As seen in New Orleans CityBusiness
In October, new types of credit card security standards will have major implications for restaurant owners – shifting the liability of data breaches and fraud from credit card companies to merchants.
It stems from the federal BuySecure Initiative to speed the implementation of EMV technology in the United States. EMV is an acronym that stands for Europay, MasterCard and Visa, the three major credit card companies behind the new security standard.
While the retail industry has been the focus of the controversy about EMV due to the major data breaches and fraud it has experienced in recent years, restaurant owners will take the brunt of the new federal regulations. EMV has already been in use by many countries around the world.
Clayton Mouney, president of New Orleans-based thinkIT Solutions, warned that restaurants and retailers that haven’t implemented EMV, also known as Chip and Pin or Chip and Signature, could be liable for fraudulent chip card transactions. All credit cards will be issued with a small microchip inside.
“The chip in the credit card will make it very hard for a counterfeit card to be created,” Mouney said.
Today, cards without an EMV chip can easily be produced with stolen credit card information, allowing criminals to have a fake credit card with someone else’s data on it. Currently, if a criminal uses a fraudulent credit card, banks will absorb the cost of the charges.
“After October, if a fraudulent card is run and the merchant doesn’t have EMV swipe, the merchant could be responsible for the fraudulent charge and not the bank,” he said.
However, if the merchant had an EMV card read and someone uses a fraudulent card, the liability for the purchase will be on the card issuer as long as the merchant swiped the card with an EMV Swipe.
“With EMV we will still have the current cards in circulation for quite some time,” he said. “So, it will be important to ensure all cards get swiped with the EMV card reader to avoid possible liabilities.”
This is an extra expense that the business now needs to pay for on a monthly basis, as well as to have the protection set up, likely by their technology service provider.
Mouney said the biggest risk and liability for a merchant is still a data breach. He is confident that if a restaurant gets hit by a large data breach, it could easily put them out of business.
“Data breaches happen, and the business doesn’t know it’s happening until it’s too late,” he said.
He said thousands of records can be sent out before anyone is aware of the breach, increasing the liability to the merchant for each record compromised.