Truth & Myths: How Business Owners Will Really Be Impacted by the New EMV Smart Cards

Author: Stephanie Taylor Christensen | October 5, 2015

Wondering what role the new EMV smart cards will play in your business—or whether they will at all? Here’s the straight talk to questions you have about the new chip enabled cards, and how they’ll impact your business.

Why are EMV smart cards suddenly all over the news? If you own a credit or debit card for personal or business use, you probably received a replacement card with a square chip on the front (in addition to the magnetic strip on the back) from your card issuer over the spring or summer months. If you didn’t activate the card soon after you received it, your creditor probably emailed or sent a follow-up letter encouraging you to begin using it.

Why were card issuers so eager for you to add the new chip-enabled card to your wallet? Because they were up against a looming deadline: October 1st, to be exact. On that day, payment industry rules changed to include EMV smart card technology. Under the new system, financial institutions and card issuers who complied with the mandate to equip all active credit and debit cards with the EMV chip—which is thought to provide greater security during transaction processing than the magnetic strip alternative–no longer have to bear the burden if a data breach does occur.

So who does? The party that offered the lowest level of security during a transaction that involved a customer’s credit or debit card, and is breached. That means any business—including one man shops and B2B sellers–that allow customers to pay with credit or debit cards could be held liable if they don’t have EMV-equipped payment terminals, and a breach occurs.

Isn’t my business too small to be a victim of a data breach? It’s hard to imagine that a cyberthief would pay attention to what’s going on inside your small business when you’re just trying to keep the lights on every month–but it’s for that very reason that small businesses are an easy target. Though First Data reports that businesses in the retail, food and hospitality industries tend to be at the greatest risk of a data breach, no business is too small to be a potential target. In fact, First Data says as many as 90% of small business will be impacted in by a data breach, at some point in their business life cycle. Often, they don’t realize it has happened until a third party (like law enforcement) or a card issuer notices a pattern of fraudulent transactions and requests an investigation. 

I don’t make that many debit or credit card sales. Wouldn’t it be cheaper to take the risk? A Gallup poll conducted among small business owners in early August indicated that only half of the respondents who accepted credit and debit cards knew about the upcoming EMV deadline. Of those who were aware, just 29% said they’d be compliant with the new EMV technology rules by October. Though transitioning to EMV-enabled terminals presents a hassle and costs, they don’t stack up to the risk you bear by sticking with your old equipment and hoping you fly under the radar.

First Data reports that the average small business data breach costs about $36,000, for expenses related to things like audits, investigations, customer notifications, and credit monitoring. But under the new payment rules, a business whose data is breached and is found not to be EMV-equipped could be made to pay for things that financial institutions once covered—including the cost of reissuing consumer’s credit and debit cards, liability for fraudulent charges, and potential lawsuits.

If you can’t justify the cost of a new point of sale EMV terminal, consider cost-effective alternatives that can help you continue to do business while mitigating your risk. For example, many mobile payment providers now offer EMV-equipped terminals that plug into a small business owner’s mobile device, for about $30/unit.

Do I have to make customers use the EMV method? No; the EMV chip cards include a magnetic strip on the back. But, your business and your customer’s financial information will be better protected when they choose the EMV option, which requires inserting the card into the terminal until the transaction is complete, as opposed to swiping a card through the reader.

Ready for more?

Apply for funding and find out if you qualify today