Posts Tagged ‘credit card fraud’

Can’t Collect Payments? New Chip Technology Could Be Hurting Business’s Bottom Lines

Thursday, October 15th, 2015

EMV Technology Impacts Netflix’s Q3 Earnings

EMV Technology - Ohio CPA Firm

Netflix, known for offering award-winning shows like House of Cards and Orange is the New Black to users online recently reported a lack-luster third quarter performance. The company points to its inability to collect payments from users who have not yet updated their Netflix account information to reflect new payment card information they may have been issued as a result of the new EMV technology.

Since the United States made the switch to EMV (EuroPay, Mastercard and Visa) chip technology in October, some companies are beginning to report unexpected side effects – sluggish growth in the third quarter. A recent story from Patrick Kulp on Mashable, a global media company, reported that Netflix’s lack-luster third quarter earnings may be directly linked to the new technology.

Read Also: Will EMV Technology Change The Online Payment Option?

Why? Because, according to Kulp, “[many] Netflix users may not want to go through the hassle of updating their payment records, and some may even use the switch as an excuse to bail on the service. As a result, the company can’t collect their fees.” Now, as third quarter earnings continue to roll in, business analysts are beginning to speculate as to what this means for businesses hoping to finish the year on a high note.

Why Was EMV Implemented?

In September, I provided insight into the reasoning behind the new chip-based technology, which pointed to the increasing number of credit card breaches as the reasoning behind the change. Over the years millions of credit card numbers and associated data have been stolen, leaving the credit card industry on the hook for the fraudulent transactions. In an effort to transfer liability from payment card companies to individual businesses, while providing greater protection to users against credit card fraud, the PCI Security Council supported the addition of EMV chip technology to the existing PCI (Payment Card Industry) Security Requirements.

The ultimate goal of EMV is to stop and prevent further fraudulent activity. Success has already been noted in countries outside the U.S. “Currently, almost half of the world’s credit card fraud happens in the U.S. where magnetic stripe technology is the standard,” stated David Navetta and Susan Ross in a blog on Data Protection Report. “Outside the U.S., an estimated 40 percent of the world’s cards and 70 percent of the terminals already use the EMV technology. These countries are reporting significantly lower counterfeit fraud levels with EMV cards than with the magnetic stripe cards.”

Click here to read the full article

Unintended Outcomes

Businesses have rushed to accommodate the transition to avoid liability for any losses that result from fraudulent transactions. From installing devices that read the new chips, to training employees to address any questions and concerns that may come up during the payment process. Unfortunately, in order to bring the American public up to speed, payment card insurers are issuing new chip-enabled cards to card holders and, in many cases, users are being issued new card numbers as well.

Companies such as Netflix are beginning to feel the pinch as they are realizing that their customers are in no hurry to update their card numbers in their accounts, which means the company can’t collect subscription payments.

“Our over-forecast in the US for Q3 was due to slightly higher-than-expected involuntary churn (inability to collect), which we believe was driven in part by the ongoing transition to chip-based credit and debit cards,” the company said in its earnings release.

Is Your Business Witnessing Unexpected Consequences?

Third-quarter earnings are just beginning to be reported, which means we are unable to adequately identify how widespread this particular issue is.

So, we want to hear from you. Since the EMV chip technology went into effect on Oct. 1, what has your experience been? Have you had trouble collecting renewal payments from your customers? Comment below or send us a quick email.

If you have a specific question about EMV technology or another business challenge, you can always let us know by filling out the brief form at the top, right side of this page. And don’t forget to subscribe to Dear Drebit to get great business tips and advice delivered directly to your inbox!

By Brian Garland, CPA (Dublin office)  

Are you looking for more ways to prevent fraud from taking control of your business? Check out these articles:

Who Is That Email Really From?

Malware Threat Spreads To Smart Phones

Businesses Beware: Sloppy Data Security Could Cost You

Share Button

Will EMV Technology Change The Online Payment Option?

Monday, September 21st, 2015
Online Payment Option -Ohio CPA Firm

Does a company that doesn’t physically swipe credit cards have to worry about increased liability when the new EMV rules are implemented in October?

Dear Drebit: Does a company that doesn’t physically swipe credit cards have to worry about increased liability when the new EMV rules are implemented in October? Sincerely, Online Payments Only

Dear Online Payments: As you may already know, I recently wrote an article to inform merchants about the Oct. 1 deadline to implement Credit Card EMV (EuroPay, MasterCard and Visa) technology. When this change takes effect, the liability for fraudulent transactions will no longer be assumed by the credit card issuing institution. Instead, if you continue to use the credit card’s magnetic stripe to process payments, your business will assume liability for any resulting fraud. For most businesses – especially smaller businesses – a single instance of fraud could be crippling.

EMV technology essentially swaps out the magnetic stripe used on credit cards today for an embedded chip. The chip scrambles sensitive cardholder data at the point of sale, which makes it increasingly difficult to fraudulently access and replicate consumer data.

Click here to read the full article.

But what changes lie ahead for businesses that utilize online payment methods and don’t require customers to physically swipe their credit card to pay for a product or service? Do they need to be concerned about this liability switch on Oct. 1 too?

EMV Concerns For Online Merchants

Your third-party processor (such as PayPal), is responsible for ensuring that the payment is authentic. These companies validate payments using a variety of methods.

Natalie Gagliordi, a blogger with Small Business Matters, writes that “for most online merchants, whatever payment processing technology they are using will likely contain out-of-the-box security and authentication protocols.” PayPal, for example, “has developed complex end-to-end encryption to help protect consumers and merchants with their payment information.”

But just because your business doesn’t bare the sole responsibility for keeping your customers’ credit card data safe, doesn’t mean you have nothing to worry about – quite the contrary. Some experts expect credit card fraudsters to pay more attention on hacking online consumer data. This means, for your customers’ sake, you must continue to be informed of online security best practices and should not only be knowledgeable about what your third-party payment processor is doing to keep credit card data safe, but what your third-party payment processor requires of you to maintain your compliance. This could include maintaining current antivirus protection, a secure firewall and other online safety protocols.

The EMV Migration Forum’s Card-Not-Present Working Committee recently published an informative whitepaper to address the growing threat of Card-Not-Present Fraud. This resource will give online merchants a little more insight into the numerous options currently available to help authenticate online payments.

In the meantime, if you have additional questions or concerns, contact your third-party payment processor immediately. Requirement 12.9 of the Payment Card Industry Data Security Standard v3.0 states that they must provide you with – in writing – the details of its role in providing PCI compliancy, as well as any requirements of your organization. Click here to learn more.

How Can Drebit Help You?

Readers, do you have questions about data security, fraud, accounting, succession planning and other general business topics, but don’t really know who to ask? Let Drebit help find the answer! Simply fill out the brief form at the top, right side of this page. You can also click here to reach out to one of fraud experts directly. If you like the advice we offer, why not click here to subscribe to Dear Drebit and get notified of new articles and updates the minute they are posted?

By Brian Garland, CPA (Dublin office)  

Share Button

Fraudulent Credit Card Transactions Will Become Merchant’s Problem On Oct. 1

Wednesday, September 9th, 2015
Credit Card Fraud Prevention - Ohio CPA Firm.

As of Oct. 1, 2015, the liability for fraudulent transactions will no longer be assumed by the credit card issuing institution. Instead, if you (the merchant) fail to adopt EMV technology, your business will be responsible for any loss that results from a fraudulent transaction.

PCI to EMV – Protecting Credit Card Data

Your customers want their payment experience to be as easy and painless as possible, which is why you have come to depend on the ability to process credit card payments – especially if your average transaction is more than $20. But providing your consumers with the ability to pay with plastic has also been helpful to fraudsters looking to steal the information hidden within their card’s magnetic stripe. In an effort to crack down on fraudulent transactions, protect consumers and transfer liability from the credit card company to your business, the United States will begin to implement Credit Card EMV (EuroPay, MasterCard and Visa) technology.

Read Also: Businesses Beware: Sloppy Data Security Could Cost You

Change Is Necessary

Due to the increasing number of credit card breaches where millions of credit card numbers and associated data have been stolen, the industry has forced retailers and merchants to adhere to PCI (Payment Card Industry) Security Requirements. Supported by the PCI Security Council, the ultimate goal of EMV is to stop and prevent further fraudulent activity. Success has already been noted in countries outside the U.S. “Currently, almost half of the world’s credit card fraud happens in the U.S. where magnetic stripe technology is the standard,” states David Navetta and Susan Ross in a blog on Data Protection Report. “Outside the U.S., an estimated 40 percent of the world’s cards and 70 percent of the terminals already use the EMV technology. These countries are reporting significantly lower counterfeit fraud levels with EMV cards than with the magnetic stripe cards.”

Understanding EMV Technology

Credit Card EMV technology, which has been used in Europe since the early 1990s, replaces the magnetic stripe we have grown accustomed to with an embedded chip that, scrambles sensitive cardholder data at the point of sale terminal. This technology ultimately makes it more difficult to access and replicate consumer data in an attempt to commit fraud.

Businesses Can’t Afford Not To Comply

Why should you be concerned about the credit card industry’s switch-over to EMV technology? As of Oct. 1, 2015, the liability for fraudulent transactions will no longer be assumed by the credit card issuing institution. Instead, if you (the merchant) fail to adopt EMV technology, your business will be responsible for any loss that results from a fraudulent transaction. If your business currently accepts credit cards as a form of payment (and you would like to continue this practice), unless you want to be hit with potentially devastating losses, you must make sure to install and activate the new technology before the Oct. 1 deadline. That being said, some types of businesses will have a little more time to comply. If you aren’t quite sure whether or not your business is exempt, visit the website of each payment brand you accept to learn more.

Next Steps

  1. If you have not investigated or planned for EMV Technology, contact your card processor immediately to determine your business’s specific needs.
  2. Implementing EMV technology can be a cumbersome and time consuming project, but the best way to protect yourself from fraud and liability is to implement the new technology as soon as possible.
  3. If EMV technology has been implemented be sure to confirm that the chip reading capability has been enabled. In addition, confirm with issuers that cryptographic values are being associated with the card number to ensure that the EMV technology has been setup and configured properly.  Verifying that cryptographic values are being assigned will eliminate the chance of misconfiguration and possible fraudulent activity.
  4. Train your staff on the new procedures. When a customer tries to pay for a product or service using their card, they will notice some changes, such as their credit card being held in the EMV reading slot throughout the entire transaction process. This is normal, however your staff should be prepared to answer the questions that will certainly arise.

By Brian Garland, CPA (Dublin office)

Want to learn more ways you can protect your business and your customers from a fraudster? Check out these articles:

Could Your Company Be Ransomware’s Next Victim? Don’t Turn A Blind Eye To PCI Compliance How Much Is Your Data Worth To Criminals?

Share Button