affect the average small business owner in the US.
- Only 2 in 5 small business owners are familiar with EMV /chip credit cards.
- 34% of those who are aware of EMV currently accept EMV/chip credit cards as a form of payment.
- 7% of those who are aware of EMV plan to accept EMV/chip credit cards as a form of payment on or after October 2015.
Here's my interview with Buck.
Ryan: How will the new EMV technology protect small business owners?
Buck: "The shift to EMV chip technology will dramatically improve card security in the U.S."
"Every time an EMV-enabled card is used for payment, the embedded chip creates a one-time unique transaction code when used at a chip-enabled register.
This code adds an additional layer of fraud protection since the card credentials are not exchanged, which means the information cannot be used to create counterfeit cards."
Essentially, this new chip technology is going to much greater lengths to protect consumers from fraudulent transactions in the future. The liability for not processing cards in this new, more secure manner, is now being passed on to business owners.
Ryan: What steps do small business owners need to take, in order to get EMV compliant?
Buck: "First, small business owners should educate themselves on the EMV transition, chip, and pin technologies, and the benefits associated. Next, business owners should take action to upgrade their terminals or readers, allowing time for the upgrade and certification process."
"Business owners will also need to train employees on how to process EMV-based customer payments; with the EMV chip card, customers insert their card into a terminal as opposed to the magnetic card swipe."
Ryan: How do we spread this important message to more small business owners in the US?
Buck: "We learned in our most recent Spark Business Barometer survey that many business owners are still unaware of the upcoming EMV requirements and chip-enabled cards and payment terminals.
We encourage business owners to visit GoChipCard.com for details about the technology and how to go about acquiring the payment terminals."
"Also, by spreading the word -- across news and media channels, as well as customer communications – we hope to empower business owners with the information they need to plan for this important transition. SparkBusinessIQ.com is one way Capital One is providing information and insights to help inform and empower entrepreneurs through many stages and phases of business."
Ryan: What else (other than EMV integration) can small business owners do to reduce their risk of being held liable for fraudulent transactions?
Buck: "First things first, have business accounts separate from personal accounts to make tracking business expenses and deductions easier. Be thoughtful about who has access to your business accounts – and take advantage of the controls that many business cards (like Capital One’s Spark products) offer to help manage card usage and limit unwanted activity."
"You’ll also want to check your accounts regularly – catching suspicious activity early can make recovering funds and resolving vulnerabilities much easier."
"In addition, there are other technologies that can help protect your payment data, including tokenization of on-line transaction data and end-to-end encryption of payment data. Small businesses should reach out to their acquiring banks to better understand the benefits of these technologies and how best to deploy them."
"Finally, train your employees! According to the U.S. Small Business Administration employees are one of the biggest points of vulnerability for fraud, but when properly trained they are a small business owner’s biggest asset in the fight against fraud. Small business owners must seek out trustworthy employees and hold regular training sessions on basic security threats and prevention measures."
How is the EMV liability going to affect your business?