Are Your Credit/Debit Card Readers Putting You At Risk?

© 2015 by Nick B. Nicholaou, all rights reserved
President, Ministry Business Services, Inc.
Reprinted from Christian Computing Magazine

I was surprised recently when our bank replaced one of my unexpired credit cards with one that had an embedded chip! “That’s cool,” I thought! Well, it turns out there’s more to it, and churches with debit/ credit card readers need to know what I recently learned. Not knowing can bring some heavy penalties.

Change Is In The Air
Credit and debit cards are usually processed at terminals in the United States by swiping them through a device that reads the magnetic stripe on their back. This methodology is vulnerable to fraud, and so a methodology was developed in Europe in the mid-1980s and formalized in the mid-1990s. The new methodology, or standard, has grown in ability and fraud prevention, and is now known as EMV (which stands for Europay, MasterCard, Visa). The new standard uses a chip embedded in the credit (or debit) card, and improves fraud prevention (especially for counterfeit and lost/ stolen cards) while also improving worldwide processing for those who travel.

On October 19, 2014 President Obama signed an executive order to speed the adoption of EMV in the United States, the last major market in the world where businesses primarily use magnetic-stripe card readers. Financial institutions strongly recommend that U.S. businesses begin using EMV processing terminals this year, though they won’t require the upgrades. (More on that in a minute….)

Is This New Standard Really Better?
There have been a few vulnerabilities to the new standard demonstrated. But proponents (the financial institutions) insist the risk for fraud is dramatically lower using cards with embedded chips vs than those that only have the traditional magnetic stripe. So, as is always true, our data– and funds– are at risk. That won’t change. But if we believe the experts, this new standard reduces the risk.

What If You Don’t Change Your Terminals?
Here’s where the banks put some teeth to their strong recommendation that businesses upgrade all of their processing terminals. Effective October 1, 2015– that’s this year!— United States financial institutions will shift the liability of fraudulent transactions done on swipe-only terminals from the financial intuitions to the business using the swipe-only terminal. Said another way:

  • Currently, fraudulent credit/ debit card transactions are solely the banks’ responsibility; businesses and consumers are protected.
  • Effective October 1, 2015:
    • Financial institutions will have shifted the costs of fraudulent transactions to businesses using traditional swipe readers; consumers will still be protected. And so will the financial institutions!
    • Financial institutions will only be responsible for fraudulent transactions at businesses where the new EMV terminals are in use. So, if you change over all your terminals to EMV devices, you will still be protected from fraudulent transactions; and consumers will be protected either way.

How much could not changing your terminals cost you? We don’t know; it depends on whether fraudulent transactions can be traced to originating through your church, and how large those transactions are. It stands to reason, however, that the cost of not changing is potentially much greater than the cost of changing your terminals.

What Should You Do?
Contact the vendor or vendors who supply your credit/ debit card terminals and find out if your devices are ready for this shift. This has not caught your vendors by surprise; they have known about it for months (since President Obama’s executive order, at least!) and should have transition protocols in place for you. Remember: it impacts every credit/ debit card processing terminal– even Square! If your terminals are not EMV compliant, put a plan in place ASAP to be ready before October 1st. The sooner, the better!

This is an easy fix with a small price tag that can potentially save you thousands!

Leave a Comment