The Oct 2015 payments “Liability Shift”. What it means for merchants

Posted on October 15, 2014


On October 2015, exactly one year from now, the deadline for implementing Chip & PIN will come. Should you miss this deadline for the “Liability Shift” and continue to use payment systems without EMV technology, you are at risk of severe consequences should fraud occur. By next year, the liability for the costs associated with credit card fraud will fall on the entity using out of date technology. According to, this liability is estimated to total more than $10 billion.


So what does this mean for merchants post liability shift?


If a merchant is still using “swipe” technology and a customer is using a Chip & PIN (up-to-date) card, that merchant is liable for any fraud that may have affected this customer.


If the merchant is using Chip & PIN technology, but the customer does not have a new card yet, then the issuing bank is liable.

Yes, it’s still far enough away for a merchant to update their technology to remove liability and it seems like plenty of time at a micro-level.


In the grand scheme of things, this could get complicated for providers and merchants alike as every company that accepts payments with a terminal; retailers, service providers, consultants, salons, restaurants, hotels, ski resorts, grocery stores, personal trainers, travel agents, food trucks…etc. must also all update their technology. This could get extremely complicated as larger retailers will need to update their thousands of stores across the country and acquiring banks will be spending most of their resources on these migrations.


In many cases, most merchants will need to change providers in order to comply with these new standards. Between large, small and medium sized businesses who would you suspect to be on the waitlist when acquiring banks have reached their capacity to deploy merchant payment tech upgrades?


Early adoption of new technology is the ultimate way to avoid being stuck on the “liability shift” waitlist. Prepare yourself now. If customers all decide to start using EMV and grow aware of this issue, it’s likely they might have a negative connotation towards businesses that don’t use EMV Chip & PIN technology.


This is especially true if you are in a city that has high volumes of international visitors – foreign visitors are well aware of this. For example, EMV has been widely adopted elsewhere in the world. It’s significantly reduced credit card fraud. France claims to have seen an 80% reduction in fraud since implementation.


On a positive note, being proactive and working with a company who will help you migrate will make the 2015 deadline completely attainable and nearly hassle free. Should you have many terminals or integrations or special needs, start with a plan. A plan will help you think about everything you need to transition and will make it seamless. Consider your approach, scheduling deployment, and customer education. Often times a phased approach when making a switch is the optimal way to change.


Be proactive. Although the shift might seem like a big change, it shouldn’t impact your business negatively at all. Give us a call – we will find you the best provider that fits your unique business needs.



The Home Depot Breach: What you can do and how to protect your credit card information

Posted on September 23, 2014

As you already may know, on September 8th, 2014, Home Depot confirmed that their data systems were breached which impacts customers who used a credit or debit card at one of their U.S. or Canadian retail stores.


Home Depot also confirmed that the malware used to steal credit and debit cardholder data was eliminated on September 18th. There is also no evidence that debit PIN numbers were compromised or that users who shopped at were impacted.


If you shopped at Home Depot since the month of April 2014 your best bet would be to renew your credit card or debit card that you used.

At a minimum you should monitor your account for strange activity and consider calling Home Depot. Home Depot is offering customers 12 months of free credit monitoring and identity protection services.


For protecting your credit card information in the future, consider these tips:


Quick tip 1: Use mobile payments

Craig Young, a security researcher from Tripwire states “technology that avoids you having your credit card in your hand in a store is safer”.

For example, when you add a credit card to Apple Pay, card numbers are not stored on the device, a unique number is associated with that credit card and is securely stored through encryption on your device. When transactions are made, the device account number instead of your credit card’s data is passed on to validate each transaction.


The drawback is not many retailers have caught on with this technology and only people with an iPhone 6 can use it.


Quick Tip 2: Monitor your credit card account activity

Most banks allow you to login to your account and view transactions made a few days post purchase. If you monitor your account activity every week or so, not only is it easy to see where most of your money is being spent, you’ll be able to identify strange transactions should it ever happen to you.

Most of the time, Thieves will use your card to charge for smaller amounts to test if the card works and is monitored or not. They also may be stealing small amounts from millions of cards looking for a bigger payout.


Credit cards are without a doubt the easiest way to pay. Merchants owe a responsibility to their customers to protect their data. As technology continues to evolve, expect your cardholder data to be more secure in the future, as it will continue to be a bigger priority for both banks and businesses alike.


Looking for more info on the breach? Check out this great infographic:



What is the cost of a data breach?

Posted on September 16, 2014

In 2013, there were 1,367 confirmed data breaches and 63,437 security incidents in 95 different countries according to Verizon’s 2014 Data Breach Investigations Report. 2013 may be considered as the “year of the retailer breach” as many larger retailers had confirmed large-scale data breaches that risked its customer’s data. Target having suffered the most, and more recently Gmail, Central Utah Clicnic, JP Morgan, Home Depot, and George Mason University have all confirmed breaches.

So what is the actual cost of a data breach?

On a global scale, the Ponemon institute produced some interesting results in their “2013 Cost of Data Breach Study: Global Analysis”.

The report goes into great detail in analyzing business costs associated data breaches including detection, escalation, notification, and post response expenses. It also analyzes the economic impact post breach in terms of diminishing customer trust and confidence.

According to Ponemon, Germany and the US had the most expensive data breaches – with an average per capita cost of a data breach at $199 and $188, respectively.

Screen Shot 2014-09-15 at 8.24.41 PM



The US actually experienced the highest average total cost of data breaches with an average of $5.4 million dollars per company.

Screen Shot 2014-09-15 at 8.26.37 PM

In their analysis, there are seven factors that influence the cost of a data breach. These seven factors include:

  1. The company had an incident management plan
  2. The company had a relevatively strong security posture at the time of the incident
  3. The company met with CISO or an information security professional
  4. Data was not lost due to a third party
  5. The company had a quick response system for notifying victims
  6. The data breach involved stolen items or devices
  7. Consultants were engaged post breach

The three factors that increase the cost of a data breach are: Third Party Error, Lost or Stolen Devices, and Quick notification.

Screen Shot 2014-09-16 at 9.29.26 PM

Based on the Ponemon report, what significantly decreases the cost of a data breach are (see above): consultants engaged, CISO appointment, Incidence response plan, and a strong security posture.

In addition, the report points out that there is a direct relationship between abnormal churn rate of customers (which is what is likely to happen post breach) and higher costs of a data breach. The highest lost business cost due to abnormal customer churn is an average cost of over $3.03 million, which was experienced by US companies.

Screen Shot 2014-09-16 at 9.09.34 PM

To put this into perspective, it’s been nearly a year since Target had its data breach in December 2013, and the incident cost shareholders a whopping $148 million which was partially offset by insurance receivables totaling $38 million.

Preventative measures are the most significant way to reduce your risk and costs associated with a data breach. The more secure your company is, the less likely it would be for important data to be stolen – The ROI is much higher on preventative measures than believing something wont happen to your organization.

What is the difference between Ingenico & VeriFone?

Posted on August 13, 2014

Ingenico and VeriFone are the two leading manufacturers of stand-alone point-of-sale terminals. Understanding the differentiators between the two may be useful to business owners and merchants.

The two manufacturers are quite alike. Ingenico was founded in 1980 in Paris, and VeriFone in 1981 in San Jose. In 2013, Ingenico and VeriFone generated similar revenue at 1.89 billion and 1.7 billion respectively.

Despite their similarities in revenue,  VeriFone had a 51.5 percent share of all US terminal shipments where Ingenico held 17.4 percent of the US market last year.  Although it seems that VeriFone is a dominant force in the market, VeriFone’s shipments had a 17 percent drop from the previous year, while Ingenico’s share increased by 47 percent. However on a global scale, Ingenico holds a 30 percent shipment share, while VeriFone holds a 18.6 percent share.

With the changing U.S. market moving towards EMV compatible terminals, Ingenico seems to be on the rise this year. Ingenico’s expertise on EMV terminals and advanced security protocols could continue to bring an increase in sales and shipments. Noticing this trend, last year VeriFone replaced their CEO, bringing in Paul Galant, who remodeled the company’s strategic plan, in hopes to stay on top of the market. (via

Under Paul Galant’s new company vision to “become our clients’ most trusted, most secure and innovative partner by delivering terminals, payment as a service and commerce enablement solutions.” VeriFone has been identifying internal areas of improvement and is working to reduce complexity across the company and increase security protocols.

2014 will be a defining time to see if VeriFone’s new strategic plan and redefined operations can combat Ingenico’s seemingly rising share of terminal shipments.  Want to learn more about the two companies? Take a look at the below infographic (via


Why protecting cardholder data is good for your business

Posted on August 7, 2014

More than 800 million computer records with sensitive information have been a part of data breaches in the U.S. since 2005 (  Moreover, because many small merchants have minimal security for cardholder data, over 80% of attacks target small businesses.

The PCI Security Standards Council explains that if you are at fault for a security breach, fallout can be as follows:

  • Fines and penalties
  • Termination of ability to accept payment cards
  • Lost confidence, so customers go to other merchants
  • Lost sales
  • Cost of reissuing new payment cards
  • Legal costs, settlements and judgments
  • Fraud losses
  • Higher subsequent costs of compliance
  • Going out of business

As stated by the PCI Council,

“Merchant-based vulnerabilities may appear almost anywhere in the card-processing ecosystem including point-of-sale devices; personal computers or servers; wireless hotspots or Web shopping applications; in paper-based storage systems; and unsecured transmission of cardholder data to service providers. Vulnerabilities may even extend to systems operated by service providers and acquirers, which are the financial institutions that initiate and maintain the relationships with merchants that accept payment cards.”

Some requirements by the PCI Security Standards Council that can enhance security are to maintain a firewall, and protect stored cardholder data:

Maintaining a firewall to protect cardholder data

Firewalls control your computer network’s traffic, allowing you to deny all traffic from untrusted networks and potentially denying criminal attacks. Identify all connections to cardholder data and configure a firewall that allows only the necessary connections.

Protecting stored cardholder data

Cardholder data should only be stored if absolutely necessary. When stored, cardholders trust the merchant to go through precautions to protect sensitive data from criminal attacks. Data storage should be limited to the time required for business purposes. Consider using truncation, index tokens, and securely stored pads to improve your security. In addition, restrict access to cardholder data to a need-to-know basis. Individuals should only be authorized to sensitive data if it is necessary information to perform a job.

To learn more about PCI standards and compliance, visit the PCI Security Standards Council, or give us a call.


Are American consumers ready for EMV chip cards?

Posted on July 29, 2014

Pymnts a leading payment blog cited a recent internal survey conducted by MasterCard that showed 57% of MasterCard holders would be interested in receiving Chip cards within 6 months or less.

Although consumers might not understand the technology behind EMV Chip & PIN, there’s enough additional support that shows they understand that it is more secure, devalues data and makes counterfeiting difficult.

Why else would consumers want something more secure to protect their sensitive data? Data breaches, privacy issues, and other areas in the globe that have EMV are just a few examples that help support this demand.

Another note to point out is Vision Critical – a very well known market research firm has reported “69% of Americans believe that EMV chips will make their purchases more secure”. In fact only 5% believed that this technology would have a negative effect on security.

In an interview with Oliver Manahan, MasterCard’s Vice President of Electronic Payments, Oliver states that there’s been a nice migration to contactless at the same time as EMV. Adding contactless to EMV terminals will not only future proof merchants it will allow for a better customer experience as they will not have to worry about inserting their cards and entering their PIN.

EMV has worked very well for restaurants in Canada. Our team at Kubera has implemented countless mobile and wireless terminals that are carried to the table by the server. Here’s why it’s great: It’s easy for customers to use, and there is an added benefit where the tip option can be calculated by percentage or dollar amount. In addtion, according to Manahan, this has reignited very well with servers as many of them are receiving larger tips and there’s no money left on the table that could get lost or stolen.

Referring back to the Vision Critical survey “one in 10 respondents said they had already received their EMV chip card”.  If the survey is representative of the population of the united states that’s nearly 32 Million Americans! Finally by October of next year, all credit card companies are expected to move to EMV.


Not ready for payment processing or mobile payments? Here why you should be.

Posted on July 8, 2014

Bist150-45-degree-hd_w605usinesses in Canada are at risk if they do not progress with modern technology and consumer trends. That is if they continue to accept cash-only as a form of payment.


Supporting evidence in a study conducted by the Rotman School of Management shows that businesses who use “cash only”, hurt themselves in the long term and will be lost by competitors who adopt electronic payments in form of credit card, debit card, mobile payments and NFC payments.


In addition, a recent article by the Globe And Mail highlights that for businesses that do accept credit cards, the benefits of accepting credit cards far outweigh the costs of the 2-3 percent transaction fees associated with accepting credit and debit.


They also suggested 10 tips that we feel are very relevant if you are a business concerned about transaction fees.


Cash Is Not Free

The direct and indirect costs from cash include, processing time – counting, re-counting and waiting to be deposited, security, security personnel, and lost cash by theft or error.


Ethical Operations

Accepting credit and debit can help your business operate ethically, this means no lost or unaccounted cash.


Credit Card Processing Enables Higher Average Sales Price

People are carrying less cash these days, and cash is typically used for lower value transactions. Use this opportunity to increase your ASP for the convenience of the consumer.


Customer Service Comes First
If the majority of your customers have cards that offer rewards, let them use their cards at your location. Make purchases quick, painless and easy. This even gives your employees more time to spend interacting with customers instead of counting cash and dealing with a register.


Go Beyond Bricks & Mortar

Payment processing companies have the tools to allow your business to operate online as well as in-store. This way you can sell your goods from anywhere and increase your market share.


Support International Customers
If you live in a major city, chances are you’re getting visitors from all over the world in your business. Don’t limit yourselves by not accepting their cards if they don’t have cash on had.


Speed Up Your Cash Flow

With payment processing for credit and debit cards online and in store, funds are transferred immediately into your merchant account and then directly deposited into your business account shortly after.


Data Is King

According to the study and the Globe, “[Data analysis has] allowed for the development and deployment of strategies that have enhanced sales, customer satisfaction, repeat business and hence business growth and profitability.”  – Globe and Mail

If you use payment processing you are given all of this great data in store or online to leverage. Use it to offer a better customer experience, cut costs where needed and create efficiencies.


Cost Benefit Analysis

Typically the benefits outweigh the costs for payment processing. If you aren’t sold by now, conduct a cost benefit analysis and realize the difference with increased throughput and other opportunities that come from accepting payments. At the end of the day your fees end up being a minimal expense.


Get A Good Point Of Sale System

Having several check out stations or faster payments acceptance like contactless will make transactions effortless and provide a better customer experience. Consider renting terminals to try different solutions before purchasing one.


Canada is one of the most affluent countries when it comes to technology. Although change can be hard, it’s worth adapting to consumer demands. Digital opportunities provide better service and according to the report outlined in the beginning, the upside is significant.





Mobile, NFC & Contactless payments: Better Customer Experience, Better Sales

Posted on June 26, 2014

Mobile, NFC & Contactless Payments are all great ways for your business to enhance its customer experience. Happy customer’s means return customers and you know what that means – increased sales and better business!









No matter what type of business you are; a gift shop, a café, ski resort, gas station even a grocery store, by making it easier for customers to make purchases with their credit or debit card, your bottom line can really grow.

So how can you really make a difference and enhance your customer experience?



1. Let your customers know they can pay with contactless or NFC and that it’s faster and EASIER.

No PIN? No Problem! All your customers have to do is tap and go. No PIN or signature necessary just smiles. Bonus – if customers have a smart phone they can even use their smart phone to pay too with NFC.

2. Let your customers know that NFC, Contactless, & mobile payments are secure.

They more secure than using a swipe solution or even a chip & PIN solution. Most people are not convinced yet but explain to them that it’s safer because it sends encrypted data back and forth between the card and the terminal. Click here to learn more about how it works.

3. Stay ahead of the curve – get NFC and Contactless Payments enabled terminals.

Contactless_LogoMasterCard’s VP of advanced Payments looks at NFC, Contactless, and EMV payments as technologies that should be implemented at the same time. He quotes “Do it once, do it right, and future proof yourself as much as possible”. In addition, total spend is also 54% higher for customers who use MasterCard contactless vs. those who do not.

Your customers will enjoy the convenience once they get a better understanding on it. Put your self in their shoes, what would they want the most? Convenience, security, technology? I think so, it pays to make it easier for your customers to purchase your products and services.

If you would like to learn more about these benefits, we highly recommend reading Accenture’s survey on the Mobile Payments habits of North Americans. You can download the PDF here.

Is Mobile Payments Ready to take off?

Over the past few years we’ve seen several mobile payments ventures gain plenty of momentum but never take off or become mainstream.

Another mobile payments system has launched today – Paym. Paym links your cellphone number to your bank, which enables you to pay with your mobile device.

Let’s hope that Paym is able to make a reasonable impact to mobile payments innovation.

Google Wallet

We would also expect that with the wearable tech trend and its symbiotic relationship with mobile payments it seems that it’s only a matter of time before mobile payments become the norm. For example the Samsung Galaxy Gear 2 watch will enable people wearing the watch to pay with paypal using their watch.

Not too long ago, Ariel Bardin, the head of Google payments stressed their commitment to mobile payments. Google Wallet has struggled over the past few years but is still a major contender. It recently opened up its cloud-based technology “host card emulation” or HCE to developers, which enables anyone to leverage NFC. This also allows merchants to embed easy payments buttons into their websites that where customers can use the Google wallet to pay. With Google’s commitment, it’s very possible in the next few years they will be making a serious impact to mobile payments.

Something potentially more impactful is Apple.

Apple’s large customer base and iTunes infrastructure poises Apple to be at the frontline of mobile payments. They now have 800 million iTunes accounts linked to customer credit cards, which Amazon only has a fraction of this.

iPhone fingerprint ID

With this customer base and their technology improvements, they can turn iTunes into a total e-commerce and mobile payments business. Touch ID – where a customer uses their fingerprint to unlock a phone can be used as a verification process to approve transactions. This helps consumers “feel” more secure than a typical PIN or passcode.

iBeacon is another technology is already on its way where a Bluetooth signal is sent to a consumer’s phone and their device will show an alert for some discount close to the consumer’s location.

So when will mobile payments take off?
Consumers are ready for it, so it seems like only a matter of time. What needs to happen in addition is the proper technology needs to be developed, then adopted by merchants and businesses alike. Once the technology problem is solved, businesses will be the last caveat before mobile payments becomes mainstream.

We would be proud to earn your business

Contact Us