From large retailers to insurers, data thieves are proving that no company is immune from online hacking.
“But even before the highest-profile cybercrimes took place, banks and credit card companies were working on improved security tools,” says Hollis Schuler, senior vice president, senior group manager, applications development, Fifth Third Bank.
“This is the year that the enhanced security tools will roll out with the promise of dramatically shoring up a business’s ability to protect customer data,” says Douglas V. Wyatt, executive vice president, senior commercial banker, Fifth Third Bank.
Smart Business spoke with Schuler and Wyatt about new payment security measures and what businesses should know.
What security improvements are expected?
Current technology aimed at protecting data from cybercrime has room for improvement. A system that was supposed to require customers to input secure PINs for each online transaction was never widely adopted by merchants. New technology will involve banks texting their clients a security code that must be typed in before each transaction can be completed.
Internet merchants should expect an adjustment period and the potential for longer online checkout times to accommodate the new system. This will cut down on what’s called ‘card not present’ fraud, which occurs when someone illegally obtains a customer’s credit card number via an online data breach and uses it to make fraudulent purchases online.
How will these changes affect merchants?
The biggest change coming is a shifting of legal liability for credit card fraud from the banks and credit card issuers to the merchants ringing up the transactions. Once new technology aimed at cutting down on fraud is in place, merchants must support it or they will be liable for reversing bad charges on customers’ credit cards.
Starting Oct. 15, 2015, merchants will be liable regardless of whether or not they support the changes. Gas stations with fuel pumps that accept credit and debit cards will get an extra two years to comply before the liability shift occurs.
How are credit cards adapting?
The smarter anti-fraud payment technology, called Europay, MasterCard and Visa (EMV), involves an integrated circuit card, or smart chip, that is embedded in credit cards, merchants’ point-of-sale terminals and bank ATMs. The chips and the terminals communicate during each transaction, making charges far more secure than they are with today’s credit card magnetic-stripe technology. If a cardholder reports a data breach or a stolen card, the card issuer will deactivate the chip and issue a new card.
Another change is a new system called tokenization, which replaces the customer’s credit card number with a unique number, called a token, which is generated for each individual transaction. Customers using Apple Pay, for instance, take pictures of their credit cards and upload them into their mobile wallets. When they use Apple Pay to buy something, they’re using a token that has been generated behind the scenes, making their transactions more secure.
What else should merchants know?
Retailers should anticipate providing some consumer education at checkout. For example, the technology may involve inserting a credit or debit card into a payment terminal rather than swiping it. Also, the more secure transactions will take longer to approve and customers may need to have this explained to them.
Retailers should start working with their merchant terminal vendors now to make sure they are getting EMV-capable point-of-sale systems. They should also get a system that enables newer payment systems, such as Apple Pay and Google Wallet.
When it comes to costs, smaller merchants that typically rent their point-of-sale devices may not experience a significant increase. Larger retailers that purchase updated hardware may see significant expenses. Given that cost, the nation’s biggest retailers are already replacing their machines.
The new technology is not turned on yet, but during the second half of 2015 there will be advertising explaining the new systems as the enhanced security gets up and running.
Fifth Third Bank. Member FDIC.
Insights Banking & Finance is brought to you by Fifth Third Bank