SAN FRANCISCO — That authoritative sstpp sound that comes from swiping a credit card through a reader is going away, to be replaced with the snick-snick of a card dip. It's the aural confirmation that after decades, the United States is entering the 21st century and finally embracing chip and PIN cards.
And that, in turn, means headaches but also, hopefully, security for millions of small businesses.
The new cards encode the user's account information not in the magnetic stripe along the card's back, but in a computer chip embedded in it. The chip generates a unique, one-time code for each sale.
"When chip data is stored in a merchant's system, that data cannot be used to create counterfeit cards," said Stephanie Ericksen, vice president of risk products for Visa.
"That makes merchants less of a target for criminals, because once they've mostly got chip data, there's not a lot the fraudsters can do with it," she said.
The PIN part of "chip and PIN" is something of a misnomer. In the rest of the world, when people buy with a credit card they dip their card in the reader and then input a Personal Identification Number, or PIN, much as Americas do when we use cash machines.
Here, most banks are issuing cards that allow a signature, rather than a PIN, as confirmation. Some banks are requiring PINs right away. Eventually it's expected all will.
The actual name for the new card system is EMV, for Europay, MasterCard and Visa standards. Though most people seem to be settling on "chip cards" as shorthand.
The actual name for the new card system is EMV, for Europay, MasterCard and Visa standards. Though most people seem to be settling on "chip cards" as shorthand. (Photo: Visa)
Once they're in widespread use, big data breaches like those that hit Target and Home Depot should become less common, because merchants won't be storing anything useful to thieves in their systems.
According to a report by the Federal Reserve Bank of Kansas City, Mo., the chip cards could reduce credit card fraud by 40% in the United States.
But getting to that happy day will require money, work and expense on merchants' part. And there's a deadline.
Currently, credit card companies and banks bear the liability for fraudulent purchases on credit cards. But beginning in October, merchants who haven't switched to readers that can take the new cards will be liable for fraud if there's a problem.
Though if your bank and credit union hasn't issued you one, they, not the customer or the merchant, are still liable.
Merchants aren't required to make the switch, but the cards are coming and they need to be prepared. While new cards will still have magnetic stripes, businesses are being encouraged to shift over quickly.
That means buying new credit card machines and software capable of reading both chip cards and magnetic stripe cards.
"It's not going to be without cost," said Todd McCracken, president and CEO of the National Small Business Association. "Depending on the size of the establishment, replacing all their card machines is going to cost a pretty penny."
About 30% of credit card terminals on the market today already have the hardware necessary to accept chip cards, though they don't necessarily have the right software, said Visa's Ericksen.
Merchants need special credit card machines capable of reading a micro chip credit card. (Photo: Visa)
Costs will vary depending on how big a merchant is. For mom-and-pop operations, "We're seeing some of the new card readers at the warehouse buying clubs that are under $100," she said.
Credit card companies plan to spend the first part of the year in an all-out push to get companies to upgrade.
For example, American Express will begin offering $100 in reimbursement to small merchants that switch to the chip card readers in February.
"We've allocated up to $10 million for upgrades," said Anré Williams, president of global merchant services at American Express.
The idea is to give merchants encouragement to make the shift, knowing that, "they're busy; they've got a lot of things going on," Williams said.
Sooner will be better than later because security experts are predicting a wave of data breaches as the window is "closing for hackers to easily profit from point-of-sale attacks on brick-and-mortar retailers," according to Experian's 2015 Data Breach Industry Forecast.
The biggest question for McCracken, with the National Small Business Association, is whether the savings on fraudulent charges the credit card companies will see end up being translated into lower rates for merchants.
"They've been telling us for years that the reason small businesses pay such high fees for taking credit cards is fraud," he said.
If the liability is moving to the merchant, and if the new chip cards are so much more security in the first place, the credit card fees small merchants pay should go down. Those typically run between 0.5% and 2% per transaction.
The association will be watching fees carefully, McCracken said. "If the fees don't go down, we'll see about pursing a legislative solution."