October 1st Fraud Liability-Shift Deadline Approaches for Churches, Nonprofits, and Businesses Who Accept “Swipe-and-Sign” Credit Card Payments
Have you received a new credit card in the mail recently? Does it have a special embedded chip in it? This new chip technology is known as EMV (named for its developers: EuroPay, MasterCard, and Visa; also known as “chip-and-PIN”), and it represents a big step forward in putting a stop to credit card fraud.
Global credit card fraud amounted to $11.3 billion in 2012, up 15% from the prior year. Credit card fraud in the U.S., alone, accounted for 47% of the global total ($5.3 billion). While the rest of the developed world has adopted the new EMV technology, which makes credit card fraud much more difficult, the U.S. has lagged behind, clinging to the original magnetic stripe technology and leaving millions of U.S. consumers vulnerable to credit card fraud. A 2012 survey found that “42% of Americans had experienced some form of payment-card fraud in the preceding 5 years.”1 At long last, changes are coming this year to make EMV technology the “new normal.” If your church, nonprofit, or business accepts in-person credit card payments on a traditional “swipe-and-sign” terminal, you need to be aware of the changes so that you can determine the best course of action for your church.
According to Visa:
- Beginning October 1, 2015, if you accept an in-person payment on a traditional “swipe-and-sign” terminal, and that payment turns out to be fraudulent:
- If the card only has a magnetic stripe, the liability for the fraud will generally continue to fall on the issuing bank, because the bank hasn’t upgraded to the more secure technology.
- If the card has an embedded chip in it, the liability for the fraud will generally fall on the merchant (the church, nonprofit, or business), because the merchant hasn’t upgraded to the more secure technology. This is what is meant by “liability shift.”
- The October 1st deadline does not apply to keyed-in or “card not present” transactions, whether you use a physical terminal or an online point-of-sale portal. If you are not currently using an online point-of-sale portal, switching to it could save you money you might otherwise spend on buying or leasing a physical terminal.
There are numerous misconceptions being spread about the switch to EMV technology, especially by payment processors who want to scare you into switching vendors or buying expensive equipment. Review your church, nonprofit, or business’s credit card handling practices to determine your primary mode of charging credit cards (swipe or keyed-in). Then, compare the points above to see whether the switch to EMV will impact you or not and take appropriate action, as necessary.
And while you’re at it, you should examine how you and your employees handle credit card information to see if there are any ways that you can increase security and decrease your liability in that area. Are paper or electronic copies of credit card information being kept “on file”? How securely are they being stored? How easy might it be for someone to steal them? Is there any way that you can reduce or eliminate the risk of theft and fraud by changing your procedures? You might be surprised by what you find, and be glad that you looked into it!
For further reading:
- “Skimming off the top: Why America has such a high rate of payment-card fraud,” The Economist, February 15, 2014. http://www.economist.com/news/finance-and-economics/21596547-why-america-has-such-high-rate-payment-card-fraud-skimming-top
- “EMV Liability Shift: Why it pays to adopt new technology,” Visa. http://usa.visa.com/merchants/grow-your-business/payment-technologies/credit-card-chip/liability-shift.jsp
- “Explaining the Implications for Merchants of EMV and the Liability Shift,” Data Privacy Monitor. http://www.dataprivacymonitor.com/data-breaches/explaining-the-implications-for-merchants-of-emv-and-the-liability-shift/
Disclaimer: This memorandum is provided for general information purposes only and is not a substitute for legal advice particular to your situation. No recipients of this memo should act or refrain from acting solely on the basis of this memorandum without seeking professional legal counsel. Simms Showers LLP expressly disclaims all liability relating to actions taken or not taken based solely on the content of this memorandum. Please contact Robert Showers at firstname.lastname@example.org or Jonathan Horton at email@example.com for legal advice that will meet your specific needs.