Understanding the coming “Liability Shift” for accepting credit cards

February 9, 2015 | FasCard

What is the liability shift that begins in October, 2015?

The major card brands, Visa, MasterCard, Discover, and American Express, have announced that liability for counterfeit transactions will shift to the party that has not implemented EMV capabilities. Additionally, MasterCard, Discover, and American Express have announced a shift as it relates to lost and stolen chip cards. Liability falls to the party that supports the less secure form of cardholder verification. PIN is the highest form of cardholder verification.

Recently, Visa has announced a shift of lost/stolen liability to the issuer for chip card transactions completed at unattended chip capable terminals that support no cardholder verification. Apparently this is to encourage merchants that deploy unattended chip terminals to support no verification for Visa in addition to PIN for the other brands.

 

How will the liability shift impact laundry merchants?

In practical terms laundry merchants rarely contest a charge back today. The cost of contesting a $15, or $20, charge back is much greater than the cost of the charge back. AND, charge backs today account for less than one-tenth of one percent (.1%) of laundry credit card charges.

Because our industry sees a low number of charge backs and very little benefit in disputing charge backs, the liability shift occurring in October of 2015 will have little if any impact on the small ticket laundry market.

What impact does EMV have on your PCI compliance status?

PCI compliance is a separate issue from EMV acceptance. PCI compliance must be maintained for all systems accepting credit/debit cards whether or not they are accepting EMV capable transactions.  The rules that govern cardholder data, network protection, application security and other factors will also apply to EMV transactions. A merchant is responsible for maintaining and complying with the PCI standards irrespective of EMV acceptance.

 

If  CCI products aren’t EMV and my systems are hacked, am I liable?

Our laundry systems are designed to move responsibility for accepting, transmitting, authorizing, and settling card holder data away from our laundry operator customers and onto our shoulders. We follow PCI  guidelines in our data centers and employ the latest in encryption techniques. Our systems never store any cardholder data.

Fortunately, for the laundry provider, CCI’s laundry systems are designed to nearly eliminate the possibility of a ‘hack’. We do this by encrypting magnetic stripe data and employing prepaid cards/accounts that shield the customer’s card information from hackers. By encrypting the customer’s card information, we are removing the ability for a hacker to access clear text data that could be monetized. Additionally, our laundry systems encrypt the transaction before leaving the laundry controller before the transaction is sent for authorization. The result is two factor security that makes it very difficult, if not impossible, to compromise.

The combination of the security techniques we use along with the fact that Laundromats not being a profitable target for would be hackers, the chances of a ‘hack’ are immeasurably small.