October 1 marks an important but evolving milestone many are not aware of. It’s the deadline for retailers across the country to have upgraded their payment terminals to be compatible with a standard known as EMV (European MasterCard & Visa) chip-based credit cards. While the date promises to bring some added security for consumers, it will also entail serious considerations for family businesses that account for 90 percent of American businesses.
The deadline will shift the cost burden of fraud from credit-card issuers to retailers or vice versa, depending on who had the lesser payment technology. Despite the deadline being days away, some businesses have not yet upgraded their terminals, and for good reason.
EMV credit cards are commonly equipped with a secondary form of verification, either a personal identification number (PIN) or a signature. All EMV cards are embedded with microchips that uniquely encrypt each point-of-sale transaction making it much more difficult for a criminal to make a counterfeit card using stolen information.
The key distinction is the authentication process, chip-and-signature cards rely on the decades-old signature that we all know can be easily forged. Chip-and-PIN cards, on the other hand, require a unique code to be entered at each transaction, providing an added layer of protection superior to a signature.
Most of the developed world has chosen to migrate to chip-and-PIN cards. The United Kingdom, Australia, South America, and Canada are all utilizing chip-and-PIN technology and thereby have benefited from considerable reductions in fraud. For example, domestic fraud fell 34 percent and fraud losses from counterfeit cards fell by more than 70 percent after the implementation of chip-and-PIN cards in the United Kingdom.
Last year, President Obama issued an executive order mandating all government credit cards be chip-and-PIN enabled and that all terminals in government buildings be upgraded to support chip-and-PIN transaction. However despite evidence of its heightened security and endorsement from the president, card issuers and major banks in the United States have nonetheless opted to issue chip-and-signature cards. As a result, these big financial institutions are leaving retailers and consumers alike with a half-measure of protection while they assume less of the risk.
Furthermore, by choosing to issue chip-and-signature cards instead of chip-and-PIN cards, banks and card issuers are forcing retailers to spend more money on updating their terminals while they themselves have settled on signatures instead of requiring PINs. The readily available payment terminals that support signatures instead of just PINs are more than twice as expensive, and this is just one component.
Family businesses will also be responsible for upgrading their software and paying to have all of the equipment installed. Once that is complete, they must take the time to train employees on how to use the new system. Employees must then instruct their customers on how to use the new cards and terminals.
The entire endeavor will be a costly and time-consuming process that could be justified had they been adopting the more secure chip-and-PIN alternative, but unfortunately that is not the case. Enduring this entire process for a marginal upgrade to chip-cards with faulty signature requirements is therefore confounding for many family businesses.
As it is today, family businesses are the backbone of our economy. They employ our friends and neighbors while usually operating on thin margins. Asking them to incur such substantial costs for a less secure method of addressing credit card fraud makes little sense.
If we are all going to commit to improving payment security, we should go all the way. If banks and card issuers are going to ask retailers to upgrade their payment terminals and take on more of the financial risk associated with a credit-card fraud, they should at the very least adopt the best available technology – chip-and-PIN.
