Changes in credit card processing are coming. The three items above are not all the same thing, but they are related. First, an explanation, then, what merchants need to do, and finally, why you should care. (Hint: There’s a big liability issue.)
Apple, in association with First Data, has developed what some call a “virtual wallet”. It requires an iPhone 6. Other device manufactures will soon release their own versions. Users save their credit card to their phone by simply taking a picture of the card. When it comes time to pay for a purchase in a store, the iPhone just needs to be held near a “touchless” credit card terminal.
This is how your phone communicates with the credit card terminal without even touching it. NFC stands for “near field communication”. You’re probably familiar with Bluetooth. It connects your phone to other devices out to about 30 feet. NFC is similar, but only works to about 6 inches. This lessens the chance that someone nearby can “hack” your phone.
Is it safe?
First Data’s contribution to the project was transaction security expertise. The card saved in your phone is encrypted. The actual card number is not there to be stolen. During the actual transaction the card data is further secured through a process called “tokenization”. So if someone did manage to hack the NFC transmission, all they would get would be gibberish. Plus, the phone owner must hold their thumb on the screen so the phone can recognize their thumbprint. So a stolen phone is useless. Yes, it’s safe.
It stands for Europay, MasterCard, and Visa. Most people call it “smart cards” or “chip cards”. You may already have one or two in your wallet. Look for a little gold rectangle on the card. That’s a microchip that contains all your card data. Soon, all your cards will be replaced with chip cards, probably within the next year. EMV represents a huge leap forward in security. Currently, crooks can steal card data from terminals and elsewhere. They can load this stolen card data onto a standard magnetic stripe card to create a counterfeit card. EMV, and the encryption and authentication it uses, makes this impossible, greatly decreasing card fraud which is currently a multi-billion dollar problem worldwide.
As a merchant, what do I need to do?
You need a card terminal that accepts both NFC and EMV transactions. I already explained NFC. EMV cards actually plug into the terminal and remain there during the transaction. You don’t just swipe them. Older terminals are not compatible. Today’s newest terminals accept both NFC and EMV.
OK, what’s the big liability issue?
The major card brands have announced that in October 2015 there will be a shift in liability. (Source: www.emv-connection.com) Today, if counterfeit card fraud occurs, the bank that issued the card (even if the data was stolen) bears the responsibility. After October, liability switches to the merchant. After October 1, if the customer presents a chip card for payment, but the merchant processes it as a regular card, the merchant is liable should the card prove to be counterfeit. This liability includes not just the obvious dollar amount of the sale, but all costs related to investigations and fines initiated by the banks and any governmental agencies involved. These costs can range up to 5 and 6 figures if an investigation results.
Yes, this is a big deal. Card fraud in the U.S. topped $10 billion last year. Do take care and fully research your options and responsibilities prior to October 2015. Please feel free to contact me with any questions.
Do you have any topics you’d like to see covered?
In this series I’ll be addressing a multitude of payment processing topics. If you have a particular subject you like me to report on, please let me know. And if you have a specific question you’d like answered, just reach out! I’d love to hear from you.
Michael Darrow, 888-608-0003