What businesses should know about new EMV requirementsSeptember 2016 / Share
The biggest news in payment technology and compliance out of the U.S. over the last year has revolved around a new method for protecting credit and debit cards. The U.S. rollout of the Europay/Mastercard/Visa payment standard, better known as EMV, was met with its fair share of challenges. Nine months after the October 2015 deadline for retailers to switch their point-of-sale terminals over to the EMV standard, it seems most of the significant kinks have been worked out. According to a telephone poll conducted by CreditCards.com, an estimated 70 percent of U.S. consumers now carry EMV credit cards, and the majority of these users reported no issues with using them at retail locations.
"The first phase of the EMV rollout has been a success."
With this information in mind, it's not a stretch to call this first phase of the EMV rollout a success. However, another deadline now looms for retailers and other businesses, this time involving ATMs with EMV capability. As of October 1, 2016, ATMs must be outfitted with an EMV card reader, or the merchant who owns the machine will be liable for any fraud. Although this process has already shown signs of hiccups similar to what was seen last year at POS stations, there may be a renewed sense of urgency given the increase in instances of credit card fraud.
Credit reporting agency FICO recently released a report on ATM fraud that should give merchants pause if they own or lease an ATM in their store. According to an analysis of ATM fraud complaints between 2014 and 2015, instances of ATMs being compromised by criminals became six times more common. This made 2015 the worst year on record for ATM fraud, according to FICO.
Criminals are also switching up their tactics when it comes to ATM fraud, preferring to target non-bank ATMs and moving faster between targets. FICO found that ATMs situated somewhere other than a bank branch were 10 times more likely to fall victim to a fraud attack. The average timeframe in which an ATM remained compromised by criminals also decreased to just 14 days. This means fraud perpetrators are moving faster between each target, making them even harder to catch.
By far the most common method of ATM compromise is what's known as skimming. This involves a criminal placing a device over the card reader of an ATM that is designed to be indistinguishable from the rest of the machine. Any card passing through the clandestine skimmer will be recorded, and a camera or other device near the ATM keypad may also record PIN numbers. Skimming devices have become increasingly sophisticated, making it even harder for consumers and store owners to detect.
EMV-enabled ATMs should curtail the prevalence of skimming devices, since it would take much more complicated machinery to crack. However, FICO and other fraud experts recommended consumers and retailers take steps to stay informed and vigilant when it comes to ATM fraud:
- If an ATM card reader looks strange, try gently pulling on it or inspecting it for wires, loose parts or other damage. If you find an ATM skimming device, call the police and tell the merchant if possible.
- Consumers should regularly monitor their credit and debit card activity for signs of misuse, such as unfamiliar transactions or being enrolled in services they didn't sign up for.
- Consumers and retailers should ensure they have up-to-date information on file in the event a bank or card issuer needs to contact them urgently.
Even with ATM fraud on the rise, retailers and their customers can work together to stay a step ahead of criminals.
Vectra Bank can help you find the right Merchant Services solution for your business.
The information provided is presented for general informational purposes only and does not constitute tax, legal, business or investment advice.