Insureon Blog

The Small Business Guide to the EMV / Chip Card Liability Shift

17. September 2015 06:04

chip card infographic

If you’ve been paying attention to the news (or to this blog), you may already know that, on October 1, the way liability is allocated for card-related data breaches changes. In the infographic below, you can see a visual representation of what this means for your business. The short version is this: if you accept in-person credit card payments, you must have payment terminals that are EMV- (aka chip-card-) enabled by October 1.

The Small Business Guide to the Credit Card Data Breach Liability Shift

Background: Too Many Data Breaches

Whether or not you’ve heard about the liability shift (which we wrote about last month on our blog), you’ve definitely heard about the rash of data breaches that have affected retailers in the last two years. Target, Home Depot, Neiman Marcus – the list goes on. Millions of Americans have had their personal information exposed by data breaches, and card issuers have had to reissue compromised cards.

What you may not have known is that this isn’t the data breach landscape everywhere in the world. While the United States has about 25 percent of credit card transactions, it actually accounts for almost half of all data breaches. Why? Because most US cards use magnetic stripe technology – the black strip on the back of your card that the reader processes when you swipe. This stripe technology…

In Europe, most cards use EMV or "chip" technology, which is much more secure. Because of that, European retailers experience far fewer breaches than those in the U.S. of A.

Why the Liability Shift?

Now that massive data breaches have become the norm, the parties that have seen the biggest losses (including large retailers and banks that issue credit cards) have essentially said, "Enough is enough. We have access to better technology; let’s use it."

And so the powers that be agreed to make EMV chip cards the new standard.

Starting October 1, whichever party (or parties) is not EMV-enabled will have liability for a card-present data breach. That could mean…

What Do Small Businesses Need to Do?

To avoid taking on more liability than is necessary, small-business owners that accept in-store card payments need to upgrade to EMV-enabled payment processing systems by October 1. If you miss the deadline, it’s still important to upgrade ASAP for two reasons:

  1. Data breach liability is a real and present danger. The average small data breach cost more than $20,000 in 2014. That’s a lot of money for most business owners.
  2. In 2018, magnetic stripes will be completely phased out. Banks will no longer issue them, customers will no longer hold them, and businesses that can only process this type of card will have no way to accept credit or debit payments.

One final note: we’ve mentioned in this post that “in-person” or “in-store” card transactions will be affected by the October 1 liability shift. Card-not-present (CNP) transactions (including those made when a customer purchases something from an e-commerce website) will not have the same liability burden. However, it’s important to note that as in-store transactions become more secure, many analysts are expecting an uptick in fraud for less-secure transactions, including CNPs. For more on what that might mean for your e-commerce business, check out Chase Bank’s Chip-Enabled Card Acceptance FAQ.


Data Breach | Infographics | Restaurants | Retail | Risk Management | Small Business | Small Business Risk Management | Small Business Trends | Tips for All Small Businesses

Permalink | Comments (0)
Compare insurance quotes for your business
Save money by comparing insurance quotes from multiple carriers
Can't find your profession?