If you haven’t heard, October 2015 is when the new EMV liability change takes place. If you take payments via scanned credit or debit cards and aren’t using an EMV chip reader, you may be liable for any loses due to fraud. Is your business ready? What about QuickBooks EMV compliance? Is it time to panic if you process credit cards? Although we are at the brink of the changeover date, businesses that use a QuickBooks payment solution don’t have to worry!
Editor’s Note: There is updated information on this topic in an article by David Glantz.
What Is EMV?
Randy Johnston discussed this in detail in his article on EMV and Electronic Payments earlier this year. To be very brief, the US is changing over from using debit and credit cards that just use the magnetic stripe on the back to cards that have an embedded “smart chip.” You can still read these smart chip (“EMV-compliant”) cards with the standard magnetic strip card readers everyone has, but the card is best read by a special reader that reads the chip itself. These kinds of cards have been used in many other countries for some time now (such as in the Eurozone).
The big issue, though, is that starting in October 2015 some new rules relating to credit card fraud come into play.
In the past, if a merchant took payment via a credit card using a device that reads the magnetic stripe, and there was some form of fraud (such as a cloned card), the credit card company was liable for losses, not the merchant.
Starting in October 2015, though, if someone hands you an EMV-compliant card with a chip, and you scan it with a magnetic stripe reader, the merchant is liable for any losses due to fraud. This is a big change!
Here’s a chart provided to me by Intuit that shows how this works out (“Today” means prior to October 1, 2015).
Is it Time to Panic? No!
I’ve been following the news about this for some time now, and there is a lot of hysteria in some places. If you aren’t ready for EMV card processing, is it time to panic? No, it really isn’t, for many businesses. October 1 isn’t a “mandate,” you aren’t forced to use an EMV card reader, and you won’t lose your business if you don’t.
Yes, you might be exposed to additional liability, but not necessarily. You need to think about how you do business.
- If you process credit cards over the phone, or online, there is no change in your liability coverage. The change only involves transactions where a physical EMV-compliant card is present and you swipe it through a magnetic card reader.
- If you process credit cards by manually entering the card number, again there is no change in your liability coverage, even if the card is physically presented to you.
- This is only going to be an issue in situations where someone is trying to commit credit card fraud with an illegally prepared or altered card. If the majority of your business is done with someone that you trust, with “known customers,” your exposure is going to be very, very low.
When the Eurozone countries switched to Chip cards they found, over a period of time, that credit card fraud of this sort declined. That is great! However, there was a matching increase in online credit card fraud. Sometimes we just can’t win…
What About QuickBooks EMV Compliance?
Now that is an interesting question, and I wasn’t sure how Intuit was dealing with this. I’ve seen a few emails from them, but it wasn’t really clear to me what Intuit was doing. The answer is surprising!
Good news – Intuit is working on EMV compliance. They are updating their software products for compliance and developing chip-reading devices for both mobile phones and desktop use. There will be an EMV card reader that plugs into your Apple and Android devices, similar to what we had before to read magnetic stripes. There also will be a USB EMV card reader for QuickBooks desktop applications.
Wait – bad news – these devices aren’t ready yet, and might not be until sometime next year! Intuit has to get their hardware and software solutions certified with each of the major credit card brands, and that takes time. Wow! So what do I do in the meantime?
On the other hand – really great news – Intuit will cover your liability if you use their payment systems! You heard me, they will cover your liability if you are using an Intuit payment system to process your credit cards, using one of their supported software products. If there is a fraud situation involving your scanning a chip card using a magnetic stripe reader, and you didn’t know that there was some sort of fraud going on, and you are using Intuit as your payment processor, Intuit will take care of the liability issue for you. This coverage is available from October 1, 2015 through March 31, 2016. By that time Intuit will have gone through all of the EMV certification hoops with each of the processors. I expect that they will be finished long before that date.
So that means that customers of QuickBooks payments are covered starting October 1, 2015. This ONLY applies until Intuit has updated their software and released the new hardware. It ONLY applies if you are using one of the EMV-compliant QuickBooks products and are using an Intuit payment solution. And, only if you UNKNOWINGLY accept a fraudulent credit card.
If you are using some other credit card processor then you aren’t covered by Intuit – you need to talk to your payment processor to see what your options are.
Note that you will have to purchase the updated readers when they are available. The Apple/Android reader will cost $30.00 and you can pre-order it now. Prices haven’t been announced for the USB reader for desktop products.
EMV-Compliant QuickBooks Products
What QuickBooks products will be covered when Intuit supports EMV? Keep in mind that the liability coverage is only available if you use one of these products AND you are using an Intuit payment processing account. Several of these products allow the use of other payment processors – if you use one of the other payment processors then you are not covered by Intuit.
- QuickBooks GoPayment using the updated plugin reader.
- QuickBooks Mobile using the the updated plugin reader .
- QuickBooks Pro, Premier and Accountant 2016 using the updated USB reader. Yes, I said “2016.” At this time they aren’t going to provide coverage for older products.
- QuickBooks Enterprise V16 using their updated USB reader (less of an issue here since everyone should be on a subscription and will be getting the V16 product through their subscription).
- QuickBooks Online using the plugin USB reader.
- QuickBooks Point of Sale V12 (none of the older versions) using the plugin USB reader.
- QuickBooks Point of Sale powered by Revel Systems using the hardware that will be provided by Revel, as long as you use Intuit for payment processing (Revel supports many different payment processors).
I’m fine with all of this except for QuickBooks Desktop. Saying that they will only provide EMV compatibility with QuickBooks 2016, even though they are still are supporting some older versions of QuickBooks otherwise, essentially forces people to move up to QuickBooks 2016 or use another payment processor. Of course, you don’t have to make this move now, you only have to do that when Intuit releases the EMV compliance features. No announcement of when that will happen, but it will be before March of 2016. That gives us time to see if the 2016 product is safe to use.
Here is Intuit’s response to me when I asked them to clarify the issue about QuickBooks 2016:
“Enabling EMV – including the initial and ongoing certification processes – is a significant investment. We’re focused on delivering EMV in our latest 2016 offerings in order to have it in market as soon as possible. Additionally, enabling EMV in previous versions may not be right for customers using previous versions of QBDT. If they would like to take advantage of EMV, they would be able to purchase the latest version – which is the same process they would use if they wanted to access any other new features. By doing so, we are then opening up our resources to deliver new features and other customer improvements, without negatively affecting customers who are not looking to migrate to EMV or take advantage of other new features in QBDT 2016. By effectively extending the liability shift date for all of our QuickBooks Payments customers, we’re ensuring customers are protected while also giving them ample time to transition to the latest, EMV-capable version of QB.”
Wrapping It All Up
Here are some interesting EMV-related websites :
- Randy Johnston’s overview of EMV and electronic payments: https://www.sleeter.com/blog/2015/03/emv-electronic-payments/
- Intuit support site explaining EMV and smart chip cards: https://support.quickbooks.intuit.com/support/articles/inf23795
- Intuit “Get ready for EMV” website: http://quickbooks.intuit.com/payments/emv-reader
- Intuit’s study on small business adoption of EMB technology: http://www.slideshare.net/IntuitInc/intuit-emv-survey-final/1
So, to summarize the major points:
- The change in liability for EMV-compliant cards starts on October 1, 2015.
- You are only liable in cases where you scan an EMV-compliant card using a magnetic stripe reader, and the card is fraudulent.
- QuickBooks products are not currently EMV-compliant, but Intuit is working on that. You may have to upgrade, though, if you are using QuickBooks Desktop.
- You will need to buy an EMV-compliant scanning device from Intuit.
- Until EMV-compliant devices and software are available, Intuit will cover your liability (until March 31, 2016) as long as you are using a EMV-supported QuickBooks product and an Intuit payment processing account.
Intuit isn’t the only company that isn’t fully EMV-compliant at this time, although I’ve not done a comprehensive survey. It sounds like the certification process is taking the credit card companies much longer than was anticipated. I applaud Intuit for deciding to cover their customer’s liability exposure. The constraints that they are placing on that coverage are reasonable. However, if the only desktop versions of Pro, Premier and Enterprise that are covered will be the 2016 version, I expect there to be some unhappy people. Including me.