QuickBooks

QuickBooks EMV Compliance

Written by Charlie Russell

If you haven’t heard, October 2015 is when the new EMV liability change takes place. If you take payments via scanned credit or debit cards and aren’t using an EMV chip reader, you may be liable for any loses due to fraud. Is your business ready? What about QuickBooks EMV compliance? Is it time to panic if you process credit cards? Although we are at the brink of the changeover date, businesses that use a QuickBooks payment solution don’t have to worry!

Editor’s Note: There is updated information on this topic in an article by David Glantz.

What Is EMV?

Randy Johnston discussed this in detail in his article on EMV and Electronic Payments earlier this year. To be very brief, the US is changing over from using debit and credit cards that just use the magnetic stripe on the back to cards that have an embedded “smart chip.” You can still read these smart chip (“EMV-compliant”) cards with the standard magnetic strip card readers everyone has, but the card is best read by a special reader that reads the chip itself. These kinds of cards have been used in many other countries for some time now (such as in the Eurozone).

The big issue, though, is that starting in October 2015 some new rules relating to credit card fraud come into play.

In the past, if a merchant took payment via a credit card using a device that reads the magnetic stripe, and there was some form of fraud (such as a cloned card), the credit card company was liable for losses, not the merchant.

Starting in October 2015, though, if someone hands you an EMV-compliant card with a chip, and you scan it with a magnetic stripe reader, the merchant is liable  for any losses due to fraud. This is a big change!

Here’s a chart provided to me by Intuit that shows how this works out (“Today” means prior to October 1, 2015).

QuickBooks EMV fraud liability

Graphic courtesy of Intuit

Is it Time to Panic? No!

I’ve been following the news about this for some time now, and there is a lot of hysteria in some places. If you aren’t ready for EMV card processing, is it time to panic? No, it really isn’t, for many businesses. October 1 isn’t a “mandate,” you aren’t forced to use an EMV card reader, and you won’t lose your business if you don’t.

Yes, you might be exposed to additional liability, but not necessarily. You need to think about how you do business.

  • If you process credit cards over the phone, or online, there is no change in your liability coverage. The change only involves transactions where a physical EMV-compliant card is present and you swipe it through a magnetic card reader.
  • If you process credit cards by manually entering the card number, again there is no change in your liability coverage, even if the card is physically presented to you.
  • This is only going to be an issue in situations where someone is trying to commit credit card fraud with an illegally prepared or altered card. If the majority of your business is done with someone that you trust, with “known customers,” your exposure is going to be very, very low.

When the Eurozone countries switched to Chip cards they found, over a period of time, that credit card fraud of this sort declined. That is great! However, there was a matching increase in online credit card fraud. Sometimes we just can’t win…

What About QuickBooks EMV Compliance?

Now that is an interesting question, and I wasn’t sure how Intuit was dealing with this. I’ve seen a few emails from them, but it wasn’t really clear to me what Intuit was doing. The answer is surprising!

QuickBooks EMV card readerGood news – Intuit is working on EMV compliance. They are updating their software products for compliance and developing chip-reading devices for both mobile phones and desktop use. There will be an EMV card reader that plugs into your Apple and Android devices, similar to what we had before to read magnetic stripes. There also will be a USB EMV card reader for QuickBooks desktop applications.

Wait – bad news – these devices aren’t ready yet, and might not be until sometime next year! Intuit has to get their hardware and software solutions certified with each of the major credit card brands, and that takes time. Wow! So what do I do in the meantime?

On the other hand – really great news – Intuit will cover your liability if you use their payment systems! You heard me, they will cover your liability if you are using an Intuit  payment system to process your credit cards, using one of their supported software products. If there is a fraud situation involving your scanning a chip card using a magnetic stripe reader, and you didn’t know that there was some sort of fraud going on, and you are using Intuit as your payment processor, Intuit will take care of the liability issue for you. This coverage is available from October 1, 2015 through March 31, 2016. By that time Intuit will have gone through all of the EMV certification hoops with each of the processors. I expect that they will be finished long before that date.

So that means that customers of QuickBooks payments are covered starting October 1, 2015. This ONLY applies until Intuit has updated their software and released the new hardware. It ONLY applies if you are using one of the EMV-compliant QuickBooks products and are using an Intuit payment solution. And, only if you UNKNOWINGLY accept a fraudulent credit card.

If you are using some other credit card processor then you aren’t covered by Intuit – you need to talk to your payment processor to see what your options are.

Note that you will have to purchase the updated readers when they are available. The Apple/Android reader will cost $30.00 and you can pre-order it now. Prices haven’t been announced for the USB reader for desktop products.

EMV-Compliant QuickBooks Products

What QuickBooks products will be covered when Intuit supports EMV? Keep in mind that the liability coverage is only available if you use one of these products AND you are using an Intuit payment processing account. Several of these products allow the use of other payment processors – if you use one of the other payment processors then you are not covered by Intuit.

  • QuickBooks GoPayment using the updated plugin reader.
  • QuickBooks Mobile using the the updated plugin reader .
  • QuickBooks Pro, Premier and Accountant 2016 using the updated USB reader. Yes, I said “2016.” At this time they aren’t going to provide coverage for older products.
  • QuickBooks Enterprise V16 using their updated USB reader (less of an issue here since everyone should be on a subscription and will be getting the V16 product through their subscription).
  • QuickBooks Online using the plugin USB reader.
  • QuickBooks Point of Sale V12 (none of the older versions) using the plugin USB reader.
  • QuickBooks Point of Sale powered by Revel Systems using the hardware that will be provided by Revel, as long as you use Intuit for payment processing (Revel supports many different payment processors).

I’m fine with all of this except for QuickBooks Desktop. Saying that they will only provide EMV compatibility with QuickBooks 2016, even though they are still are supporting some older versions of QuickBooks otherwise, essentially forces people to move up to QuickBooks 2016 or use another payment processor. Of course, you don’t have to make this move now, you only have to do that when Intuit releases the EMV compliance features. No announcement of when that will happen, but it will be before March of 2016. That gives us time to see if the 2016 product is safe to use.

Here is Intuit’s response to me when I asked them to clarify the issue about QuickBooks 2016:

“Enabling EMV – including the initial and ongoing certification processes – is a significant investment. We’re focused on delivering EMV in our latest 2016 offerings in order to have it in market as soon as possible. Additionally, enabling EMV in previous versions may not be right for customers using previous versions of QBDT. If they would like to take advantage of EMV, they would be able to purchase the latest version – which is the same process they would use if they wanted to access any other new features. By doing so, we are then opening up our resources to deliver new features and other customer improvements, without negatively affecting customers who are not looking to migrate to EMV or take advantage of other new features in QBDT 2016. By effectively extending the liability shift date for all of our QuickBooks Payments customers, we’re ensuring customers are protected while also giving them ample time to transition to the latest, EMV-capable version of QB.”

Wrapping It All Up

Here are some interesting EMV-related websites :

So, to summarize the major points:

  • The change in liability for EMV-compliant cards starts on October 1, 2015.
  • You are only liable in cases where you scan an EMV-compliant card using a magnetic stripe reader, and the card is fraudulent.
  • QuickBooks products are not currently EMV-compliant, but Intuit is working on that. You may have to upgrade, though, if you are using QuickBooks Desktop.
  • You will need to buy an EMV-compliant scanning device from Intuit.
  • Until EMV-compliant devices and software are available, Intuit will cover your liability (until March 31, 2016) as long as you are using a EMV-supported QuickBooks product and an Intuit payment processing account.

Intuit isn’t the only company that isn’t fully EMV-compliant at this time, although I’ve not done a comprehensive survey. It sounds like the certification process is taking the credit card companies much longer than was anticipated. I applaud Intuit for deciding to cover their customer’s liability exposure. The constraints that they are placing on that coverage are reasonable. However, if the only desktop versions of Pro, Premier and Enterprise that are covered will be the 2016 version, I expect there to be some unhappy people. Including me.


Save pagePDF pageEmail pagePrint page

About the author

Charlie Russell

Charlie Russell has been involved with the small business software industry since the mid 70's, and remembers releasing his first commercial accounting software product when you had an 8-bit microcomputer with one 8 inch floppy disk drive. He has a special interest in inventory and manufacturing software for small businesses. Charlie is a Certified Advanced QuickBooks ProAdvisor with additional certifications for QuickBooks Online and QuickBooks Enterprise, as well as being a Xero Certified Partner. Charlie started blogging about QuickBooks in 2008 (Practical QuickBooks) and has been the managing editor and primary writer for the Sleeter Report since 2011. Charlie can be reached at charlie@ccrsoftware.com

Visit his CCRSoftware web site for information about his QuickBooks add-on products. He is also the author of the California Wildflower Hikes blog.

3 Comments

  • Hi Charlie,

    Thank you for a comprehensive article on QuickBooks EMV Compliance.

    We agree that clients on older versions of QBDT are going to be unhappy, especially if they feel forced to go to QB 2016 only for EMV Compliance. There are reasons that clients stay with older QuickBooks Desktop app, as you know.

    We would add that a lot of Small Business Point of Sales environments have limited resources. So upgrading all Point of Sale apps., Accounting apps. and Compliant Equipment, etc. at one time is costly, not to mention the set up, implementation, and training costs, etc.

    If a client is forced, they will look at all other apps. or alternatives, as well.

    One solution maybe to move the Point of Sale only to another EMV Compliant app. integrated or not integrated with an older Quickbooks Desktop app. Most of these apps. export data in Excel, XLS and CVS files, as well, for import, backup, and archival of historical data. This is not ideal but could extend the cost of replacing the full Accounting system at the same time as Point of Sale.

    Take a look at a product called SumUp. SumUp is the leading Mobile Point-of-Sale (mPOS) company in Europe. Launched in August 2012, SumUp has expanded into 15 countries. SumUp is backed by American Express, BBVA Ventures, Groupon, and other Venture Capital Investors. The company is headquartered in London. Yesterday, October 21, in a news release, Daniel Klein, CEO of SumUp said, “It’s a perfect time to bring SumUp to the U.S.”

    We would like to see Intuit make a direct relationship with SumUp. Intuit could tap into their API or create an Intuit product app. link for all QuickBooks Desktop apps. SumUp has a simple App and Dashboard for devices and exports data, as defined above. Their focus is their wireless EMV Terminal.

    This is just one way to help Intuit resolve EMV compliance issues with older apps. while satisfying or maintaining the existing QuickBooks Desktop clients. Then these clients will stay clients and most likely migrate to new apps., as features, namely Inventory, etc. improve, and the costs of migration wane.

    Hope this information is helpful to others looking at EMV Compliance issues.

    Sincerely,

    Tamra

    Tamra Groff, Senior Consultant, GASC/GHFG

    • Thank you, Tamra. You are right about the limits that many small businesses have to deal with in upgrading. However, we also have to consider that the kind of fraud that people will see in this case is more likely to be faced by businesses that deal with expensive items. A jewelry store is more likely to see this kind of fraud than a small hamburger stand, most likely. Many small businesses are confused about what their liability will be, what kind of fraud this deals with.

      And, as you point out, there are options for businesses outside of using an Intuit payment system.

  • I just spoke with Intuit Merchant Services today (07/12/16) after receiving a second phone reader when we have been waiting for a desktop reader and was told they do not have a USB compatible reader available and have no idea when they will have one. Is there a 3rd party that can provide a compliant USB desktop card reader for use with QuickBooks?

Leave a Comment