Blog Layout

Is Swiping Chip Cards Putting Your Business at Risk?

May 30, 2023

Most of us have heard that chip cards are more secure. When it comes to processing credit cards and debit cards , chip cards have been the standard for many years. Chip cards, also referred to as Europay, Mastercard, and Visa (EMV) cards, are in fact significantly more secure than many other forms of electronic payments. Yet very few of us understand exactly how this works. Today, we will explore how chip cards keep customers and businesses safe and why merchants who continue to process cards by swiping are putting themselves at risk.

 

Chip Cards vs. Magnetic Stripe Cards

There are two basic ways in which a credit card transaction can be processed:

  1. Card present transactions (swipe, chip reader)
  2. Card-not-present transactions (inputting credit card number manually, over the phone, or online)

While the actual transactions and authentications of credit cards remain virtually unchanged regardless of the transaction method, the security of chip transactions vs. swipe transactions is enormously different. This stems from the fact that those seeking to commit credit card fraud and/or identity theft have a much easier job forging swipe cards.

Swipe cards store a digital string of numbers held in the magnetic strip on your card. Traditional swipe card information is relatively easy for criminals to steal and subsequently transfer onto a new, fraudulent credit card. Chip cards (EMV cards) use encrypted codes to keep this information secure. This all but removes the possibility of a criminal stealing your credit card information during a transaction.

 

Why are Chip Cards More Secure for Businesses?

Now that we understand why EMV cards are more secure than swipe cards, why does that matter for small business owners? After all, isn’t it the customer who is at risk for fraud and identity theft issues? In fact, quite the opposite is true.

Businesses are culpable for losses incurred due to fraud. Where consumers are generally protected beyond $50 in fraudulent charges, businesses are responsible for recovering their lost goods and or funds. If you are unable to locate and recover your losses, your business is out of luck!

Businesses run the risk of penalties for fraudulent purchases. It doesn’t get any better from there. Merchants may also incur penalties including chargebacks , account suspensions, or even account terminations based on fraudulent activities.

Businesses are required to read the chip for EMV cards. To be clear, swiping chip cards will work to complete a transaction. However, swiping a customer’s EMV (chip card) immediately puts your business at risk. If a customer disputes a transaction where a chip card was swiped, your business will be held liable. The chargeback will be decided in favor of the customer regardless of the facts and documentation. These fatal chargebacks have become more common since the EMV (chip cards) were mandated.

How to Process a Credit Card with a Chip

The good news is that all of this can be avoided by simply following standard security and fraud prevention guidelines. Here are a few ways to stay compliant and accepting EMV cards to keep your business in good standing:

  1. Always use the chip reader for cards when available: Nearly all credit and/or debit cards in circulation today have a chip. Simply direct your customers to use the chip reader and do not allow them to swipe their card unless absolutely necessary. The card will remain in the card reader until the authentication process has been completed. And it’s as simple as that.
  2. Remain PCI compliant: The Payment Card industry-Data Security Standard (PCI) sets the rules for best practices when it comes to payment processing. Work with your merchant services provider to remain compliant at all times.
  3. Utilize up-to-date security software and hardware to process payments: Not all POS systems and/or card readers are created equal when it comes to security. Make sure you do your research and select the correct tools to keep your transactions safe and secure.

Is Accepting Credit Cards Worth the Potential Fraud Risk?

All business decisions are calculated risks. The decision to accept credit and debit cards rather than operating as a cash-only business is a calculated risk which we believe is well worth the potential downsides. Despite all this scary talk about account suspensions and unrecoverable losses, the fact remains that chip cards make stealing credit card information virtually impossible. And that is precisely why all businesses should insist on using chip readers rather than allowing cards to be swiped.

A major component in all of this is selecting and working with a reputable merchant services provider. The right merchant service provider can offer security solutions, up-to-date software, and the latest hardware to protect your business. Fraud is certainly a legitimate concern, but there are a multitude of powerful solutions to tip the scales in your favor.

Payment Processing and Payment Security from True Merchant

At True Merchant , we understand that a few simple tips from a singular article isn’t enough to keep small business owners protected. That is why we offer a number of dedicated merchant services including CardSecure. Lean on our extensive experience to handle the payment processing security for your small business. Whether you have questions about how to process credit cards or whether you are looking to expand your business through a loan or merchant cash advance, we are here to help.

To speak with a payment processing security professional, please call or email us today. Your small business is worth protecting!

Security Lapse by Microsoft Employees Exposes Internal Passwords

26 Apr, 2024
In continuation of Microsoft’s series of data security incidents, employees accidentally exposed internal data to the public. The leak exposed an unprotected Azure storage server containing code, scripts, and configuration files. Microsoft has announced that it has fixed a security breach that exposed internal company credentials and files to the open internet. The breach was first discovered by security researchers from cybersecurity firm SOC Radar. According to their report, an internal error resulted in an Azure storage server without password protection being given public access. The exposed data was primarily related to Microsoft’s Bing search engine, including configuration files, code, and scripts that employees used to access a range of internal systems and databases. Consequently, bad actors could identify and access locations for Microsoft's internal data. So far, it has not been made clear how long the data has been exposed. Anuj Mudaliar Assistant Editor - Tech, SWZD opens a new window opens a new window Anuj Mudaliar is a content development professional with a keen interest in emerging technologies, particularly advances in AI. As a tech editor for Spiceworks, Anuj covers many topics, including cloud, cybersecurity, emerging tech innovation, AI, and hardware. When not at work, he spends his time outdoors - trekking, camping, and stargazing. He is also interested in cooking and experiencing cuisine from around the world.

AT&T experienced data breach that impacted 51 million customers (No one is immune)

26 Apr, 2024
AT&T is notifying 51 million former and current customers, warning them of a data breach that exposed their personal information on a hacking forum. However, the company has still not disclosed how the data was obtained. These notifications are related to the recent leak of a massive amount of AT&T customer data on the Breach hacking forums that was offered for sale for $1 million in 2021. When threat actor ShinyHunters first listed the AT&T data for sale in 2021, the company told BleepingComputer that the collection did not belong to them and that their systems had not been breached. Last month, when another threat actor known as 'MajorNelson' leaked the entire dataset on the hacking forum, AT&T once again told BleepingComputer that the data did not originate from them and their systems were not breached. After BleepingComputer confirmed that the data belonged to AT&T and DirectTV accounts, and TechCrunch reported AT&T passcodes were in the data dump, AT&T finally confirmed that the data belonged to them. While the leak contained information for more than 70 million people, AT&T is now saying that it impacted a total of 51,226,382 customers. "The [exposed] information varied by individual and account, but may have included full name, email address, mailing address, phone number, social security number, date of birth, AT&T account number and AT&T passcode," reads the notification. "To the best of our knowledge, personal financial information and call history were not included. Based on our investigation to date, the data appears to be from June 2019 or earlier." BleepingComputer contacted AT&T as to why there is such a large difference in impacted customers and was told that some of the people had multiple accounts in the dataset. "We are sending a communication to each person whose sensitive personal information was included. Some people had more than one account in the dataset, and others did not have sensitive personal information," AT&T told BleepingComputer. The company has still not disclosed how the data was stolen and why it took them almost five years to confirm that it belonged to them and to alert customers. Furthermore, the company told the Maine Attorney General's Office that they first learned of the breach on March 26, 2024, yet BleepingComputer first contacted AT&T about it on March 17th and the information was for sale first in 2021. While it is likely too late, as the data has been privately circulating for years, AT&T is offering one year of identity theft protection and credit monitoring services through Experian, with instructions enclosed in the notices. The enrollment deadline was set to August 30, 2024, but exposed people should move much faster to protect themselves. Recipients are urged to stay vigilant, monitor their accounts and credit reports for suspicious activity, and treat unsolicited communications with elevated caution. For the admitted security lapse and the massive delay in verifying the data breach claims and informing affected customers accordingly, AT&T is facing multiple class-action lawsuits in the U.S. Considering that the data was stolen in 2021, cybercriminals have had ample opportunity to exploit the dataset and launch targeted attacks against exposed AT&T customers. However, the dataset has now been leaked to the broader cybercrime community, exponentially increasing the risk for former and current AT&T customers. Update 4/10/24: Added statement from AT&T about discrepancy in numbers. BILL TOULAS Bill Toulas is a tech writer and infosec news reporter with over a decade of experience working on various online publications, covering open-source, Linux, malware, data breach incidents, and hacks.

Home Depot Data Compromised Through Third-Party SaaS Misconfiguration

26 Apr, 2024
Home improvement retailer Home Depot confirmed with multiple publishers that it suffered a data break due to a third-party SaaS vendor inadvertently exposing a subset of employee data. IntelBroker, the threat actor behind the attack claims it has the information of 10,000 Home Depot employees. A Home Depot software vendor suffered a data breach leading to the compromise of an undisclosed number of employees. IntelBroker, the threat actor behind the attack claims it has the information of 10,000 Home Depot employees. Home improvement retailer Home Depot confirmed with multiple publishers that it suffered a data break due to a third-party software vendor inadvertently exposing a subset of employee data. Reportedly, the breach was caused by a misconfigured software-as-a-service (SaaS) application.
More Posts
Share by: