Amex Changes EMV Chargeback Policy

The transition to chip cards, or EMV (Europay, MasterCard and Visa chip technology) hasn’t been an easy one for merchants to adopt. In order to ensure that they are compliant with new rules, merchants have had to upgrade credit card processing systems in order to accept the new chip cards. Failure to do so leaves the merchant responsible for fraudulent charges, since old systems leave gaps in security features.

As you can imagine, this can quickly add up to a frightening liability, all due to neglecting to upgrade their credit card processing system.

American Express Relieving the Stress of EMV Chargebacks

The EMV chargeback liability that could extend from merchants being responsible for fraudulent charges is huge, and American Express seems to understand that it might be a little too burdensome and punitive for merchants who are struggling to update expensive credit card processing machines. That’s why, by September 2016, American Express will no longer be charging back for fraudulent transactions under $25.

Sensing that maybe this isn’t enough, American Express is going to go even further beginning by the end of the year. In late 2016, they will place important caps on the total number of chargebacks a merchant faces, placing the cap at 10 transactions per card. This means that after the first 10 chargebacks for fraudulent activity, the credit card issuer will become responsible rather than the merchant.

All good things must come to an end, and that includes American Express’s enlightened chargeback policy. They’re giving merchants only until April 2018 to enjoy these lightened liabilities. After that, if a merchant hasn’t upgraded his or her credit card processor to a chip-enabled system, they will once again become fully responsible for fraudulent charges. That is hopefully enough motivation for merchants who haven’t made the switch yet.

Err on the Side of Caution: Nonprofits and Virtual Credit Cards

A jarring amount of 17.6 million people (7% of Americans) had at least one incident of identity theft in 2014, according to the Bureau of Justice Statistics. Unfortunately some of that identity theft can come from third parties, including criminals accessing business accounts to get information about consumers. Nonprofits, small businesses and large corporate companies can all be at risk without a proper protection plan.

In the case of nonprofits, fundraising for charities may also be affected without a secure nonprofit processing system. One questionable online merchant can lead to access of a nonprofit’s bank or credit union account information, credit or debit card numbers, Social Security numbers (linked to employees of the nonprofit services). In a tech world where “password” continues to be a common password for both individuals and companies, a lucky guess can expose an entire company’s important documents.

Virtual credit cards are one continuously effective way to protect company financial information. Some of the biggest perks of virtual credit cards include:

• Flexibility to not release vital credit card information from lesser known companies
• Ability to set a maximum spending amount
• Specifying an expiration date for the virtual card
• Shopping safely online with what looks like a regular merchant card number
• Potential cash rebates

The owner(s) and accountant(s) of any company may already be aware of the amount of record-keeping involved in making sure that all involved parties receive their paychecks, reimbursements, supplies and any other applicable expenses. However, nonprofit processing has the added requirement of being able to explain all purchases and payments made for a humanitarian or environmental cause. Unlike for-profit companies, which benefit the founder and however many employees work for the organization, funds for charities ideologically make a full circle into supplies for education, first aid, food, shelter, water and other things associated with the organization’s focus.

So even one questionable purchase, or suspicious merchant, can hurt the reputation of a nonprofit. This is the exact reason why nonprofit processing should incorporate virtual credit cards into its billing options for charities. While some companies have already tried to make online purchases easier by using trusted sites like PayPal, a company may still be at risk of password break-ins.

An email site that isn’t secure, unattended mailboxes (where bank statements may be found), dumpster diving, malware and fake clone sites (spoof) could put a nonprofit at risk of releasing private financial account information. By using a virtual credit card, if an identity theft occurs, it gives the hacker less information to work with.

Visa’s Take on EMV Liability & Chargebacks

Credit card processors and merchants in the U.S. are starting to experience the true implications of the enormous switch to the EMV system, which stands for Europay, MasterCard and Visa.

In the wake of several terrible data breaches by hackers who went after major retailers such as Target and Home Depot, the payments industry has made it clear that merchants in the U.S. need to implement the EMV chip card system, which has proven to be much more secure than the status quo of magnetic band swipes.

There is no question that the new EMV system needs to be adopted as soon as possible. This was actually foretold by the major credit card companies as early as August of 2011. All the industry stakeholders, from credit card companies to merchants and from issuers to regulators, knew that completion of the switch wouldn’t happen overnight due to the size of the American retail landscape.

In an attempt to speed up and reinforce the transition, a deadline for liability shift was set for October 2015. This meant that merchants who for whatever reason had not fully adopted the new system yet could now be the ones liable for chargebacks caused by fraudulent use of credit cards.

Many merchants in the U.S. have complained that they are absorbing major hits because of the liability shift. Specifically, they are being affected when they swipe a magnetic strip card that was fraudulently copied from a different card. If the swipe is done at a traditional terminal that is not EMV chip card supported, then the burden of liability falls onto the merchant.

As to be expected, many merchants are fighting against the EMV chargebacks, particularly when they have already made the effort of becoming compliant by obtaining new POS terminals, which are not being used only because they have not been certified yet.

For smaller merchants who operate with only a few Point-of-sale terminals, the EMV switch has mostly been a smooth process because they don’t face the same problems as big retailers when it comes to certification. Multiple point-of-sale terminals connected to a local network that works with custom coding take longer to certify, therefore it is not too surprising to learn that retail chains are the ones being affected the most by the new chargeback structure.

According to Visa, the continuing chargeback issue is not as tricky as it seems. Visa has pledged to work with merchants and issuers with regard to the certification process. They believe that credit card fraud will be greatly reduced within the next few years.

Costco Switches from American Express to Visa

Millions of Costco members are finally ready to get rid of their American Express credit cards (aka Amex cards) to shop at Costco, the giant Seattle based Wholesale warehouse. Costco has about 81 million members worldwide, and the company has recently started accepting Visa cards instead of Amex cards. The move is a major advantage for customers who use any Visa-branded credit cards. Costco members are free to use their own Visa cards or use the newly issued Visa branded Costco store card, which will replace its existing TrueEarnings Amex branded store card.

Costco allows other forms of payments such as cash, ATM Cards and Electronic Benefits Transfer Cards. The move is expected to create competition among card issuing banks such as JP Morgan Chase, Bank of America, Citi and many others. Most of these issuers of Visa-branded cards have already started offering cash back on purchases at Costco and other warehouse stores. Consumers have the freedom to choose the best Visa-branded card that will work at Costco as well as other places such as gas stations, grocery stores and online stores.

The Costco Anywhere card issued by Citi offers 2% cash back on all purchases at Costco stores. The card also offers 1 to 4% cash back at other places such as gas stations and restaurants. The cash back amount is redeemable only at Costco stores. The issuance of the new Costco Anywhere card will not affect the customer’s credit scores, as Citi will not check customers’ credit reports. Another option is to use a Chase Freedom card, which offers 5% cash back at Costco, Sam’s and BJ’s through the end of this year.

American Express is expected to lose significant market share from the termination of its partnership with Costco. Most Costco members signed up for an Amex card to make purchases at Costco. These customers are likely to abandon their Amex cards, with the switch to the new cards now in place. Customers are free to use the Amex card at other stores where American Express cards are accepted. Amex charges applicable interest rates on any unpaid balances.

The business of credit card processing is highly competitive. The fortunes of credit card companies such as Amex are tied to the brand loyalty garnered from their partnership with companies such as Costco. Smaller credit card companies are badly affected if they lose a major partnership, such as Amex did with Costco. Visa is expected to get a significant boost from the changes made by Costco. The impact to other card issuers is unknown at this time. The merchant services segment is facing tough competition, and deals such as Costco’s certainly throws a monkey wrench into the entire business model.

Clearly, customers benefit more than anyone else in Costco’s decision to replace Amex. Customers can immediately benefit from a new Costco membership if they already own a Visa card.

Visa and MasterCard Sued by Home Depot over Chip Card Security

Around the world, 80 countries have added EMV chips to their credit cards. These chip cards are more secure than credit cards with only a magnetic strip and have helped to reduce credit card fraud in many places. As a result, these cards are now being introduced in the United States. Many retailers, however, are alleging that Visa and MasterCard are not utilizing the chip to its fullest potential. Home Depot has joined other retailers, like Wal-Mart, by filing a lawsuit against the credit card issuers. Mark Horwedel, CEO of the trader group The Merchant Advisory Group expects more lawsuits to follow.

The lawsuit contends that Visa and MasterCard are not doing enough to prevent credit card fraud, yet are forcing retailers to carry more of the cost and liability for fraudulent credit card transactions. Though the chip cards used around the globe may look the same, they aren’t processed the same way. In most of the countries that have adopted EMV technology, a PIN number is required to complete a credit card transaction. In the United States, however, Visa and MasterCard are requiring only a signature. This makes transactions less secure than they could be. Since retailers are now responsible for fraud, Home Depot alleges that card issuers are not doing enough to protect them from it.

Failure to require a PIN also creates problems for online customers, where credit card processing is done without a signature or other verification steps. For these transactions, chip card security doesn’t help at all unless it is coupled with a PIN.

Home Depot also claims that it costs them more to process non-PIN transactions, forcing them to pay $750 million dollars a year in credit card processing fees. According to the retailer, Visa and MasterCard are intentionally blocking the store’s ability to protect itself from fees and fraud on purpose to drive their own profits. They claim chip card security that requires a PIN would better protect consumer and reduce credit card processing costs.

The Home Depot has reason to be concerned, as the company was the victim of a data breach in 2014 that affected 56 million credit and debit card numbers. The retailer immediately implemented credit card processing that incorporated the chip technology, but would like to do more to protect itself and its customers. The company fully supports chip card security and EMV technologies, but wants American consumers to enjoy the same meaningful fraud protection that Europeans have been enjoying for more than a decade.

Hackers Rush to Cash In Before Chip Cards Take Over

While plans are being initiated that will reduce credit card fraud, it appears the problem is going to get worse before it gets better. Credit card issuers are rushing to send new EMV enabled cards to their customers. These cards, also known as chip cards, contain technology that makes credit card theft much more difficult. Knowing this, hackers and fraudsters are in a rush to steal as much credit card information as they can before their job gets harder.

According to CNBC, as much as $10 billion dollars in fraudulent credit card charges are anticipated between 2016 and 2020 as retailers and card issuers finish adopting EMV cards and technology. As of May 2016, only 20% of credit cards and 10% of debit cards were chip enabled, leaving lots of people still at risk for a security breach. The bad guys know this and are scrambling to take advantage of security weaknesses in cards with magnetic strips.

On the other side of the table, retailers and banks are rushing to get chip cards into the hands of consumers. PYMNTS.com reports that, on average, 23,000 merchants per week are installing chip technology in their businesses. Overall, the number of retailers using the chips to read cards has increased by 12.5% since the technology’s introduction. Progress is clearly being made, but not fast enough to protect everyone.

Once all of the credit cards have chips and the bad guys have used up their stolen cards, card not present fraud is expected to decrease. However, a different kind of fraud is expected to take its place. With credit card numbers being harder to steal remotely, experts anticipate that more people will fraudulently apply for credit card accounts. Using a temporary address, these fraudsters will get credit cards mailed to them using an address they will later abandon. With the card in hand, they will still be able to make fraudulent purchases.

Though the criminals aren’t going anywhere, neither are those who fight them. New technologies are being considered and developed even as EMV chips are being instituted. In the meantime, the best way to protect yourself is to watch your accounts carefully and use caution when using your card online.

Data Breaches Remain a Risk for Merchants and Banks

It’s the call that no one working in merchant services wants to get: There has been a data breach and the security of thousands of customers’ credit cards is on the line. While credit card processing makes shopping easier, especially online shopping, it isn’t without its risks. And make no mistake about it; a data breach isn’t just inconvenient and scary for the customer. Home-improvement giant, Home Depot, has found itself at the wrong end of a class-action lawsuit: Customers and the legal system take security in cyberspace very seriously.

Exposing Vulnerabilities

In the case of Home Depot, 56 million debit and credit cards were exposed to a cyber-threat as a result of an attack on the big-box store’s POS (point-of-sale) system. The suit alleges that Home Depot didn’t address known vulnerabilities in its credit card processing system, despite numerous warnings.

How things play out with Home Depot could have far-reaching consequences and not just in the home improvement industry. James Lewis, a cybersecurity expert in Washington, says that hacking poses a major threat to the stability of the financial system.

Cybercriminals target banks for obvious reasons. For them, it’s easy money. A lot of money. In recent history, the Bangladeshi Central Bank lost $81 million – yes, million – to a cybercrime attack. And it isn’t just merchant services and credit card processing that these cybercriminals want to know about. It’s a greater security risk than most people realize. CNN calls these attacks “espionage.”

A Different Kind of Fight

Some of the attacks are labeled as fraud, while others introduce malicious code to a system. It is the latter practice that has more than just the merchant services department at banks and restaurant owners worried about data breaches.

These days, cybercrime is the stuff of government warfare, as the book “Hacked World Order” points out. The book postulates that the threat of Iran’s nuclear program was thwarted not so much by negotiations and threats of physical attacks as it was by the lowly computer virus wreaking havoc in the hardware. Malware and viruses, it seems, may just replace the bomber in the Age of the Internet.

Unfortunately, no one solution lasts for very long in this arena. In this case, both restaurateurs and world governments can be shut down by intelligent hackers with computer access and time to kill. The best defense is responding to threats with greater speed and closing the proverbial open door on the data breach before it’s discovered.

5 Signs Its Time To Upgrade [2023 Update]

If you’re still using computers and other hardware from a decade ago, it’s probably time for an upgrade. The technology of today is significantly more powerful and efficient than what was available 10 years ago, so upgrading your equipment can help make sure you keep up with the times.

Signs Its Time To Upgrade

Here are 5 signs that it might be time for you to upgrade:

Your technology is outdated

Although upgrading your payment hardware every time a fancy new solution arises isn’t necessary, your technology has an expiration date. Since updating to the new iPhone or Android seems like an annual occurrence for most consumers, your business’ technology has the shelf life to be in use a little longer than most consumer goods. However, it’s important to keep an eye on your machines functionality and efficiency. There is a point and time when your software or hardware will go stale.

Major companies standardize on it

As mentioned above, there is a technological tipping point. When Google and Apple decided to create a standard for NFC payments, that’s exactly what it became, a standard. Of course, in the wake of the iPhone 6 the business world quickly got in line for point-of-sale systems and terminals accepting Apple Pay.

What this means: If a technology is adopted by major players in an industry, there’s a good chance it won’t be going anywhere anytime soon. In the case that a technological shift can help you deliver a better experience for your paying customers, you can go ahead and upgrade without worrying about a replacement coming in the next week.

It’s popular among your competitors

Sometimes, when you see a few stores jumping early out of the gate, it’s not enough reason for your small business to risk spending money on a simple fad. As a small business it’s important to keep an eye out for technologies with lasting power and multiple uses.

If technology is being adored by your competitors and they’re seeing success from it, at least consider the investment.

Data inclusive loyalty programs and rewards are a good example of technology that’s being adopted by businesses no matter the size. In today’s market, loyalty programs have been easy to implement and reasonably priced for years with noticeable impact on businesses that execute them well. These programs provide information about your customers that’s value could be long lasting.

It’ll boost your income

While its easy to focus on the cost of new technology, your business should also be focusing on the return value of that investment.

For example, Deloitte an economy research firm expects the usage of mobile payments to increase 100X by the end of 2015. If you aren’t accepting mobile payments you are simply behind, while giving consumers the incentive to shop elsewhere.

What this means: In the world of expanding technology and payment systems, your consumers will expect you to be compliant. It’s usually a good idea to spend more where it counts, and if you can get a head start now and show your customers you’re prepared for the future, you will truly be in the lead.

It will make your business more secure

While upgrades may feel like a never ending hassle, it’s important to carefully express important qualities you would like to be associated with your business, such as trust. While mobile payments might seem like a luxury from a tight business model perspective, they can make a large difference in the level of security offered to your customers.

With NFC technology the customer is asked for a fingerprint scan or password before any funds are exchanged. There is then a securely authorized chip that communicates with the device to finalize the purchase. With this method, information is secured, while credit card numbers aren’t a factor.

Security breaches are on the rise and shoppers are wary of the threats to their personal security. Updating POS systems to more secure technology ensures your customers view security as a top priority in your business.

In business technology, there will be fleeting trends, false advertisement, and simply pointless technology. These changes must be carefully implemented into your business, but with a little bit of insight, the payoff can be monumental.

Special Interchange Rates For Your Nonprofit

Interchange rates, pricing models, payment gateways, integration software, the list drags on. Establishing a trusting credit card processor for your nonprofit organization can be overwhelming and often times complicated. With fixed rate programs, hidden fees, monthly minimum, cancellation charges, and equipment leases, there are many ways a merchant can fall into a trap of simply overpaying for their service. Unfortunately, some charities aren’t properly informed of the substantial savings received as a 501(c) organization and the discounted interchange rates that apply. That is why it is crucial for your nonprofit to choose a straight-forward provider that meets your charities’ needs.

Finding a credit card processor to handle your financial transactions that you trust can often times be a shot in the dark. While it is not hard to find a credit card processing company these days, finding one that can manage your nonprofit with honesty, integrity and expertise can be difficult.

To understand what Host Merchant Services can provide to you and your nonprofit, it’s important to get a base understanding of interchange rates and how they are determined for your business type. For every credit/debit card there is a pre-set rate that the MSP pays to the issuing bank. This rate is called interchange. Upon completion of a sale or donation the interchange rate is paid to the card issuing bank immediately by the MSP. These rates correlate to the cost that each bank has set for these cards and correlate to each type of industry to reflect the true cost of the risk and processing. These rates are usually based off an average sale of $150 and tweaked almost annually. Sometimes rates can be a full percentage point lower for nonprofits depending on the type of card being accepted which is why it is crucial to pay attention to your statements and your contract. It is our job at Host Merchant Services to always ensure our customers are receiving a fair an honest rate, which is why we find it imperative to make sure your nonprofit is categorized correctly with the bank.

In addition to interchange rates, there are a couple main pricing models available to you through the merchant service provider: tiered pricing and interchange plus pricing. With tiered pricing the underlying interchange rates as well as the card association fees are not revealed. Instead, the Merchant Service Provider will offer the merchant a steady rate. With tiered pricing the merchant pays a specific percent of their sales volume in fees, regardless of the cost of the transaction itself. With tiered pricing, there’s less transparency and more incentive for MSPs to raise fees for their customers without true knowing by the merchant. Interchange plus pricing works by adding a constant margin on the underlying interchange rates. Large volume merchants usually request this pricing model, as it allows for full transparency between the merchant and the MSP. Merchants are able to see the true underlying costs of each sale and ensure the MSP is not charging additional fees. This is why Host Merchant Services exclusively quotes using interchange plus pricing.

Part of your MSP’s job is properly classifying your account with the card associations to ensure that your organization is automatically receiving the lowest possible interchange rates. For a nonprofit to overlook their Merchant Service Provider, could be a step in the direction of overpaying for your service. It is crucial to pick the right provider that is dedicated to providing a full service payment method for nonprofit.

ISVs Tackling Issues, Possible Solutions Surrounding EMV

As we approach the final leg of the race toward the looming EMV deadline, solutions that might sound like an answer to challenges associated with becoming EMV compliant begin to emerge. In this article I hope to address the problems ISVs are facing now that that October is around the corner and touch on a solution that may sound too good to be true.

Problems facing Independent Software Vendors or ISVs are still going unsolved as the October EMV deadlines quickly approach. ISVs pertain to any software developers or independent vendors making their own PoS software. Peter Osberg of Integrated Strategy and Product at EVO Payments International touched on the relationship between ISVs and EMV mandates earlier this week in an interview with Pymnts.com. Osberg spoke about the remaining problems with EMV software integration.

According to Osberg, ISVs are understanding the importance of creating a more secure payment environment nationwide for merchants and their patrons which include fluid point of sale applications. ISVs are quickly picking up on the often clouded requirements that the EMV system of processing requires while finding that most processors don’t even have the platform to achieve these goals.

Once these goals are achieved, there could be some added benefits for software companies. Software integration companies such as EVO Payments International are finding hidden benefits of EMV for merchants besides avoiding a liability shift in October. The ability to standardize integration and payment capabilities on a global basis, will be extremely valuable for their company when put on a global scale. Because of a strong established base of EMV use in Europe for many years, America is provided with a respectable model of the technology necessary to succeed from a PoS perspective. A key benefit often overlooked by merchants is the establishment of a global standard for payment processing. With a consistent standard in place it will be possible for domestic ISVs to support integrated strategy worldwide. Osberg calls it “a one-solution-fits-all for our markets.”

However, even with a European model in place, industries such as the Restaurant industry will undergo such a large change in their workflow that education and support to ISVs and the merchants using their programs will be highly necessary. It’s been found that merchants large and small that are running the EMV system struggle to maintain efficiency and knowledge of the use of the readers. This, in turn causes delays in the checkout process creating a negative outlook towards EMV. It’s going to take a big change in attitude from the merchant, customer, and software companies to get integration on track.

It’s not just the merchants that aren’t ready. Processors and Acquirers (banks) have admitted that they aren’t ready for a nationwide switch. The issue doesn’t necessarily rely in with the processors or software itself, but the 3 levels of certification necessary to achieve a complete system of processing. This processing is going to take some time and money from all sides however, level 3 certification is slowly becoming easier with the help of a more streamlined approach to product strategy and a more cohesive relation between third party partners and ISVs.

It’s not just the EMV chip technology itself that will offer a heightened level of security. Merchants will hopefully be equipped with a multilayered security solution that is designed to keep the cardholder data secure. Encryption and tokenization will be equally as crucial to a completely new way of credit card security.

With EMVs ability to essentially standardize global payment processing while creating a monumental market for EMV compliant payment systems, EMV is causing a fire storm in the credit card payment industry. ISVs will clearly be working feverishly up until October to produce the technology capable of excepting the complex change in the merchant, bank, and software environment.