Criminals benefit from outdated credit card terminals, you pay the price
Mastercard reported earlier this month that banks, consumers and merchants are all experiencing a positive impact and drop in fraud from the use of EMV chip-enabled cards which were mandated last year. But unless you are one of the 2 million merchants nationwide that have fully made the EMV switch, low level fraud exposure is a very real risk, leaving your business vulnerable to costly chargebacks.
Businesses have been plagued for years by counterfeit, stolen and cloned credit card activity, but it’s much more apparent now that liability for these fraudulent charges shifted to the party using the least secure technology — basically any business that hasn’t transitioned to EMV chip-accepting equipment. Although in-person credit card fraud has declined by more than half due to EMV chip-reading technology, there has been a whopping 77 percent increase in counterfeit fraud costs year over year for larger U.S. merchants that have not yet adopted EMV.
Scheming the System
Maybe you’ve never experienced a chargeback due to fraud, but times are changing and so are criminal tactics.
Scheme #1 – Spotting swipers
With more than 90 percent of Americans using EMV chip cards, counterfeit magstripe cards are likely holding EMV data, even though you’d never know by looking. When criminals purchase credit card numbers online, the data — regardless of whether it is magstripe only or EMV technology — is loaded on a standard magstripe counterfeit card.
If the card is used at an EMV-enabled terminal, the system will prompt the fraudster to “dip” the card instead of swiping, which is more secure and with the right encryption enabled, would likely cause the card to be declined. Fraudsters know that if you haven’t upgraded your system you’ll never be able to tell the transaction is fraudulent when they swipe, so they intentionally seek out non-EMV enabled businesses, racking up charges that will eventually be charged back to your business.
Scheme #2 – Fraudsters faking fraud
Some fraudsters have been scamming your business for years without you knowing about it, because until last year the issuing bank was taking the loss. But now, your business will be held liable if you haven’t upgraded to EMV. All the scammer has to do is call the credit card company after their card is swiped at an old terminal and claim the charges on their chip-enabled card weren’t accurate, leaving you to empty your pockets. A few little charges like that here and there may not sound like a lot, but could eventually eat through your profits.
Scheme #3 – Tricking the terminal
More advanced credit card thieves can rewrite the magstripe, tricking even new EMV chip-reading machines to think the card is chipless when swiped. Even though the machine may be fooled, using a full processing security solution such as Heartland Secure™ would cause the payment process to be declined because the system would recognize the card had been altered. So if you’ve purchased the EMV card-reading equipment, but are not encrypting transactions as part of your upgrade, your business may still be at risk.
Arming Your Business
College and university towns, large cities and major metropolitan areas are the most vulnerable to fraudulent credit card use, but credit card fraud can happen to businesses anywhere. The best defense against credit card fraud is to install EMV chip reader terminals as soon as possible and enable the full technology — including encryption and tokenization like Heartland Secure provides.
Heartland Secure uses end-to-end encryption and tokenization to protect your customer’s card data as soon as the credit or debit card is used, making all data completely useless to hackers.
If upgrading to EMV simply isn’t an option for your business, here are a few additional tips you can use to protect yourself from fraudsters.
- Verify the last four digits of the card number match the last four digits on the printed receipt
- Compare the signatures on the card and receipt
- Check cards for legitimate features like holograms, logos, CVV/CID/CVV2 and AVS verification, etc.
- Never rerun a card if it declines — for any reason