It’s the final countdown to the EMV compliance deadline.
Starting Oct. 1, a liability shift will occur. Small businesses that haven’t upgraded their POS systems to accept the new EMV-chip credit cards will be held liable for fraudulent charges, instead of the card issuer or the bank.
A recent report by Software Advice says that just 22% of small-business retailers are prepared. But if you’re not yet compliant with EMV (which stands for Europay, MasterCard and Visa, the firms that developed the technology), you don’t need to freak out.
“I think a lot of people are thinking of this as a drop-dead date,” says Deborah Baxley, principal for cards and payments at Capgemini Financial Services. “Like if you’re not ready, then the world is going to end.”
But, as Baxley says, it’s not. If you’re worried, here are a few key points that may help to lower your blood pressure.
You’re not going to get arrested for lack of EMV compliance
Switching to a point-of-sale system that is compliant with EMV cards is a smart thing to do. The new chip cards create a unique code for each sales transaction that cannot be used again, making it virtually impossible for fraudsters to create a counterfeit card with stolen data.
But there’s no actual legal requirement for your small business to accept EMV credit cards, Baxley notes. Your current system will continue to operate, and you’ll still be able to accept traditional magnetic-stripe credit cards. You’ll just have to eat the loss that results from any fraudulent transactions that occur on those cards.
Your business may be at less risk
If your business handles large transactions and is susceptible to card-present credit card fraud — when a stolen or fraudulent credit card is used to make an unauthorized transaction in person — then switching to an EMV-compliant POS system immediately is critical. And, yes, the sooner the better.
Electronics stores, jewelers, high-end clothing shops and retailers fall into this category. Service-type businesses, however, such as doctors’ offices, dental practices and accounting firms, are typically at less risk, Baxley says.
Also, upgrading a POS system or credit card reader to accept EMV credit cards can be expensive and may not make sense for every business. Those that handle small transactions — dry cleaners, laundromats, coffee shops and the like — may find that the cost of upgrading equipment outweighs the potential security benefit.
“What counterfeit fraudsters are trying to do is get cash or something that is convertible to cash or get merchandise,” Baxley says. “But if you’re a merchant like a dry cleaner, I can’t really imagine there’s much interest to counterfeit.
“You can get your dry cleaning for free, but you’re not going to make much money.”
Shopify, which provides POS systems for online and brick-and-mortar retail businesses, recently announced the launch of a new credit card reader for $99 that allows merchants to accept EMV chip cards, traditional swipe cards and contactless payments such as Apple Pay (more on that below). However, the pricing of Shopify’s monthly plans ranges from $9 to $179 per month, depending on the size of your business, plus another $40 for a retail package add-on. That’s in addition to a 2.7% charge for each in-person credit card transaction.
Square also announced a contactless and chip card reader ($49), so merchants can accept both EMV chip cards and contactless payments from their iPad. Square charges a flat rate of 2.75% for each credit card swipe. Meanwhile, PayPal Here — which charges 2.7% for each credit card swipe — announced that its chip card reader ($49) will be available in the U.S. on Sept. 30, just in time for the deadline.
U.S. gas stations have an extra two years to accept EMV credit cards, according to the Association for Convenience and Fuel Retailing. Gas stations are a common target for “skimming,” the type of fraud in which a device is inserted over the card reader slot to capture credit card numbers.
The new cards don’t cause much of a change for online or e-commerce businesses, since those sorts of setups don’t accept transactions in person. A new credit card study by Nerdwallet, however, shows that online shopping fraud is likely to increase following the adoption of EMV technology, similar to what occurred in the United Kingdom following the nation’s EMV adoption in 2005.
Your customers may not have EMV cards yet
There has been slow adoption of chip cards among U.S. consumers. Fifty-nine percent have not yet received an EMV-chip-enabled credit card, and only 32% are aware that the U.S. is moving to EMV, according to a survey by ACI Worldwide, a universal payments company.
In addition, just 25% of debit cards in the U.S. will be EMV compliant by the end of 2015, according to Pulse’s 2015 Debit Issuer Study.
This means that banks will still be liable for fraud that’s committed using these non-EMV credit and debit cards, says Michael Grillo, director of solution marketing at ACI Worldwide.
You can still act to protect your business — or please your clientele
Without a doubt, a number of small businesses will become compliant with EMV after the Oct. 1 deadline has come and gone. They may do so because they engage in large transactions, and thus have more to lose. Or they might upgrade to kill two birds with one stone.
Some POS systems offer both EMV and near field communication, or NFC — that’s the technology that allows customers to pay by holding a smartphone near the payment terminal. It may make sense for your small business to implement both types of technology so you can honor the new chip cards as well as contactless mobile payments such as Apple Pay.
You also might want to upgrade simply because your customers prefer the new ways to pay, Baxley notes.
“If people become more and more accustomed to ‘dipping’ instead of swiping, that can be another reason to switch,” she says. Your customers may like the convenience, she notes, and feel more secure.
The bottom line
If your business handles small transactions and fraud is uncommon, then upgrading equipment to be EMV compliant immediately is not essential. But it does make sense for larger businesses, such as retailers and any small business where card-present credit card fraud is a concern.
Meanwhile, online small-businesses won’t have to do anything to be EMV compliant since they don’t accept transactions in person, although they’ll have to deal with the possibility of an increase in fraud following EMV adoption.
Does your small-business need an EMV-compliant POS system?Compare payment systems
Steve Nicastro is a staff writer at NerdWallet, a personal finance website. Email:Steven.N@nerdwallet.com. Twitter: @StevenNicastro.
To get more information about funding options and compare them for your small business, visit NerdWallet’s small-business loans page. For free, personalized answers to questions about financing your business, visit the Small Business section of NerdWallet’s Ask an Advisor page.
Image via iStock.