The Wall Street Journal reports that credit card use in the B2B space continues to increase as a preferred payment channel for customers. Suppliers accepting cards in the B2B space commonly receive payment through card not present forms, whether through payment portal, email, fax or over the phone. For those suppliers that accept cards in the cardholder’s presence, card issuers are changing card acceptance rules to give cardholders greater protections from identity theft.
“Chip and pin” or “smart cards” are credit or debit cards that store data on integrated circuits rather than on traditional magnetic stripes. The transition to “chip and pin” or “smart card” technology is now largely underway in the United States. The transition is being assisted by the shift in liability for card-present fraud that will be implemented on October 1, 2015.
Currently, if an in-store transaction is conducted using a card obtained fraudulently, cardholder losses from that transaction lie with the payment processor or issuing bank. From October onwards, that liability will shift to the supplier that has not changed its system to accept chip technology. If a customer uses a chip card, the failure to update the card reader may permit a counterfeit card to be successfully used. In that scenario, the supplier will bear the cost of the fraud. Again, the supplier will only be responsible for the cost of the fraud if the fraudulent transaction is a card-present transaction.
The major benefit of using a “chip and pin” payment card, and what compelled the US to migrate its cardholders to the new generation of cards, is improved security and fraud reduction. Whereas magnetic stripe card transactions rely on the holder’s signature and visual inspection of the card, the use of a PIN and cryptographic algorithms provide authentication of the card to the processing terminal and the card issuer’s host system.
The identity of the cardholder is confirmed by requiring the entry of a personal identification number (PIN) rather than signing a paper receipt. Unlike magnetic-stripe cards, every time a smart card is used for payment, the card chip creates a unique transaction code that cannot be used again. This eliminates the possibility of card duplication fraud as the transaction code becomes obsolete and cannot be used in further transactions.
While much of the rest of the world has already been using “chip and pin” cards for several years, the US is now committing to migrate its credit card use to this more secure format. There is a historical viewpoint regarding the reason for this delay by the US in updating its credit card technology standards. In the past, fraud was much more prominent in markets outside of the US. What has happened, especially over the course of the past few years, is that since other markets have migrated to “chip and pin” cards and become more secure, fraudsters have moved their focus to the US market. Essentially, they came to the US market because they were looking for less secure networks from which to steal fraudulent credit card information.
For suppliers in card-present transactions, the switch to this technology means adding new in-store technology and internal processing systems, and complying with new liability rules. For cardholders, it means activating new cards and learning new payment processes. And for the supplier and cardholder, it means a more secure form of payment by credit card, and fewer opportunities for fraud to occur. As the credit team is responsible for managing risk, including risk of fraud with payment channels, the credit team must prioritize compliance with this new technology within the organization for card-present transactions.
Scott Blakeley is a principal with Blakeley LLP, where he practices creditors’ rights and bankruptcy. His e-mail is: email@example.com.