EMV has been adopted in virtually every part of the world, including Canada and Mexico, for the storing of payment-card data. The U.S. maintains a vested interest in magnetic stripe based cards and the devices associated with them. Expense is currently the biggest barrier for US implementation along with liability for fraud loss. Criminals already working around the system also figure into the reluctance to bring it to American cardholders.
Javelin Strategy & Research estimates an EMV roll out across the United States would cost about $8.6 billion including the following:
• POS terminal replacements -- approximately $6.75 billion
• EMV card issuance -- around $1.4 billion
• ATM upgrades -- approximately $500 million
Also to be considered is the fact that the greatest beneficiaries of Chip and Pin are the card issuers with merchants and customers taking the brunt of the losses. The same merchants that will need to pay for most of the upgraded equipment to accept the new devices.
"(Chip and Pin's) main attraction to banks is the 'liability shift,' which is precluded in the U.S. by Regulation E," wrote Ross Anderson, a professor of security engineering at the University of Cambridge, in an e-mail. "This shift means that disputed transactions will be blamed on the customer if a PIN was used and the merchant otherwise. Thus, in theory, the bank would never again be liable.
Such a shift isn't possible in the U.S. because of rules set up under the Electronic Fund Transfer Act of 1978, says Steven J. Murdoch, Ph.D., a security researcher at Cambridge University. This is probably good news for U.S. consumers: Murdoch says that since the standard was fully adopted, it's been next to impossible for British consumers to recover money stolen in fraud.
"The banks get to effectively make up their own rules, and the rule they've chosen is that if your PIN is used, then you must have been negligent about protecting your PIN, therefore you're liable for the fraud," says Murdoch.
With this much uncertainty and these expenses without a return on investment we don't expect Chip and Pin to take over the US soon.
This bill represents a continuation to spur job creation and improve the quality of life in communities. Small businesses need capital to create jobs and lead economic recovery. The Small Business Jobs Tax Relief Act contains important tax cuts and lending opportunities that will help give small business owners the resources and flexibility they need to help their businesses grow.
The bill will increase the capital gains exclusion on investments in small business stock to 100 percent (from 75 percent in the American Recovery and Reinvestment Act) for qualifying stock acquired after March 15, 2010 and before January 1, 2012.
The bill will also alleviate certain onerous tax penalties on small businesses. Under current law, Section 6707A of the Tax Code imposes a penalty on the failure to disclose a “reportable transaction” on any tax return or information statement. There are six categories of reportable transactions, one of which is a “listed transaction,” a type of transaction identified by the IRS through guidance as a tax avoidance transaction. The penalty for failure to disclose a reportable transaction (other than a listed transaction) on a return is $10,000 in the case of individuals and $50,000 in any other case. For listed transactions, the penalty is $100,000 in the case of individuals and $200,000 in any other case. The bill generally would make the penalty for failing to disclose reportable transactions (including listed transactions) proportionate to the underlying tax savings.
In addition the bill will allow small businesses to deduct up to $20,000 in small business start-up expenses not related to capital or equipment. The bill will also allow non-recourse Small Business Administration loans to qualify for certain exceptions to the at-risk loan rules, allowing business expenditures made under those loans to be deductible against related business income.
Checking your UPS, Uninterrupted Power Supply, especially the battery backup side is critical to keep your POS system running smoothly. During summer seasons power consumption is at its highest. This increases the chance of power interruption in the form of blackouts or brownouts. A blackout is easier to detect but a brownout may not be easily felt. Power fluctuation could also cause a power surge. Any one of these power outage scenarios could damage your POS system or any electronic devices that are not protected by a surge protector or UPS. All of your POS system devices should be plugged into a UPS. If you have a UPS and do not remember when it was installed or replaced, you should replace them to ensure your store runs smoothly.
Your POS system is equipped with backup devices and media. There may be an automatic file backup in place but there is always a removable backup device and media in the form of a DVD-RW drive and discs. Your daily or weekly routine should be making sure your system is backed up to the removable media. This is the quickest way to restore your system after a hard drive replacement. Removable backup should be part of your operational routine, just like counting cashiers and running reports.
Take a moment to inspect the surroundings of your POS equipment. All electronic equipment has vents for cooling. Be sure your POS equipment has room for cooling by looking at the vents to be sure they are clear of dust and are not blocked. Although your IBM POS system is designed to withstand the toughest conditions in the retail environment, periodic cleaning is still a good practice to help your system run at peak performance.
These are just some of the regular maintenance practices that you should do to help prevent any system down time. Other maintenance practices include keeping your scanner/scale glass clean and clear of debris to ensure accurate scanning and weighing.
Your POS system is the mission critical part of your operation. It pays to practice simple maintenance measures to ensure you and your POS systems have a great summer.
We live in an age of cyber crime. The incident rates of reported cyber crimes are exploding. One segment of this growing criminal industry is the organized effort to steal customer account data to be sold for fraudulent purposes. The level of sophistication and adaptability of these illicit enterprises is nothing less than astonishing. The cycle of innovation in attack methodologies as the criminals reengineer their processes and develop new tools, keeps the full time security analysts in a constant game of cat and mouse.
As a merchant whose business depends heavily on electronic fund transfers to transact every day (roughly two-thirds of all retail transactions), the security of your POS system needs to be a primary concern. Who is accessing the system? What do they have access to? Are they able to do anything that could potentially compromise your customers’ account data, such as getting on the internet and checking email? These types of activity in a POS environment expose your system to potential malware attacks that can lead to an account data breach. To protect their consumers the Payment Card Industry (PCI) got together and developed a Data Security Standard (DSS) mandating all merchants secure their networks and protect cardholder data. If compromised card data is traced back to a specific merchant’s business, they are responsible to comply and pay for the forensic investigation and remediation to address the breach. Heavy fines can be levied and in a worst case the merchant is kicked off the debit networks: no more electronic fund transfers. Assuming the business survives an investigation with EFT processing intact, the bad public relations and loss of customer confidence itself can be costly to restore.
As a business relying greatly on the ability to process electronic fund transfers, you don’t want to be at risk of having your POS system compromised. All merchants are expected to be in compliance with the PCI DSS. Some of the first steps to accomplishing compliance is protecting your system from intrusions and restricting access to only authorized personnel performing only business operations. Find out who is accessing your systems. What are they doing? Remember, your business may depend on it. To find out more about PCI DSS visit http://www.pcisecuritystandards.org/.