We’ve written before about the upcoming October 1 liability shift that will affect all small businesses that accept credit and debit cards. In case this is the first you’ve heard of it, here’s a summary of what’s about to happen:
- Liability rules for data breaches will change on October 1.
- Starting then, liability (i.e., responsibility for paying for damages) for card-present fraud will fall on whichever party is not compliant with EMV, the new standard for credit card security.
- Small businesses that don’t upgrade their payment processing systems to EMV-capable readers could face tremendous liability if they’re breached (the average cost of a small business data breach in 2014 was $20,752).
To summarize: if you accept credit cards, you need to be able to process EMV (aka “chip”) cards by October 1 or risk exposing your business to serious financial losses.
That may sound intimidating, but we spoke with a couple of small businesses that have already made the transition. Read on for three things to consider as you make the transition in your business.
1. Check Your Current Equipment – It May be EMV-Enabled!
Malin & Goetz, a family-owned apothecary that caters to people with sensitive skin, opened its doors in 2004. It was using Highline Software as its point-of-sale system vendor and found out from that company about the liability shift. “[Highline] already had an EMV solution in place… and our equipment [a Verifone e315 and e335] was already EMV-ready,” said Andrew Goetz, cofounder of Malin & Goetz. “Switching was simply a matter of downloading a new version of the app.”
If you’re lucky enough to be using a software provider that makes your life easy, feel free to celebrate a little – but not before you actually download the latest updates. Remember: if you’re not able to process EMV payments by October 1, your business could be liable for a data breach that occurs because of an in-store card payment.
2. Think about the Future of Payments
When we spoke to Sheila Ferraiuolo, owner of Dream Star Dance, a dance equipment store based in Shrewsbury, Massachusetts, and she said that her decision to upgrade to an EMV-compliant reader was part of a larger upgrade project. She had been running on QuickBooks Retail, but wanted something that ran on the cloud and allowed for mobile transactions. Seeing the way payment preferences were trending, she decided she also wanted a solution that allowed for ApplePay, mobile, and cloud payments.
“I spent about six months researching solutions and speaking to different vendors,” she said. “Highline was the only company that had cloud, mobile, EMV, and ApplePay.”
(Please note: We’re not endorsing Highline or Verifone here, but both of these businesses have had success using them.)
3. Be Ready to Train Your Customers
While it will be necessary to train your employees in using the new readers, it’s equally important to make sure your customers are up to speed. Ferraiuolo told us that customer transactions with the EMV system were pretty frictionless, and Goetz echoed that sentiment, noting that it typically only took a single transaction for both customers and associates to be comfortable with the new technology.
One thing to watch out for: EMV transactions may take a second or two longer than those processed with magnetic stripe cards. While this won’t be a problem in the majority of transaction situations, it could create a backlog for businesses that experience extreme rush periods. Communicating the change with customers and offering a cash-only line could help ease congestion.
More Information about the EMV Card Liability Shift
Want a more thorough breakdown of the liability shift? Check out our illustrated guide “The Small Business Guide to the Credit Card Data Breach Liability Shift” and our blog post “The Small Business Guide to the EMV / Chip Card Liability Shift,” which explains your responsibilities and potential exposures in more detail.