Do Mobile Devices Equal Trouble?

The rapid rise in small businesses’ use of mobile devices for accepting electronic payments has an unwelcome companion: merchant indifference to data security, according to a recent poll of more than 6,000 businesses, three fourths of which had 10 or fewer employees. Among these businesses, an alarming 63% reported they were not at all concerned about the data they were transmitting.

Another cringe-worthy finding is the high degree of persona use of payment-processing mobile devices.  In a full 40% of cases, the employees provide their own devices. The PCI Standards Council has noted that off-the-shelf mobile devices may not have incorporated generally accepted information security standards. 

78% of those responding answered, yes, when asked if the mobile devices they used for accepting credit card payments also are used for tasks such as checking and sending email, surfing the Web, etc.

These findings represent an opening for sales organizations and acquirers to educate the small business owner about payment security. These findings also provide the independent sales organization an opportunity to showcase their services.

Bank of America began issuing debit cards that are Europay-MasterCard-Visa chip card compliant. This makes BOA the first mega-bank to begin a world-wide conversion to EMV. EMV cards will be issued as the old cards expire or are replaced for other reasons.

This is important.  If you retain nothing else, retain this. The major payment networks have set a liability shift deadline for October, 2015, in which the party in a card transaction that cannot support EMV payments, issuer or merchant, WILL BE RESPONSIBLE FOR ANY RESULTING COUNTERFEIT CARD FRAUD.

EMV transactions use common application identifiers to indicate how they should be processed. The common AID’s enable PIN-debit transactions originating on chip and pin cards to meet the requirements of the Dodd-Frank Act’s Durbin Amendment. Under Durbin, a debit card must present the accepting merchant with a choice of least two unaffiliated networks for transaction routing. This is relatively simple for mag-stripe cards, but much more difficult for EMV cards.

Bank of America says it has been adding chips to its cards since 2012. They have a considerable head start on the rest of the market.  BOA’s action should, out of the since of market completion alone, cause other issuers to aggressively get with the program. When the deadline comes and goes, fraud will begin to migrate to those issuers who represent the weakest links. These weakest links will be those issuers who disregarded the admonition to prepare.

If you need help, we have solutions. Give us a call.