New Credit Card Fraud Rules and How it Affects You
In October, new rules will shift the financial liability for fraudulent credit card transactions from the banks to the merchants unless merchants use the new EMV chip card readers for "card present" transactions. We wanted to shed some light on how this affects our clients.
The new standard is called EMV which stands for Europay, Mastercard, Visa--the three companies that originally led the integration of chips in most of today's credit cards (shown in the card to the right).
So, how do these new cards help protect against fraud?
Until the advent of the new chips, credit cards had only one way to be processed for "card present" transactions which involves swiping a card in a credit card reader or terminal. These terminals read the information contained in the magnetic strip affixed to the back of a credit card, and that information is sent to the payment gateway for verification. The very simplicity of this unencrypted, static data carries a significant drawback: credit cards are easily duplicated by reading the magnetic strips and manufacturing fraudulent cards.
EMV cards integrate a chip that adds a layer of security by adding dynamic data that make the chips nearly impossible to reproduce. When one of the new cards is "dipped" or inserted into one of the new terminals, a one-time-use key is written to the chip. Unlike a card swipe, with EMV cards, the card stays inserted throughout the transaction. At the close of the transaction, the chip is rewritten with a special key. Without this information contained in the chip, the card is useless for future transactions in the new terminals.
EMV for eCommerce?
ThunderTix offers magnetic strip readers to facilitate sales at the box office. However, these readers only act as a "keyboard wedge". In other words, they perform the same task as an individual manually typing in credit card information. The unencrypted magnetic strip is read by the reader, and the ThunderTix software parses and sends this data out for processing as if you had typed the string in manually. Venues assess the legitimacy of cards by, for example, asking customers for photo ID verification.
For those venues using independent terminals outside of ThunderTix to process credit card sales, the new terminals can easily be substituted with the new EMV readers. However, when performing transactions using readers, there is not currently an EMV terminal that works with e-commerce platforms.
U.S. retailers and banks are the victims of the lion's share of world wide credit card fraud -- standing at over 8 billion dollars annually -- due in part to the reluctance of those parties to embrace the new technology. Most industrial nations have been employing EMV technology for years and experienced significant reductions in retail fraud. However, the lack of EMV readers for Internet sales has brought an attendant rise in fraud for those transactions, and new methods for detecting fraudulent cards are needed for e-commerce.
How does all of this affect ThunderTix users?
At this time, and according to Authorize.net -- the leading U.S. gateway, there is no technology available for e-commerce and telephone or mail order sales. Fortunately, ticket sales do not fall into the same high risk fraud category like consumer electronics and other high cost retail goods. Still, we encourage all our venues to attempt to verify the validity of cards when performing face-to-face transactions until we have the same benefits of EMV technology in Internet sales.