Credit card fraud has been an issue for a long time. EMV chip technology is designed to minimize card-present counterfeit fraud. EMV chips create a cryptogram with every transaction, a temporary dynamic transaction code. If card data is stolen via data breach (see Target 2013, or Home Depot 2014) the information cannot be used to create counterfeit cards because the cryptogram expires.
So why are more secure transactions such a heated issue for retailers? The EMV mandate shifted the liability onto the merchant, which is costing retailers tons of money in charge-backs.
Many businesses have the equipment necessary for EMV transactions, but becoming compliant with EMV standards is proving more difficult than expected. Acquirers, processors and POS providers are inundated with stores needing the certifications to turn EMV on. Testing requirements have been streamlined from 35 scripts to only 14, however there are still countless vulnerable retailers out there waiting for their equipment to be certified.
Since retailers are now burdened with the liability of fraudulent charges, individuals committing fraud are relentlessly targeting merchants that are not EMV compliant. One area where retailers are getting hit the hardest is gift cards. Being that gift cards are a form of currency non-EMV stores are a fraudsters ATM. The good news is there are best practices merchants can employ to protect their business while they wait on certification, starting with educating staff members on the issue and prevention behaviors.
- Reference the last four digits on the card to the printed receipt. The encoding on the magstripe your system reads should match the numbers printed on the card.
- Check ID.
- Establish purchase thresholds.
- Know what is normal for your business. Unusually large purchases or someone frequently purchasing large amounts of gift cards should be flagged, assessed by management and denied if the individual is unknown or suspicious.
- Disallow gift card transactions at self-service kiosks.
- Continue to push your acquirer, processor or POS provider on conducting the required testing. Since requirements have been cut down by more than half, testing can take less than an hour in some cases.
Protecting a business from criminal activity is an on-going practice. Criminals will always come up with new ways to take advantage and cheat the system. The best thing business owners and managers can do is stay aware and up to date on the latest scams.