New PCI DSS Requirements: Stay Compliant and Avoid Paying Penalties

New PCI DSS Requirements: Stay Compliant and Avoid Paying Penalties

By Merchant Advocate

If your business accepts credit card payments, you may be familiar with PCI DSS (Payment Card Industry Data Security Standard), widely recognized as the gold standard for protecting financial data. What you may not know is that PCI DSS has recently been updated, and its latest version, 4.0, could significantly impact how businesses manage payment security. With full compliance required by March 2025, now is the time for all merchants and business owners to understand the new requirements, what’s changing, and how to prepare.

Why PCI DSS 4.0 Requirements Matter

The move from PCI DSS version 3.2.1 to 4.0 represents a significant update in security requirements implemented to address emerging threats. While businesses across all sectors are impacted, industries handling sensitive financial or customer data—such as retail, healthcare, hospitality, and e-commerce—are particularly at risk if they fail to comply.

Despite this, many business owners are still unaware of PCI DSS 4.0’s requirements, and some haven’t even begun making the necessary changes. Noncompliance not only increases your vulnerability to cyberattacks but also exposes your business to potential fines, data breach costs, and credibility damage.

Cybersecurity Threats Are Growing

Cyberattacks have surged in recent years, and businesses of all sizes are targets. For example, in 2023, the healthcare sector alone experienced a 128% increase in cyberattacks in the U.S. But the threat isn’t limited to healthcare—retailers, restaurants, and online stores handling customer payment data are equally attractive to cybercriminals.

PCI DSS 4.0 helps protect against these threats by requiring businesses to strengthen their defenses. The updated standards emphasize secure networks, data encryption, robust access controls, and regular vulnerability management.

Key Updates in PCI DSS 4.0

Revised SAQs

The first update is a series of revised SAQs (self-assessment questionnaires), which now require more detailed reporting, reflecting stricter security protocols. While these updates are currently considered best practices, they will become mandatory by March 31, 2025. Businesses should review and update their SAQs as soon as possible to ensure compliance.

Stricter Cardholder Data Policies

In addition, PCI DSS 4.0 introduces stricter measures for controlling who can access cardholder data. This includes multi-factor authentication, user authentication protocols, and physical security measures to prevent unauthorized access.

12 Core Requirements

PCI DSS compliance isn’t a one-time event—it’s an ongoing process. Businesses must meet 12 core requirements, including maintaining secure networks, encrypting transmitted data, and enforcing strict password policies. Regularly monitoring and testing systems is critical to staying compliant and minimizing vulnerabilities.

Risks of Noncompliance

Noncompliance with PCI DSS 4.0 isn’t illegal but can be costly. Businesses may face monthly fines ranging from $20 to $5,000 or more, depending on the severity of the noncompliance or data breach. In the event of a breach, you could also be held liable for reissuing cards, covering fraudulent charges, and paying additional penalties. The financial and reputational damage could be devastating.

New PCI DSS 4.0 Requirements

To prepare, follow these steps:

  1. Understand PCI DSS 4.0 Requirements
    Review the updated standards and assess how they apply to your business operations.
  2. Update SAQs
    Complete the new self-assessment questionnaires to ensure they align with the revised requirements.
  3. Enhance Security Measures
    Invest in tools like firewalls, encryption software, and access control systems to protect cardholder data.
  4. Monitor and Test Networks Regularly
    Schedule routine checks to ensure your systems are secure and compliant.
  5. Optimize Payment Processing Fees
    Review your monthly processing statements to identify noncompliance fees and excessive charges.

Reducing Costs and Staying Compliant

Did you know that 72% of businesses pay excessive or avoidable processing fees? In 2023, U.S. merchants spent $172 billion on processing fees—an increase of over 7.5% from the previous year. PCI noncompliance fees often appear as additional charges on monthly statements, so it’s essential to review these closely.

Consider working with a consultant, like Merchant Advocate, to help reduce credit card processing costs and navigate the complexities of PCI DSS 4.0. By optimizing your payment systems and ensuring compliance, you can protect your business from risks while improving your bottom line.

Urgency is Key

Don’t wait until the March 2025 deadline. Proactively updating your payment security practices to align with PCI DSS 4.0 will safeguard your business against threats, ensure compliance, and position you for long-term success. Contact us for more information or a FREE analysis today.

green credit card that is processing fees with pos system

POS Equipment: How to Get the Best Deal and Avoid Hidden Costs

It’s important to take the time and choose wisely, here’s why.
By Merchant Advocate

Why Choosing the Right POS System Matters

There’s a myriad of decisions to be made when operating a business, but one with long term implications is your choice of point-of-sale system. POS systems can help drive cost savings and reduce credit card fees in the long run if chosen strategically and set up properly. Unfortunately, many companies struggle with managing the nuances of these integrations.

Case Study: Optimizing POS and Fees for Woodstock Inn Brewery

One such business was the Woodstock Inn Brewery. “I didn’t have a lot of confidence in our program—our processor didn’t even assign us a new contact when ours left,” says Roberta Vigneault, financial manager of the award-winning restaurant, brewery, and hotel in New Hampshire. “Roberta reached out to us for a free analysis, and we quickly determined she was a candidate for our services,” says Howard Goldstein, a Merchant Advocate regional director. “We conducted an in-depth analysis, and uncovered Woodstock was being significantly overcharged. Their processor initially came back with a paltry reduction that left a lot of additional savings to be realized,” he recalls.

“Thankfully, their POS system worked with other providers which enabled us to ultimately triple the savings offered by her current processor.”

This is the perfect example of two crucial elements to be aware of when evaluating a POS system: the contract term and early termination fees. Systems often come with lengthy contracts that can make it difficult to make any changes even though your business needs may evolve and change over time. That’s why it’s imperative to take a close look at contract terms and be aware of when you will approach a renewal or end date.

Key Factors in Selecting a POS System

Contract Terms and Exclusivity

Some POS systems lock you into using their preferred payment processor, while others allow you to integrate with multiple payment providers. A system that supports multiple processors provides flexibility and allows for leverage when trying to take control of your transaction fees.

Processors may be open to negotiating lower fees if it means keeping you as a client, but in order to be effective you need to understand the lingo and know what to ask for; a third-party expert like Merchant Advocate can help.

In Woodstock Inn Brewery’s case, non-exclusivity made all the difference “Merchant Advocate negotiated directly with our processor,” recalls Vigneault. “They found a great solution that kept our current POS system but allowed us to work with another processor to maximize savings.”

Integration Capabilities

The payment processor should integrate smoothly with your POS software, allowing for automatic reconciliation of payments, real-time reporting, and synchronization with accounting and inventory management systems. It is crucial to understand what processor options are available with the POS system before you commit to a solution. Some will only allow you to work with one provider, while others are processor agnostic. There are many processor options out there with different fees and pricing structures, so you should be sure to weigh the pros and cons of both the system and the processor. In the case of the Woodstock Inn Brewery, flexibility was key.

Tips for Reducing Credit Card Processing Fees

Compare Processing Fees Across Providers

Business owners should compare fees across different processors to minimize costs, as even small differences can significantly impact profitability, especially in high-volume environments. One should review statements for any additional fees that may be able to be optimized, such as for chargebacks, PCI compliance, and batch processing.

Surcharging Considerations

Surcharging has grown in popularity in recent years, as has legislation regulating its usage. Those considering implementing a program must ensure it is executed correctly on all fronts to avoid potential tax implications—not to mention fines from credit card brands.
Your POS system would need to be able to distinguish credit cards from debit cards and cash payments, then add surcharges accordingly. It is illegal to surcharge a debit card. If you have multiple locations, some of which are in a different state, this further complicates things as you will need to abide by each state’s regulations.

“There are multiple types of programs that allow business owners to pass along processing fees to customers: surcharging, cash discount and dual pricing,” explains Goldstein.

“If you choose to implement a surcharging program, you must make sure your POS system is programmed properly to distinguish between credit and debit cards. The surcharge does not allow you as a merchant to charge debit cards. And these are usually not set up properly.”

Invest in EMV for Security and Savings

If you’ve been contemplating upgrading your old equipment, this is your reminder to do so as soon as possible as EMV is the new standard. Short for Europay, Visa, and Mastercard (the companies that spearheaded the development), this technology refers to the chips embedded in credit cards that carry data far more securely than the vastly outdated magnetic stripes.

By still allowing for magnetic swipes, your business is not only opening itself up to credit card fraud, but you’re likely paying non EMV-assessment fees each month for continuing the antiquated practice. Ensure the POS system you choose accepts EMV chip-enabled cards to reduce liability; some systems may also support PIN entry for added security.

In addition, if you are still swiping cards, you will automatically lose chargeback disputes on swiped transactions. Some people have become savvy to this and know that if they swipe their card they can report the charge as fraudulent with no repercussions.

Newer equipment also means mobile payment support. With the rise of contactless payments, your POS should support digital wallets like Apple Pay, Google Pay, and other tap-and-go payments.

Ideally, the POS hardware should also include offline capabilities that make it possible to process transactions offline or store them securely to process when the system is back online, ensuring smooth operations even during internet outages.

Ensuring PCI Compliance with Your POS System

Payment processors must comply with the Payment Card Industry Data Security Standard (PCI DSS) to protect cardholder information. The system should offer encryption to secure payment data from the moment the card is tapped until it reaches the payment processor. The POS vendor should ensure the system is compliant and assist with security protocols, but that doesn’t always happen, especially with a business that needs to train multiple employees. A consultant could help with personalized assistance in this scenario.

Get Expert Help to Optimize Your POS System and Processing Fees

At Merchant Advocate, we understand every facet of the processing industry, having saved over $300 million in excess fees for our clients by optimizing every aspect of the credit card acceptance process—including helping choose the right POS system for your business.

Seismic Shifts Happening in the Software Integration Landscape

The biggest fee increases we saw in 2023 came not from card brands, but from tech enabled, integrated payment processing and subscription-model services with exclusive processor relationships.

What are Software Integrated Payment Processing Services?

Software integrated payment processing services (often referred to as “integrated payment systems”) are products that allow businesses to handle credit card or digital financial transactions within their currently used software applications. The integrated payment system will ideally offer a solution to handle multiple payment methods, offer customization and automation, provide useful reporting, and ultimately, drive efficiencies. 

Integrated Systems & Business Impact

Costs are going up across the board and unfortunately for businesses with integrated systems, this is particularly true. Integrated systems often lock merchants into a specific processor. 

Imagine wearing handcuffs with no key in sight as they squeeze tighter and tighter—this is the situation many businesses are in. As such, many businesses are canceling their system subscriptions. At the same time, increased pressure on software companies is pushing them to offer more than one processor in their integration systems—allowing for more competition and ultimately lower costs.

In a major change from previous policy, Stripe just announced earlier this month they would make their online checkout site, billing services, and fraud protection available to companies that are using rival payments providers.

 

What it Means in 2024?

As we approach the midpoint of Q2 2024, now is a great time for business owners to take a closer look at recurring expenses and consider if the Return on Investment (ROI) of an integration justifies the expense or if any recent policy changes may have created new opportunities. 

Alternative Solutions

There are a variety of other solutions that may get the job done at a lower cost, including payment bridges, semi-integration, and small procedural changes. It may also be possible to negotiate and optimize costs independently or engage the expertise of a third-party auditor like Merchant Advocate.

What Every Business Owner Needs to Know About Credit Card Processing

Credit card spending has more than tripled in the last decade. For merchants accepting credit cards, that means billions of dollars in processing fees. But while processing may be big money, very few people understand the ins and outs of this unregulated industry. 

Let’s dive into how to protect your business, whether it’s a small business or a large corporation, while increasing its value and reducing costs. We will also touch on two timely concerns for all merchants—data security and the rise in surcharging programs.

 

Software Integration Issues

Many of our clients use a point-of-sale solution with integrated software. Typically, these software companies work exclusively with one processor, which can make it challenging for a business to secure optimal rates on their own.

Another major issue can involve the software itself. If you aren’t running the most recent upgrade (which may not be automatic and require an opt-in for install), all the information required by the processor at the time of the transaction may not be shared, resulting in additional charges that can really add up. 

While we would recommend calling your provider to ensure you’re running the most recent version, they aren’t always aware if there’s a problem or how to fix it. Merchant Advocate understands not only what information the processor needs to avoid fees but can also ensure pricing is fair.

 

Chargebacks

What is a Chargeback?

A chargeback happens when the credited amount from the initial charge to your business checking account is reversed. The issuing bank reverses all or a portion of the transaction amount to your acquirer/processor, citing a violation of Payment Card Networks rules or regulations as the reason for the chargeback. This often occurs frequently for businesses who have a monthly membership program. Other reasons for chargebacks include suspected fraudulent activity with the card, non-receipt of the product or service, or cardholder disagreement regarding the quality/receipt of merchandise.

Chargebacks: Impact on Large & Small Businesses

Managing chargebacks and engaging in representment can significantly reduce your expenses and improve your ratios, but these processes demand a considerable amount of time and resources. If you’d like to do so, check if your processor has a chargeback dispute manager tool. Merchant Advocate can also help set you up with a trustworthy chargeback company. No matter how you decide to handle, it is incredibly important to respond in a timely fashion.

Respond or be Fined

In the past, merchants could disregard a response request, essentially defaulting to accepting the chargeback. No longer! To expedite the process, Visa has introduced time constraints. Failure to respond promptly will result in fines.

 

Unclear Guidelines Around Surcharges

Some business owners have turned to cash discounts and surcharges to cover increases in processing costs, passing the cost to their customers. The guidelines and laws surrounding these programs are unclear, ever-changing, and vary by state and area. Many states cap the percentage of a transaction merchants can charge and the surcharge itself is often set up incorrectly, leading to math errors and overcharging. There are serious tax implications and the possibility of fines in these cases. Options include:

Sign up for a registered surcharge program that only passes the fee on credit cards.

How to Save

  1. Raise your prices
  2. Offer a cash discount yourself (no need to have the processor involved as they are just trying to make a commission), and keep the extra profit. 
  3. Enlist the help of a vigilant auditing service or work with an expert who can help decipher these confusing statements.

All you need to do this is a well-priced merchant account. You’ll need to become more familiar with monthly statements—particularly potential hidden or junk fees—and use these data points to negotiate lower fees. 

 

PCI Compliance: Protecting your Data

Every merchant that stores, processes, or transmits cardholder data is responsible for its protection. The Payment Card Industry (PCI) Data Security Standard (DSS) was created to help protect consumer data. The good news is that it’s easy to become compliant by using a PCI-compliant hosting provider. EMV chip cards are an additional way to protect card-present transactions.

How to Remain PCI Compliant

To ensure PCI compliance, you must implement the proper security policies, procedures, and staff training. You can start by auditing your merchant statements, which will show noncompliance via a penalty fine. 

Other simple steps include changing your user account passwords on a regular basis, using a third party to monitor your network security, and reviewing your physical security measures such as employee training and IT infrastructure.

 

Protecting the Interests of Your Business & Your Customers

Third-party auditors are often the best resources for understanding the credit card processing ecosystem, as processors often hide fees and make calculation errors in needlessly confusing monthly statements. It’s also normal for them to raise rates three to four times per year. Without due diligence and knowing how to read these statements, fees add up quickly.

The ever-evolving landscape of credit card security and compliance underscores the need for constant vigilance to safeguard both your financial interests. Increasing awareness leads to savings and less stress down the line and empowers business owners to navigate the credit card payment ecosystem with greater confidence.

Find out if Merchant Advocate can help your business with a free analysis.

Top Ten States with Highest Swipe Fees

By Zena Tsarfin for Merchant Advocate

Credit card processing fees are an inescapable part of doing business. And though it’s well known that American-based businesses pay more in swipe fees than their European counterparts—what most people probably don’t realize is that even some states have higher swipe fees than others.

Many variables come into play. Recently, Forbes Advisor compiled a list, adjusting for things like inflation and cost of living. Their rankings are based on the total amount of fees paid statewide, as well the average swipe fee per capita and per transaction.

Not surprisingly, the vast state of California led in the total number of fees paid overall, at over $97 million. What is more surprising is some of the smaller states that made the list. While Hawaiian merchants paid significantly less in fees overall, they had by far the highest swipe fees per capita and transaction. Massachusetts had the second highest swipe fees per capita and per transaction, despite lower fees overall.

Top 10 Swipe Fees by State

1. California

Total in Swipe Fees Paid – $97,474,291.77

Swipe Fees Per Capita – $2.47

Swipe Fee Per Transaction – $0.24

2. Massachusetts

Total in Swipe Fees Paid – $19,058,468.49

Swipe Fees Per Capita – $2.73

Swipe Fee Per Transaction – $0.27

3. New York

Total in Swipe Fees Paid – $46,220,401.28

Swipe Fees Per Capita – $2.30

Swipe Fee Per Transaction – $0.23

4. Hawaii

Total in Swipe Fees Paid – $4,778,915.38

Swipe Fees Per Capita – $3.29

Swipe Fee Per Transaction – $0.33

5. Maryland

Total in Swipe Fees Paid – $13,495,908.71

Swipe Fees Per Capita – $2.19

Swipe Fee Per Transaction – $0.22

6. Washington

Total in Swipe Fees Paid – $16,104,301.90

Swipe Fees Per Capita – $2.11

Swipe Fee Per Transaction – $0.21

7. Oregon

Total in Swipe Fees Paid – $8,894,631.86

Swipe Fees Per Capita – $2.11

Swipe Fee Per Transaction – $0.21

8. Alaska

Total in Swipe Fees Paid – $1,681,632.73

Swipe Fees Per Capita – $2.28

Swipe Fee Per Transaction – $0.23

9. New Jersey

Total in Swipe Fees Paid – $19,352,564.08

Swipe Fees Per Capita – $2.10

Swipe Fee Per Transaction – $0.21

10. New Hampshire

Total in Swipe Fees Paid – $2,898,472.70

Swipe Fees Per Capita – $2.11

Swipe Fee Per Transaction – $0.21

 

Chart: The Top 10 States Most Affected by Swipe Fees in 2023

No matter where your business is located, Merchant Advocate can help reduce your costs without switching processors. Find out what they can do for you with a FREE, no-commitment analysis.

Get a Free Analysis

New Surcharge Law for New York State

By Zena Tsarfin for Merchant Advocate

On February 11, New York became the latest state to institute guidelines and regulations regarding surcharging programs which pass the cost of credit card acceptance to consumers. In a nutshell, the new law essentially restricts businesses from imposing credit card surcharges that are higher than the actual transaction cost. But how that amount is calculated and how to ensure compliancy can be confusing.

For example, while it is still legal to charge different prices for cash versus credit transactions in New York, the highest price that a consumer might pay for a good or service must be clearly posted. This means businesses will need to adjust POS systems for two-tier pricing, as well as train employees about the new mandates.

In addition, merchants must now accommodate for a bevy of new signage that clearly “and conspicuously” displays two sets of prices, one for cash and debit cards, and the other for credit card purchases. Failure to do so can cost businesses a hefty fine of $500 for each and every violation!

More specific examples of dos and don’ts can be found on the state of New York’s website.

If you are still unsure of how this might affect your business and would like to speak to one of our experts, please contact Merchant Advocate.

Get a Free Analysis

Double Trouble: PCI Compliance, the HIPAA Overlap and How to Mitigate Your Practice’s Risk

By Zena Tsarfin for Merchant Advocate

Any business that accepts credit cards needs to take precautions to protect their customers’ personal data, but that is even more important for medical and dental practices which store precious health information. Healthcare is by far the largest sector targeted by cyberthieves; according to IBM’s cost of a data breach report, the average total cost of a breach in the healthcare industry was $10.1 million in 2022.

To keep healthcare security standards current as technology evolves, two organizations have rolled out related legislation.  The U.S. Health Department issued the Health Insurance Portability and Accountability Act (better known as HIPAA), and the PCI Security Standards Council introduced Payment Card Industry Data Security Standards, or PCI DSS.

Though HIPAA compliance covers medical records and personal data, it does not cover credit card payment information—that’s where PCI DSS comes in. PCI and HIPAA both require that a business secures certain types of patient information. While the specific data they pertain to varies, there is some overlap between HIPAA and PCI in implementation. Essentially, both require policies, procedures, training, and annual assessments to uncover issues that require remediation. Patient health information and payment information represent the most sought-after data of cybercriminals.

Given the risk, medical and dental practices must remain vigilant and PCI compliance should never be ignored. Not only will the fines negatively affect your bottom line, but not becoming compliant could bankrupt your practice and ruin your reputation should there be a breach.

If a business suffers a breach while non-compliant with Payment Card Industry Data Security Standards, the business is responsible for all costs of reissuing credit cards. The practice must pay for all fraudulent credit card charges, which will likely include six to twelve months of personal credit monitoring for every affected patient. You may also be required to hire a Payment Card Industry Forensic Investigator. And all of that is on top of the fines themselves—which range from $50 to $90 per affected customer.

That’s why it is so important to be proactive and find out if your practice is compliant. Our best advice for medical professionals and office managers: Review your three most recent, consecutive statements. Most processors charge for non-PCI compliance monthly, but some charge quarterly, which is why you’ll need to check THREE consecutive statements. If you are compliant, you will probably only see one charge for PCI since processors levy a fee to access their PCI portals. If, given the high financial liability, you would prefer an outside expert ensures compliance, consider reaching out to an independent third party like Merchant Advocate.

Finally, PCI noncompliance fees and other hidden and junk fees can be siphoning as much as 5% of your total net revenue, directly from your bottom line. Instead, it is recommended that you find an independent, third party to conduct an audit to see if you are overpaying or noncompliant. Statements are complicated by design—Merchant Advocate can help you save money without switching processors and has saved clients more than $300 million in credit card processing fees. Contact us to receive a free analysis of your merchant account with just one, no-commitment phone call. Visit MerchantAdvocate.com/contact for more information.

 

 

What’s Hiding in Your Merchant Statements

By Merchant Advocate

Are You Being Overcharged?

If you have that sinking feeling that you are paying more for merchant services than you should be, you are not alone. More than 72% of businesses are being overcharged. And if you are familiar with the statements provided by processors, you might have a guess as to how they are getting away with this unfair practice.

Hundreds of different card types, mysterious coding, inconsistent fees—statements are intentionally written in a language that only an expert can understand. And while this makes them nearly impossible to decipher on your own (let alone find the fees hiding within their pages), we will discuss some key terms and information to look for. Let’s dive in!

Navigating Your Statements

Every processor configures statements differently (further adding to confusion), but your business name and merchant ID number(s)—also known as MIDs—should be at the top.

Also front and center is the summary, which provides a quick overview of the past 30 days’ activity and can include chargebacks (when a customer requests a refund directly from the credit card company) and reversals (the amount that was initially resolved against the merchant but was ultimately found in favor); adjustments; and fees charged.

The next section you’ll likely encounter is the pages-long “Deposit Details,” which breaks down each batch transaction, line-by-line for the previous 30 days. But as seen in this example, multiple batches were created each day, which as noted here, can number in the hundreds, and can take up huge swaths of paper.

After that, we come to the “Processing Detail Qualified” section, sometimes referred to as “Fees.” This section contains the most confusing jargon as it unfurls, denoting interchange fees (these go to card-issuing banks), assessments, the merchant’s pricing model, and all other various fees, each broken down by card type, ending with the fees’ grand total. Below is an example of what this looks like—this section takes up almost four pages alone on this resort’s statement and contains multitudes of confusing codes.

Finally, there is typically a section called something like “Important Information About Your Account.” As implied, this section is essential, and should not be overlooked since it contains news regarding rate fluctuations and new policies that your processing company may be implementing—aka new ways to charge you more money. Appallingly, your original processing agreement included language allowing processors to raise rates and add new fees for any reason, at any time. The only way to combat these increased costs is to go head-to-head with your processor, which can take significant time, resources, and an understanding of merchant statements that most businesses do not possess.

What Happens Next?

But what do you do if you see an increase? Or if you, understandably, don’t have the time to pour over pages of statements monthly, let alone keep up with the multitude of changes and new fees assessed by processors looking to drive up their profits?

That’s where the auditing experts at Merchant Advocate come in: not only do our trained analysts make an initial meticulous review of your statements to identify overcharges, inflated rates, and hidden fees—they keep checking your statements month after month to ensure there are no surprises.

Merchant Advocate has saved clients more than $300 million in excess fees, without switching processors. Contact us to receive a free analysis of your merchant account with just one, no-commitment phone call.

[Updated 2024] Magnetic Stripes to EMV Cards: The Business Impact

A New Era of Credit Card Acceptance is Here: Stop Accepting Magnetic Stripes in 2024

By Merchant Advocate

Nowadays, it’s all about that chip, commonly known as the EMV, for Mastercard, Visa and Europay—the companies that rolled out the technology stateside in 2015. It generates time-sensitive authentication codes for every transaction, adding a layer of encrypted security that helped bring down in-person counterfeiting by more than 76%.

In 2021, Mastercard officially announced a phase out of the magnetic stripe format over the next decade to provide better security and fraud prevention. The other credit card brands followed suit shortly thereafter. Tapping cards and using chip readers are now the most prevalent methods for paying with plastic.

What Does this Mean for My Business?

Processing Fees

What does this change mean for businesses accepting credit cards? For one thing, it means every swipe now comes with an avoidable fee. In their quest to phase out the magnetic stripes, processors are now assessing an EMV non-acceptance fee for those who do not accept chip cards. Merchants must upgrade their terminals to accept EMV chip card transactions.

Transaction Security

Stripes contain a myriad of sensitive information including the cardholder’s name, card number, and verification numbers, with no encryption. Over the years, this vulnerability has resulted in billions of dollars’ worth of chargebacks and fraud, including the large-scale spread of “skimming” card scams. Meanwhile, sophisticated hackers have found endless ways to exploit outdated magstripe cards, even infecting corporations’ credit card terminals with viruses to gain access to customer data.

What is a Magnetic Stripe Card?

The ubiquitous “magstripe” credit card from brands like Visa, American Express, Mastercard and Discover has a silver or black magnetic stripe on the back of it. An advent largely credited to IBM, the magnetic stripe has been a fixture of credit card transactions as far back as the 1960s. This stripe contains essential account information like the card number, expiration date and other issuing bank data.

When a customer swipes the card through a card reader, the information is read magnetically, allowing transactions to be processed. This single advancement catapulted the use of credit cards as everyday tender for all types of monetary transactions and changed our relationship with spending forever.

Do EMV Cards Have a Magnetic Stripe?

Despite the timed phase-out, many EMV credit cards still contain a magnetic stripe. Because not all card readers support EMV chip technology, this is still necessary as the transition to chip technology is still ongoing. The magnetic stripe serves as a secondary backup for processing transactions when chip readers are not available, often in the form of MSD (Magnetic Stripe Data) contactless payments.

When Will the Magstripe Go Away for Good?

By 2033, the antiquated magnetic stripe will have seen its last sunset with the United States expected to go completely magstripe-free by 2027. And while other security measures such as biometric markers including fingerprints and face recognition have been tested across the world, replacing hundreds of thousands of POS machines in the United States will be slow going.

Is Your Business Being Charged for Magnetic Swipes?

If you’re not sure how to check if your machines are updated to satisfy new EMV requirements, you’re not alone. Credit card processing statements are coded in ways that can mystify even the best accountants making it difficult to ascertain if you are complying. That’s why it helps to have an advisor like Merchant Advocate, who can help decipher your statements and advise you on any point of sale or other changes needed for compliance, as well as negotiate your rates and monitor merchant service accounts monthly. They work in real time to find overcharges and other errors, helping you to keep your profits.