Card fraud is a persistent problem in the U.S. In fact, per The Nilson Report, U.S. card losses accounted for a whopping 38.7% (or $8.45 billion) of gross global card fraud losses in 2015. Given that stat, it’s no surprise the major payment networks instituted new rules that very year designed to mitigate the problem.
While financial institutions traditionally footed the bill for fraudulent transactions, payment networks can now hold merchants liable for fraud if they accept the payment in store via a credit or debit card’s magnetic stripe and not it’s more secure EMV chip.
That liability shift means it’s more costly than ever before for merchants to skimp on payment processing security. Here’s a guide to avoiding fraud with (and after) the EMV liability shift.
1. Upgrade Your Terminals
EMV chip readers are designed specifically to prevent “card present” fraud. “Card present” fraud is just a fancy way of saying someone presented you or an employee with a counterfeit payment method at the point of sale. EMV chip cards are virtually impossible to counterfeit, given their security code (the final go-ahead to process payment) changes every time one is used in stores. The chip-enabled cards work in tandem with EMV chip readers, so the most obvious way to avoid “card present” fraud following the liability shift involves upgrading your terminals.
Sure, a full migration to chip readers represents an expense, but, if you’ve yet to make the switch, the tech could wind up paying for itself. Late last year, Visa reported a 52% decrease in counterfeit fraud at chip-enabled merchants when comparing September 2016 to September 2015.
2. Follow All of Your Network’s Rules
The EMV liability shift is just one small part of a merchant’s agreement with their payment network or processor. Card acceptance guidelines can also require you to obtain a signature, authorize all transactions with a cardholder’s issuer and/or retain sales receipts for a certain period of time, among other things.
If you fail to take these steps, you run the risk of incurring a chargeback — the formal way of saying you’ll have to cover a fraudulent or disputed transaction. As such, review your network agreement, paying particular attention to the chargeback section, to ensure you’re in compliance.
3. Provide Adequate Training
There’s a good chance you’re not the only one accepting payment at your business, so be sure to teach all store clerks how EMV chip-enabled cards and chip readers work. If you haven’t fully migrated to the new technology, train them to ask for photo I.D. where applicable and to compare receipt signatures to the John Hancocks on the back of the customer’s credit or debit card. You can institute other precautions, depending on your agreements with your network or processor.
4. Beef Up Your ‘Card Not Present’ Security, Too
The new EMV liability rules hold merchants accountable for “card present” fraud, since EMV chips do little to protect against “card not present” fraud or, simply put, fraud that occurs in instances where a cardholder can’t present their physical payment method. (Think online shopping or ordering goods over the phone.) That pass doesn’t mean you skimp on security beyond the register.
Some solid ways to avoid “card not present” fraud include using an address verification service (AVS), which cross-checks the billing address provided by a customer with the billing address on file at the issuing bank. You can also require customers to supply their cardholder verification value, or CVV number, at checkout. The CVV number is that three-digit code listed on the back of a Visa, MasterCard and Discover card or the four-digit code on the front of an American Express card. It’s designed to provide an added layer of security for “card not present” transactions, since there’s a chance fraudsters haven’t gotten their hands on those digits. Finally, consider confirming delivery on all orders over a certain dollar amount.