Tips for preventing a data breach in your business – Prepare for EMV® acceptance
Recent credit and debit card breaches at major US retailers have put card payment security top of mind for consumers and business owners. Currently, US businesses rely on outdated technology – the magnetic strip on the back of credit and debit cards – to authenticate payments. Unfortunately, a number of fraudsters have found ways to breach this technology and access card data. But soon, EMV (EuroPay, MasterCard® and Visa®) technology will bring about safer payment transactions, which the Aite Group estimates will cut fraud losses in half.¹
By April 2015, the US is set to fully migrate away from magnetic strip-only payment cards to a hybrid version that will also include the new and more secure EMV “chip” technology.
The key difference between EMV chip and magnetic strip cards is the security connected to each transaction. When a customer makes a purchase, the chip instantly generates an encrypted number enabling the issuer to confirm the authenticity of the card. This additional verification feature makes it extremely difficult to duplicate the card and reduces the risk of fraud at the point-of-sale, preventing thieves from stealing card information.
By utilizing the most secure technology available and following security best practices, you will be able to help protect your customers and your business.
For now, consider taking these steps:
- Ensure your equipment is EMV “future-ready”. Older payment terminals will not be able to accept EMV cards. If you have an older terminal, you may want to consider upgrading to an EMV compatible terminal. Why should you consider switching? Because today, counterfeit card fraud costs are covered by the card issuer. However, starting in October 2015, some fraud liability will shift from the card issuer to business owners if fraudulent transactions are processed on non-EMV compatible terminals. Petroleum businesses, specifically payments at the fuel pump, are the exception as some liability shifts October 2017. This means that if a data breach happens on a transaction accepted through a non-EMV-compatible terminal, the business may be held accountable for some of the costs associated.
The good news is, for customers who use our proprietary EMV “future-ready” terminal, the VeriFone VX520, we will initiate a software push in advance of the October 2015 deadline that will enable this terminal to accept EMV cards. As we get closer to this date, we’ll be sharing more information with you. If you utilize a different integrated terminal, it may require you to work with your Value Added Reseller or dealer of point-of-sale (POS) equipment at some point before the 2015 liability shift to update your systems with an EMV-compatible terminal.
- Confirm your PCI compliance each year. PCI Data Security Standards (DSS) require businesses to validate their compliance on an annual basis. As our customer, you can take advantage of our PCI tools available through the PCI Portal. These tools will help you identify the steps necessary to become PCI compliant.
- Train your employees on security best practices. Informed and alert employees can be your first line of defense. Make sure everyone understands your security policy and what’s expected of them to protect data at the point-of-sale and beyond.
- Add end-to-end encryption to your payment processing services. When attached to your POS terminal, this added level of security encrypts the sensitive card information as it is entered (whether swiped, keyed or waved contactless) through the point of transaction completion. This reinforces your transaction security even more and helps to further protect your business.
Talk with us about EMV today!
As deadlines for EMV acceptance approach, we’ll continue to keep you updated on the US timeline for transition.
If you are considering how to prepare your business to accept EMV cards sooner rather than later, contact your Worldpay Account Executive or call us at 800.859.5965, Option 2. We can help get you on the path to more secure payment processing.