While many end-users have been receiving new credit and debit cards implanted with the new EMV chip, merchants have been forced to update their systems to take advantage of the new chip technology. Here’s thing most merchants don’t know: new regulations that go into effect on Oct. 1st 2015 could shift the liability for credit card fraud to the merchant. For example, Home Depot went through a fraud debacle in 2014. In that case, customers and banks carried the majority of the liability. If that same event happens after Oct 1st 2015, the merchant could carry all the liability if they are not fully EMV compliant.
Does the EMV chip technology really help?
The way that the EMV technology works, is that when you insert your card into an EMV aware system, the chip generates a one-time access pin through a process known as tokenization. That pin is used to create and maintain the encrypted transaction. The card must stay in the machine throughout the transaction to keep the encrypted session in tact. In this way, the chip improves security and thus reduces the chance of fraud.
If the vendor of my merchant systems says they’re compliant, does that mean I don’t have to worry?
Not really. The vendor can only guarantee compliance for their own equipment. However, PCI-DSS compliance applies to the entire network that the credit card processing equipment is connected to. In other words, if you plug a fully PCI compliant device into your main network, the entire network needs to be compliant as well. Vendors may say you’re compliant but if they’re not giving you a written guarantee, be cautious of assuming you can stop there.
What about ‘card not present’ situations such as online transactions or pay by phone?
Card not present solutions are not required to abide by the EMV requirement.
What is PCI compliance and do I need it?
All merchants that accept credit cards must be compliant with the Payment Card Industry Data Security Standards (PCI-DSS). Businesses who are found to be non-compliant could be fined as much as $100,000 a month! The cost of fraud is event higher than that.
How can I be sure I’m compliant?
There are companies out there who can help you become compliant, assess your network on a regular basis and even insure you up to $100,000. Contact us to learn more. We can help.
Trusted Procurement Advisors