Tag Archives: data breaches

large

How the EMV Liability Shift Will Affect Your Business

Being able to accept EMV cards isn’t as simple as flipping a switch on your existing terminals. In most cases you’ll have to physically replace your POS equipment to be able to accept these more secure, chip-enabled cards. And with only half of merchants expecting to be ready by the October 1 deadline, there’s a lot of work still to be done.

What does the Liability Shift Really Mean?

Barcode Error | AbtekCurrently, merchants are at quite a disadvantage when it comes to credit card fraud. In the event of a fraudulent credit card charge, the merchant is first faced with the loss of the merchandise, which in most cases is irreversible. Then, the cardholder’s bank (the card-issuing bank) takes the hit for the lost funds, meaning that they’re responsible for refunding the person who was the victim of fraud. These banks, however, often look to the merchant for reimbursement, claiming that the business didn’t take the proper measures to prevent the fraudulent charge from occurring.

Come October 1, what we know about fraud liability will be flipped upside down. In essence, once the shift hits, the fraud liability will transfer to the party that has not adopted the new EMV chip card technology.

Here’s a detailed look at how the liability shift will affect your business, depending on the situation in which fraud occurs:

Situation 1: A magnetic stripe card is swiped at an outdated terminal

Mag Stripe Credit Card | AbtekThe merchant hasn’t gotten around to updating their terminals, but lucky for you, the fraudulent charge was made with a traditional magnetic stripe card. In this situation, both parties—the merchant and the card-issuing bank—are at fault, meaning that the liability falls initially on the card-issuing bank, just like today.

Situation 2: An EMV chip card is swiped at an outdated terminal

This is when things really go downhill for merchants. If a customer comes into your store with a chip-enabled card, but they don’t have the equipment to process it properly, they’ll be forced to run it as a magnetic stripe card. This puts the cardholder at an unnecessary risk for a breach of their payment data. In this case, the merchant has not invested in the more secure chip technology and the card-issuing bank has, so the liability falls on the merchant.

Situation 3: A magnetic stripe card is swiped at an EMV-enabled terminal

EMV Chip Card | AbtekA recent poll shows that only one in 10 Americans have received new EMV chip cards from their banks. The cost to replace mag stripe credit cards is starting to catch up with the banks and we can expect a number of consumers to still be using magnetic stripe cards, even after the liability shift hits in October. In this case, so long as you have upgraded your equipment, the liability will fall on the card-issuing bank.

Situation 4: An EMV chip card is swiped at an EMV-enabled terminal

In this situation, all parties have put in the effort to upgrade their payment technologies, so it’s unlikely that fraud would even occur in the first place. However, if a fraudulent charge does occur, the liability would fall on the card-issuing bank.

Contact your merchant solutions provider today to find out how  you can get EMV-compliant by October 1.


Abtek is here to help merchants like you make the transition from traditional POS terminals to EMV-enabled equipment. We know that EMV can be confusing, and we’re here to answer all of your questions. Give us a call today at (800) 544-9145 to explore your options, before it’s too late! October 1 will be here before you know it! Follow us on Facebook, Twitter, and LinkedIn. 

Share and Enjoy

  • Facebook
  • Twitter
  • Delicious
  • LinkedIn
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS
ABTK-SM-Blog-emv-hero

How Will the EMV Mandate Affect Your Bottom Line? What Businesses Need to Know

ABTK-small-blog-image-EMV-01Credit card processing will go through major changes this year–but how will the 2015 EMV Compliance Mandate affect your business? The United States is the world’s final market to become EMV compliant. Our adoption and accessibility to the technology will likely transform all industries reliant upon processing payments via credit cards.

What is EMV Compliance, Anyway?

EMV is an acronym meaning “Europay, MasterCard and Visa.” The “big three” of globally standardized circuit payment cards utilize a chip for payments. These chips are used for ATMs, credit card terminals and digital registers. The EMV Compliance Mandate updates these cards’ internal mechanics and any provider using EMV-reading software will need to comply, too.

ABTK-small-blog-image-EMV-02The New Liability Shift

The EMV Compliance Mandate isn’t just a software update. Its attached Liability Shift may affect your business’s transaction policies. USAVisa.com contains the shift’s entire workings, and, as per their description:

“When a transaction occurs using chip technology, any liability for counterfeit fraud, though unlikely, would follow current Visa Operating Regulations.”

In other words, this shift will greatly reduce your business’s fraud liability, assuming your software and hardware is up-to-date. If and when fraud occurs, new standards will neutralize losses while protecting you from liability. Within the financing world, such a shift is incredibly significant: Reduced liability and expenses can be re-balanced and shifted to other business areas.

FABTK-small-blog-image-EMV-03ewer Fraud-Related Chargebacks

Historically, credit transaction authentication and completion has been tied to fraudulent chargebacks. However, EMV’s updated technology will reduce fraud-related chargebacks due to the following mechanics:

  • Increased protection against card skimming
  • Increased protection from magnetic strips
  • Dynamic authentication possibilities

Reduced fraud chargebacks similarly boost a company’s ability to reallocate resources. While merchant services should always be treated with high security, EMV compliance will greatly enhance a business’s processing and transaction flexibility and security.

Fewer Data Breaches

As stated above, credit card processing will become increasingly stable and secure via EMV compliance. Participating U.S. merchants will be required to maintain full software and hardware upgrades, too, increasing their edge against data breaches.

The mandate promotes immediate liability focus on the party containing “lesser” technology. In short: A consumer using old EMV technology will be recognized as “at fault” in the event of fraud. This same aspect is directly correlated to the mandate’s facilitation of up-to-date vender technology.

So, on average, companies will maintain higher technology than surrounding entities and consumers. This will add further protection, as the superior technology will likely outrun malicious data breaches. The new EMV technology renders extracted information “useless,” as it’s encrypted to fit a digital format—rather than to a readable, magnetic strip.

Staying Aware: Adapting to the Change

Point-of-sale security is still important, and maintaining a healthy workplace promotes sustainability and protection. To ensure your employees and relevant decision makers are up-to-par with new security standards, it’s important to:

  • Create a relevant business plan before changing to new technology
  • Immediately migrate to new EMV standards
  • Train product awareness

New hardware and software changes may take time for adoption, but supporting network connectivity and internal effectiveness will ensure heightened protection. It’ll put your business ahead of the curve, security wise.


Stay updated on payment processing trends by following Abtek on Twitter and Facebook. Sign up to receive our newsletter, too.

Share and Enjoy

  • Facebook
  • Twitter
  • Delicious
  • LinkedIn
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS
ABTK-SM-Blog-DataBreach-Hero

5 Bad Habits Putting Your Business at Risk for a Data Breach

A data breach occurs when an outsider obtains customer information, putting customers at risk for fraudulent charges and identity theft. It can also threaten the reputation of businesses.

There are useful practices and various steps a business can take to prevent such breaches.

ABTK-small-blog-image-DataBreach011. Sticking with old, familiar technology

It is important for businesses to keep up with technology. They must upgrade security in addition to the ways they process payments. While it can be more costly to move to the newest methods, it makes customer information much more secure. After all, those who would illegally gain access to customer information will be using new technology—so why shouldn’t your business stay one step ahead?

Target is an example of a major company that had a data breach due to outdated technology. To prevent this issue in the future, they’ve begun to implement the technology to be able to process mobile payments.

2. Using the same POS system across all stores

Business owners can be tempted to go with what they know, especially if they’re a chain. They become familiar with certain technology, and so they tend to use it in across all stores. However, this habit should be changed. Businesses need to have different computer systems for franchise stores, especially with regard to POS systems.

Jimmy John’s stores were the victims of a major data breach because many of their POS systems were the same. The perpetrators of the data breach were able to clone payments once they figured out how the POS systems worked. If the chain had different POS systems, the data breach may not have occurred.

ABTK-small-blog-image-DataBreach023. Not updating encryption

Encryption of information is the most important way to protect your customers. Encryption scrambles customer data, such as credit card numbers, and makes it unreadable. That way, in the event of a data breach, the information obtained is useless.

Home Depot was hit with a data breach that originated from malware. Home Depot’s security system could not protect against the malware due to how new it was. But, updated encryption software would have made the data unusable to those who created the malware.

4. Insecure employee login information

Employers must give employees access to computer systems and data in order to do their jobs. However, it is easy to become complacent with employee login information. Employee passwords may be easy to guess. Employee credentials may not be deactivated when an employee leaves. Business owners must cease those bad practices. Employee passwords should be complex and changed every few months. Credentials must be deactivated when an employee leaves.

eBay’s data breach occurred because the thieves used employee login information. It is not clear how the hackers had access to employee credentials, but if eBay had made employee credentials more secure, the data breach may have been prevented.

ABTK-small-blog-image-DataBreach035. Failure to watch computer systems

Businesses must regularly watch computer systems, especially POS systems, for signs of a potential security issue. They should look for any irregular transactions or payments. They should check the system for malware and viruses. It is easy to trust security, but vigilance will prevent a data breach from going unnoticed.

In the case of the Neiman Marcus data breach, they failed to check their systems. Not only did the data breach occur, but it went unnoticed for months, despite malware being on their POS systems. It is vital that businesses scan for malware and harmful programs on a regular basis.


Stay updated on payment processing trends by following Abtek on Twitter and Facebook. Sign up to receive our newsletter, too.

Share and Enjoy

  • Facebook
  • Twitter
  • Delicious
  • LinkedIn
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS

9 Data Breaches That Rocked 2014 (And What You Can Learn In 2015)

2014 was the year of the data breach. One after another, big brands were subjected to malicious attacks by hackers that not only compromised countless pieces of customer data, but almost-irreparably damaged these brands.

Here are some of the more notable businesses affected by cyber criminal attacks during 2014:

large

1. Ebay

In May, eBay revealed that hackers had managed to steal the personal records of 233 million users. Usernames, passwords, phone numbers and physical addresses were all compromised. But the biggest victim: Ebay’s ego.

2. JPMorgan

Tens of millions of Chase customers were affected when accounts were infiltrated—even if their bank accounts weren’t. The attack touched 80 millions households and 7 million businesses, making it one of the largest in history.

3. Target

Last spring, Target confirmed that a large data breach from late 2013 affected 40 million customers. The company later announced that more data was compromised, reaching 70 million people. Proving that the shame is 100% on them for exposing customers twice.

4.  Home Depot

Home Depot announced last September that their massive data breach allowed cyber criminals to harvest information from 56 million customers in the United States and Canada. Vendor credentials were used to steal customer data.

5. Staples

Staples confirmed its payment system’s data breach–an incident in which 1.16 million credit and debit cards used were stolen over a period of up to six months. The criminals behind the breach have been accused of already using the card data for fraud.

6. U.S.P.S

Hackers attacked the United States Postal Service’s online network. Blame was quickly placed on hackers based out of China. The damage? 800,000 employees’ data was compromised, including Social Security numbers and addresses.

7. Domino’s Pizza

A “hacking group” held Domino’s Pizza hostage, demanding ransom for over 600,000 customer records obtained through a data breach. In exchange for the personal data (names, addresses, emails, phone numbers and even favorite toppings), the hackers demanded $40,000 from the pizza chain.

8. Verizon Wireless

Verizon Wireless experienced 1,367 data breaches and more than 63,000 security incidents in 95 countries during 2014. The company released their annual security report that painted a picture of the reality of data security (or lack there of) and the state of cyber crime.

9. Jimmy John’s

Customers who swiped their cards inside one of 216 Jimmy John’s stores were affected by last year’s data breach. Cards entered manually or online were not included in the attack. The information exposed may include the card number and in some cases the cardholder’s name, verification code and/or the card’s expiration date.

***

Data breaches are the new normal. 

So what can you learn from these big brands’ data breach incidents? That no business is truly immune from being the victim of a data breach–but you can practice best standards and practices by having a response plan in place.


Stay updated on payment processing trends by following Abtek on Twitter and Facebook. Sign up to receive our newsletter, too.

Share and Enjoy

  • Facebook
  • Twitter
  • Delicious
  • LinkedIn
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS