The Chip Yet Again
Have you started using the appropriate slot for taking payments by chip cards? As I wrote earlier many large companies still have not done so. We have reached the time of the retailer taking more responsibility for fraud and at this point I hasten to add yet again too many still have not done so.
I think in all of the card transactions I’ve used in the last few months, with a chipped card and a chip capable terminal only once have I been instructed to use the chip port instead of the strip swipe port. That is exactly the same situation as six months ago.
The Causal Approach Apparently
As I write this it is less than one month before merchants become liable for greater shares of fraud by cards if they don’t take the simple precaution of using the port. Too many still just have staff use the strip and I am going to go on record and bet that very many retailers will not even begin training staff to use the ports until they actually start getting penalized for allowing fraudulent activities.
The whole problem is that the United States is out of sync with the rest of the world. Credit card issuers have traditionally taken responsibility for covering losses due to credit card fraud. One real weakness of credit cards has been that the information for the account number is not encrypted in the magnetic strip that holds it. Criminals have used this flaw to get card numbers and use then en masse.
Globally the card companies have been innovating to counter fraud by instituting EMV chip cards that have encrypted chips that contain all of the data. Only the sending and receiving parties have access to the codes and it is much safer from interception by malicious third parties.
The Target Breach Was The Wakeup Call
Somehow we got left behind and that left us as the wide-open target when the rest of the world became secure. This has put the pressure on as global crime organizations pursued a shrinking pool of victims. Most notably it led to the infamous Target data breach that finally got the nation’s attention and set change in motion. That has resulted in this frantic switch to EMV chip cards that provide both the magnetic strip and a pin pad for the chip contained within.
Shifting The Burden To You
Large companies that have healthy profit margins and great accounting records will have some annoyed executives that will put out stern memos that demand that all departments train staff and begin complying immediately. Then there will be some sort of explanation on a public financial statement to the effect that there was an unexpected charge for fraudulent card activities and it has been taken care of.
For the small gym business owner it might be much more urgent. If much of your revenue comes from card payments, and I suspect it now does, even a small fraction of that could be a very damaging problem if you have to cover the cost of fraud and charge-back payments right at a time when you can least afford it.
In most cases it will be a nuisance but a large charge-back might be mandated on you months after the event. If your gym has an extreme business cycle it might come in right when your account is empty and the bank is looking over your shoulder.
Dip The Chip Not Swipe The Strip
This is probably beginning to sound repetitive to readers of the Gym Insight Blog but I am sincerely concerned about how this is all going to play out over the next few months and years. This change in liability is coming up rapidly and you need to train all of your staff to use the chip port for chipped cards as a matter of habit.
The difference between dipping the chip and swiping the strip is the same as sending emails with all of the card information securely encrypted or wide open for the entire world to see. In either case, from October 2015 onward you will be liable for more losses than before, it’s just that you choose whether you train your team to be secure or to start saving up for a very expensive rainy day.
Fagan, Lawrance. Credit Card Liability And You. May 22, 2015. https://blog.gyminsight.com/3361-credit-card-liability-and-you/.
Fagan, Lawrence. Target’s Data Breach Impacts the Health Club Industry. May 19, 2014. https://blog.gyminsight.com/2675-targets-data-breach-impacts-the-health-club-industry/ (accessed May 15, 2015).
-. Thoughts On Security Data Breaches And Liability. July 13, 2015. https://blog.gyminsight.com/3391-thoughts-on-security-data-breaches-and-liability/ (accessed September 16, 2015).
Kossman, Sienna. 8 FAQs about EMV credit cards. September 16, 2015. https://www.creditcards.com/credit-card-news/emv-faq-chip-cards-answers-1264.php (accessed September 16, 2015).