EMV/ Smart Chip: Did you get a call or letter from a merchant processing company offering a free EMV/ Smart Chip Terminal?

July 31, 2015

Dear Valued Member,

We want you to know that we are aware of the changes coming up regarding EMV/Smart Chip credit card terminals. We’re sending you this letter to inform you of where Cash Practice® Systems is at in updating our systems for these upcoming changes.

Beginning in October 2015, it is being recommended that merchants adopt the new EMV technology when accepting credit cards or risk a shift in liability. Why?  This is an attempt to reduce fraudulent credit card transactions.  More importantly, this is an attempt by the credit card companies to get you (the merchant) to be more diligent to do the things you’re supposed to do to prevent fraud.

As you know, the PCI data security standards already require you to follow certain guidelines to protect cardholder data.  For example, you are not allowed to keep credit card numbers on file in a readable format.  This is why software and receipts only display the last 4 digits of a card.

If you did keep card numbers illegally on file in a readable format and someone stole those numbers from you and used them to commit fraud; you the merchant (not the credit card issuer) would be liable and face heavy fines for failing to follow PCI DSS.

The addition of EMV technology is simply another step in increasing the security of cardholder data.  And like the example above, if fraud occurred with a chip-enabled credit card and you were not using EMV technology, you the merchant would be liable instead of the card issuer, whereas presently you are not liable (assuming you are PCI compliant).  Some say this new EMV regulation is really about trying to make the card issuers less liable and shift the cost of liability to the merchant.

So what happens if you don’t use the new EMV technology right away?  If you do not use it and someone commits fraud using an EMV chip credit card, you could be more liable.  Again, the card must be an EMV Chip Card for this to be the case.

To further explain, here is an excerpt from an article published by Sienna Kossman at  http://www.creditcards.com/credit-card-news/emv-faq-chip-cards-answers-1264.php

If fraud occurs after EMV cards are issued, who will be liable for the costs?

Today, if an in-store transaction is conducted using a counterfeit, stolen or otherwise compromised card, consumer losses from that transaction fall back on the payment processor or issuing bank, depending on the card's terms and conditions.

After an Oct. 1, 2015, deadline created by major U.S. credit card issuers MasterCard, Visa, Discover, and American Express, the liability for card-present fraud will shift to whichever party is the least EMV-compliant in a fraudulent transaction.

Consider the example of a financial institution that issues a chip card used at a merchant that has not changed its system to accept chip technology. This allows a counterfeit card to be successfully used.

"The cost of the fraud will fall back on the merchant," Ferenczi says.

The major credit card issuers each have published detailed schedules about the upcoming shift in liability. The change is intended to help bring the entire payment industry on board with EMV by encouraging compliance to avoid liability costs.

Any parties not EMV-ready by October 2015 could face much higher costs in the event of a large data breach.

Automated fuel dispensers will have until 2017 to make the shift to EMV. Until then, they will follow existing fraud liability rulings.

So by Oct. 1, 2015, the transition to EMV technology will be complete?

Not exactly.

Although the upcoming deadline is strong encouragement for all payment processing parties to become EMV-compliant as soon as possible, experts do not believe everyone will comply by that date.

"Don't expect a big bang in October of 2015," says Doug Johnson, vice president of risk management policy for the American Bankers Association. "In terms of rollout, we expect about 50 percent of banks and retailers to be completely transitioned over. It's going to take a little time to adapt."

Aite Group estimates that by the end of 2015, approximately 70 percent of credit cards and 40 percent of debit cards in the U.S. --1.1 billion cards total -- will support EMV.

"We are the most fragmented and the largest market that has ever gone to the EMV standard," Conroy says. "There's going to be varied customer experiences over the first year, year-and-a-half of this transition."

While many chip cards have already been issued, some people may have to wait longer than others before sent a new EMV card, according to Johnson.

EMV debit cards may be issued to consumers at an even slower pace due as banks retailers have to prep their software to accept those cards as well, according to Ferenczi.

 

By this time you have probably noticed that only a small percentage of your clients/patients even have a card with a Smart Chip and with the timelines mentioned in the article above, there’s no need to prematurely invest in a terminal with another company that only a very small percentage of your clients/patients can use right now.

Many other merchant processing companies are reaching out to businesses (like yours) using the new EMV/Smart Chip credit card terminals as a tactic to get you to switch to their merchant company. This reminds us of years ago when PCI first started. Merchant companies were scaring businesses into switching merchant companies due to fear of being non-compliant. Regarding EMV, some of our members recently reported receiving a letter from NCMIC that raised concerns about the upcoming EMV changes in October. Don't be fooled! Their offer, like so many others we see, locks you into a contract for two years with early termination fees and will only provide a stand-alone terminal for physically swiped, one-time payments.

The EMV credit card terminals have nothing to do whatsoever with your scheduled auto-debit payments. This is only applicable to your physically swiped, one-time payments. As a reminder to our members, stand-alone credit card terminals such as these still leave you open to theft and embezzlement. How? If someone chooses to fraudulently run a refund on their own credit card using your credit card terminal, they can then use that credit to shop or withdraw the money at their ATM. We know of numerous doctors who have had this happen, one who had over $100,000 stolen from him this way ...so beware of stand-alone credit card terminals! You are protected when using the Cash Practice® Systems, as this type of activity cannot occur with our Auto-Debit System®.

We want to reassure you that Cash Practice® Systems is working with our merchant partner company on the integration of the new EMV technology into the Auto-Debit System® software. Once integrated, the new EMV USB swipers will work just like you’re used to now. Our processing bank is on track with the integration requirements and expects completion soon. Rest assured your current USB credit card swiper used with your Cash Practice® account is safe, up to date, and PCI Compliant. There is no action needed at this time. When any action is necessary we will notify you.

If you have any questions, please contact us at (877) 343-8950 x105.

Yours in excellent service,
Dr. Miles Bodzin
Founder & CEO