Credit Card Data Breaches – EMV – Merchant Services

As a business owner, have you heard the terminology, EMV? If not you will likely hear it soon as the spring influx of new merchant services reps hit the street and come knocking on your door. The purpose of this article is to bring you information on this technology so that you are on top of your game.

As defined by Wikipedia, EMV stands for Europay, MasterCard and Visa, a global standard for inter-operation of integrated circuit cards (IC cards or “chip cards”) and IC card capable Point of Sale (POS) terminals and automated teller machines (ATM’s) for authenticating credit and debit card transactions. EMV is a joint effort with the three entities to ensure the security and global interoperability of chip-based payment cards.

OK, so now you know what it is but what effect does it have on you and your business? Certainly you’re aware of the huge data breach at Target during the holiday shopping season. And maybe, to a lesser extent, you have heard of the Neiman Marcus data breach as well that dates back as far as July of 2013. Estimates indicate that at least 110 million consumers were affected by these hacks. Obviously, simply because of the sheer size of these data breaches and the businesses involved, it made headline news. However, I’ll bet that you weren’t aware that your business is more at risk of being hacked than these large business entities. A recent study conducted by Trustwave revealed that 92% of all data compromises originated with level 4 merchants. Level 4 merchants are those that process under 1,000,000 transactions a year and have fewer than 20,000 eCommerce transactions annually. I would venture a guess that since you’re reading this article, this describes your business.

Data security is a very important topic that you absolutely need to be aware of and do all you can to protect your customers information. Consider the risk to your business if a compromise occurs:

Potential loss of customers
Loss of reputation
Liabilities from bank fines
Potential litigation
Card association fines and penalties
Inability to accept future credit card payments
Lost merchandise due to fraud

For sure, you will and do need to make certain that you are fully compliant, currently, with PCI/DSS standards. And, eventually, you will need to adopt EMV technology in your business. But here’s my word of caution to you: as of right now, the mandate for the implementation of EMV equipped terminals in your business is October of 2015. However, you will have reps coming through your door trying to tell you that this is an urgent matter and needs to be addressed immediately or “you will be at risk”. Don’t fall for it!!! Certainly, eventually you will need to adopt this new EMV technology into your business and there will be a cost (i.e. new EMV POS terminals). The benefits are great in that since when you are fully compliant, fraud risk shifts to the your merchant services provider.

So, in closing just know that increased data security and standards are valuable discussions to have with both your current provider and any processor trying to attract your business. As the “deadline” for implementation approaches, don’t be surprised if it gets pushed back again. The US is one of the few remaining markets that doesn’t use chip and pin technology for point-of-sale transactions. It’s a major task and expensive proposition for banks (issuing expensive new chip embedded cards) and merchants (replacing all their terminals) but, it is coming. Watch for future article on this topic as I strive to keep you informed.