Please ensure Javascript is enabled for purposes of website accessibility

Fight fraud by updating credit card terminals

techtuesdaymillerSeventy-five percent of companies experienced payments fraud in 2016, and half said the number of attacks increased over 2015. But new industry standards and updated payment terminals technology can help protect businesses—only if they take much-needed action.

Today, businesses of every size rely on payments technology to transact and engage with customers. To get the best performance and to protect customers and sales, it is critical that software is always updated and compliant with security standards that deter fraud. SHA-2, the most current industry standard for payment encryption, is the best-available protection for the safety and security of credit card transactions.

Not only is it recommended; soon it will be mandatory.

Currently, only about 40 percent of merchants are using SHA-2, and the remainder have until December to convert to the new technology. Another important deadline is looming right on its heels, when merchants also will need to upgrade to TLS 1.2 next June.

These deadlines are set by the global PCI Security Standards Council. Merchants who don’t comply risk losing out on sales because payment processors will no longer accept payments using non-compliant encryption technologies. But it is important to know that to avoid disruptions, payments providers have earlier deadlines to ensure compliance and to get merchants ready ahead of the Holiday shopping season—for Chase customers, that deadline is Sept. 30.

What it means

To better understand what this means, let’s break down these acronyms and tech speak: EMV, or chip card technology, encrypts credit and debit card data from the cardholder during a transaction. It takes a little longer to process the transaction, but the benefit is that fraudsters have a harder time replicating the technology.

SHA-2 is the latest internet communication protocol that provides better encryption of information over the internet. This prevents fraudsters from intercepting data as it’s passed over the web.

TLS protocol stands for “transfer layer security” and is an industry standard designed to protect the privacy of information communicated over the Internet.

Fortunately, for most small businesses and other merchants who have recently updated their payments terminals to comply with other recent PCI requirements, the upgrade should be simple.

But those who fail to comply will likely face business disruptions, including the inability to process transactions as payment processors comply with the required updates.

Assess, take action

To help businesses navigate this important change, here are important recommendations to assess next steps:

  • Are you EMV ready? Merchants with standalone POS terminals that are EMV ready are most likely in good shape for a simple upgrade to comply with SHA-2. To makes sure your software is up to date, check with your payments provider.
  • Still swiping cards? Any business who has not updated to EMV will likely need to start by upgrading their equipment to a “smart terminal.” The good news is that those terminals are the most secure available, and can also accept all types of payments – magstripe, chip cards, mobile payments, and more. This feature adds convenience and flexibility for all types of customer payment options – and that can win a business new customers, like those who exclusively use mobile payments.
  • Unsure? For businesses needing help figuring out what to do, it is best to contact your payment provider with questions.

With the impending deadline top of mind, it also is a great opportunity for businesses to review fraud prevention practices in every aspect of their organization.

Fraud may never be completely stopped. But to drive it away from your business, the time to act is now. Your customers, and your bottom line, will be the better for it.

Laura Miller is the president, small business of Chase Merchant Services at JPMorgan Chase.