Retail Liability Shift: Here's Why POS Solution Providers Should Pounce On The Opportunity

The Countdown Is On

We're just three months away from the retail fraud liability shift in which credit card companies will shift the liability of credit card fraud away from themselves and onto those merchants that have not upgraded their payment terminals to be compliant with the new chip cards being issued by these companies. MasterCard and Visa have set the date for the liability shift as Oct. 1; American Express and Discover will make the shift later that month.

Retailers of all sizes, however, had better be prepared and need to upgrade their payment terminals to accept the new chip card technology -- also known as EMV (Europay, MasterCard, Visa). For solution providers in the point-of-sale space, it's not too late to pounce on this opportunity. Greenville, S.C.-based distributor ScanSource illustrated in a recent webcast for its partners and media that the number of retailers that have yet to adopt the new technology and update their payment terminals is still quite vast. Some of the distributor's partners in the point-of-sale space agreed, saying they have yet to see that "summer rush."

Here are 10 things to know about the liability shift in October and some eye-opening stats on the topic, according to ScanSource's webcast.

What's Happening In October?

With MasterCard and Visa shifting the liability of credit card fraud away from themselves and onto merchants, if a case of credit card fraud is traced back to a retail store or business that business will be held responsible for the financial impact. This, of course, should be a very big issue for retail stores in today's world of escalating data breaches. All it takes is one big data breach, and all the financial information of a store's customers is up for grabs. Just one breach could prove quite costly.

That is why stores need to upgrade their payment terminals to accept the new chip cards that are being rolled out by credit card issuers.

Opportunity For POS Solution Providers

This is a big opportunity for solution providers in the POS space. With so many small and some large businesses not yet taking the steps to adopt chip card technology by upgrading their payment terminals, they are being left vulnerable to cyberattacks, which could prove quite costly come October. POS solution providers should have the conversation with customers about updating their terminals ahead of October. This is the time to educate them on the subject and explain why they should invest in updating their terminals. Selling the hardware to customers also presents solution providers with the opportunity to sell their own POS software as well.

Chip Card Technology

Chip card technology refers to credit cards that hold small and secure circuit chips within the actual cards. Chip cards are widespread in other developed markets around the world, including Europe and Canada, and are viewed as being much more secure than the magnetic stripe cards used in the U.S.

Credit card issuers in the U.S. are sending these chip cards to card holders and have been doing so over the course of the past year. Financial research firm Aite Group forecasts that 70 percent of credit cards in the U.S. will feature EMV (Europay, MasterCard, Visa) chip card technology by the end of the year.

Who Is Getting Covered?

Financial software maker Intuit and ScanSource said tier-one companies are leading the way in adoption of chip card payment terminals in the U.S. with SMBs lagging behind.

According to PaymentSource, an online publication focused on the payment industry, tier-one merchants will be 70 percent EMV-compliant by Oct. 1 while the SMB market won't be EMV-compliant until 12 to 18 months after that. Thirty-four percent of merchants in the U.S. will be ready to accept chip card technology come October.

SMBs Are Unprepared

In a survey conducted by Intuit, of 504 small businesses based in the U.S. 42 percent had not even heard of the October liability shift.

The same Intuit survey revealed that 85 percent of SMBs that say they will not migrate are unaware of the financial liabilities. Fifty-seven percent cited the cost of the new terminals as a reason they would not make the switch. The cost of the terminals themselves range from $300 to $1,000.

Trickle-Down Effect

Allen Friedman, director of payment solutions at Ingenico Group, a Paris-based solution provider specializing in the payment space, said there will be a trickle-down effect once tier-one businesses become covered, meaning once bigger retailers are protected from breaches through chip card technology, smaller businesses will become the target of hackers, especially since most of them are not protecting themselves.

"Once the bigger merchants have implemented EMV, and [attackers] can't use their counterfeit cards there, then those counterfeit cards will move down the chain to smaller merchants," Friedman said in the webcast. "They're not their No. 1 target today, but they will become their No. 1 target once the bigger merchants become protected."

Rising Rate Of Credit Card Fraud In The U.S.

According to the Nilson Report, a Carpinteria, Calif.-based payment industry newsletter, the U.S. accounts for 25 percent of all transactions globally but roughly 50 percent of all credit card fraud. Credit card fraud has doubled since 2007, reaching 10 cents per every $100 transacted. A total of $10 billion in credit card fraud is expected in all of 2015, up from $8.5 billion in 2014.

Beatta McInerney, business development manager for the ScanSource Payments division, said during the webcast that credit card fraud is continuing to happen in the U.S. because of vulnerabilities in the magnetic stripe card. The U.S., McInerney said, is the last modern industrial country in the world to adopt the EMV standard. "It makes us an easy target," she said. "Credit card fraud is increasing rapidly in the U.S. and SMBs are being attacked just as much as large retail chains."

Unpredictable ROI

A tricky conversation that solution providers may have with prospective clients revolves around return on investment. There is no ROI when it comes to upgrading payment terminals because there is no way of knowing if a business would have been hit with a data breach.

ScanSource's McInerney emphasized that despite the ROI being unmeasurable, it is still an investment retailers need to make to protect themselves from a hefty bill in the event of a breach or fraud case. "Nobody asks you, 'What is the ROI for locking your front door?' because there simply isn’t one."

Eye-Opening Stats From National Small Business Association

The National Small Business Association (NSBA) conducted a survey of 675 small businesses regarding their experience with cyberattacks.

Fifty percent of those surveyed had been victims of hackers to get credit card data. The NSBA said this number is up 44 percent from 2013. Of those that were hacked, 68 percent were hacked more than once. The NSBA said the average cost of an attack was $20,752, up from $8,600 in 2013. The NSBA also noted that SMBs are being hacked as often as retail giants and many incidents are going unreported since companies are not publicly traded.

Mobile Payments To Nearly Triple

One of the big winners in the EMV liability shift will be mobile payments. Newer payment terminals feature NFC antennas, which are used for mobile payment platforms such as Apple Pay and Google Wallet. With retailers upgrading their terminals, more businesses can adopt mobile payments.

According to Forrester Research, mobile payment transactions accounted for $50 billion in 2014. Forrester said this number will grow to $142 billion by 2019.

Another reason consumers will use mobile payments is because transactions will take longer with chip cards than they do with magnetic stripe cards.

"The card must be inserted in the terminal and must stay in the terminal during the transaction while the user enters their signature," said John Deery, founder of JD Associates, a Leominster, Mass.-based solution provider in the POS space. "Right now, you just swipe and you're done, but with this you have to leave the card in there. It means adding time to a transaction. If I can reach into my pocket, I'll just use my iPhone."