May 19, 2015
In the payments industry, the common practice is to equate mobile merchants with micro merchants, and to put them on a back burner for things like EMV upgrades.
In reality, there is nothing ‘micro’ about merchants that sell big-ticket items in mobile environments. For example, consider vendors who sell their wares at art festivals. Many use popular mobile point-of-sale (mPOS) solutions to process payments.
While the number of annual transactions may be rather small compared to traditional retail merchants, the value per transaction can be significantly higher; price tags can be in hundreds, or even thousands, of dollars. Under the new EMV liability shift rules, these large sales could turn into significant losses to a merchant—in both merchandise and chargebacks—unless some simple precautions are taken.
In today’s pre-EMV environment, merchants have protections when presented with a fake or counterfeit card. In most cases, current regulations stipulate that they are immune from any liability as long as they take even the most basic steps, such as verifying the signature to authenticate the card. Add to that the fact that in almost all of these disputes, the merchant is never directly involved in the dispute since the consumer contacts the issuer first, and therefore, has no idea about the true risk exposure.
Merchants are relying on a false sense of security because most often the settlement is between the issuing bank and the defrauded consumer. As long as merchants play by the rules, they may never know that they have processed fraudulent transactions.
However, after October 2015, when the EMV liability shift takes effect, vendors that run a counterfeit chip-card though a magnetic stripe reader will be on the hook to reimburse the issuer for the full cost of a fraudulent charge, and they will have little or no chance of retrieving the ill-gotten merchandise or finding the buyer.
This dynamic poses a serious problem for businesses that have not been familiarized with the risks associated with EMV. You can certainly count on the fact that enterprising fraudsters have figured out that high-ticket mobile businesses using mag-stripe solutions are an easy target, regardless of what the industry considers a “micro-merchant.”
With the adoption of EMV and chip cards, there will be a reduction in card-present fraud across the board. On this point alone, it would seem that merchants would be clamoring to update their existing POS systems to accept EMV, and take advantage of this new technology. Unfortunately, adoption is still slow—due mainly to the lack of processor-certified EMV solutions targeted for micro-merchants. Frequently, lack of risk exposure combined with the cost to upgrade to chip-enabled technology are cited as major barriers for small business owners to invest in EMV solutions; however, that is not the whole truth.
It is fair to expect that criminals who are organized enough to steal card numbers and manufacture counterfeit cards, will also be very adept at finding and exploiting security gaps in the business community. Mobile merchants that deal in big ticket items are highly vulnerable for such exploitation. However, this risk can be easily mitigated with a simple EMV-certified mPOS solution. And in most cases, the cost of the upgrade—less than one hundred dollars for the merchant—leaves plenty of margin for the reseller. Truth is, the liability cost stemming from just one counterfeit transaction could easily dwarf the cost of a simple EMV mPOS upgrade.
One of the greatest advantages of mPOS solutions is that the smartphone or tablet provides the processing power for these merchants to conduct business, while the acceptance dongle and app can easily be updated to accommodate the latest payment security innovations at a very reasonable cost. For a mobile merchant with average transactions of at least one hundred dollars, the relatively insignificant investment in secure EMV technology could save substantially more money, and alleviate some serious headaches in the long run.
For mobile merchants of every type and size, updating their POS to accommodate EMV makes sense. If they are caught holding the liability, they will blame their merchant provider for not offering a viable EMV-enabled mPOS solution.
The question is: what are banks, processors and ISOs doing to fill the gap and offer these secure and affordable solutions to the merchant community? And why aren’t they stepping up faster? The issuing banks are clamoring to populate consumers’ wallets with EMV cards ahead of the liability shift. The same level of risk mitigation and customer support is not extended to micro-merchants by acquiring institutions. With the all the regulatory oversight that the big banks are dealing with, it seems that eliminating a potential backlash from small business owners would be in their best interest. Come October, we’ll find out how much size matters.