Upload
others
View
1
Download
0
Embed Size (px)
Citation preview
NEWS BULLETIN Maine Automobile Dealers Association
180 Civic Center Drive P. O. Box 2667 Augusta, Maine 04338-2667 DIAL 623-3882 e-mail:[email protected] FAX 623-2318
2015-16 DISTRIBUTION
• General Manager • Office Manager
• Parts Manager CREDIT CARDS and OCTOBER 1 • Sales Manager • Service Manager
October 1 is an important date in the credit card world, for you as the merchant, for
your customer and credit card holder, and for the credit card company.
The issue is liability for counterfeit transactions. Today, the merchant which
unknowingly accepts a counterfeit card and does everything else related to the card
purchase correctly, does NOT have liability for the chargeback. The credit card issuer is responsible for any loss. On October 1, 2015, any counterfeit card loss could become the merchant’s
liability.
The reason for this change, known as the “liability shift”, is that the card networks (Visa,
MasterCard, Discover and American Express) all have changed their rules to allow for the liability on
a counterfeit card, and is some cases a stolen card, to fall to the merchant. The liability shift is coming about because of the use of the new EMV or “chip cards” or “smart cards”. These are cards that
have an embedded chip. Banks and credit unions are issuing the chip cards to consumers now, in
preparation for the liability shift later this year.
If you have not already upgraded your credit card terminal to accept chip cards (see News
Bulletin 2015-11 and enclosed NADA memo) you need to seriously consider the impact that not
upgrading will have on your business after October 1. While there is no requirement that you
upgrade your terminal, failure to do so could expose you to chargebacks you don’t currently see in
your business. There are several different scenarios that could occur after October 1:
1. You chose not to upgrade your terminal and a consumer with a non-chip card makes a
purchase at the dealership. This is identical to what happens today, and there is no change in
the liability. The issuing bank is still responsible for counterfeit transaction.
2. You upgraded your terminal and the consumer uses a non-chip card in your store. Same
thing, you are not responsible for the bad transaction.
3. You upgraded and the consumer presents a chip card for payment. No change in liability
here, either. The issuing bank is still responsible for the bad transaction.
4. You chose not to upgrade and the consumer presents a counterfeit chip card in your store. You are responsible for the chargeback, even though you did all of the other things
correctly.
Obviously, #4 is the cause for concern and confusion in the merchant community. Since you
have the least secure system (non-chip card ready) you bear the risk of the counterfeit card. In some
cases, you may also assume some additional risk in the world of lost or stolen cards. Please review
your credit card agreements to familiarize your organization with the new rules.
2015-17
MORE ON CREDIT CARDS – MASTERCARD
MasterCard’s recent announcement that it will begin issuing cards which start with the
number “2”, in addition to its historical start with 5 (Visa = 4, American Express = 3, Discover = 6),
will cause merchants to make sure their processing terminals are of current vintage and not “legacy”
terminals (no longer supported by manufacturer).
The programming inside the standalone credit card terminal may only recognize certain start
numbers (3, 4, 5 and 6 historically). With MasterCard’s announcement, merchants must ensure that
their processing terminals can also accept “2” as a starting number. If you have recently upgraded to
a terminal which accepts contactless or EMV transactions, your terminal should be ready to accept
the expanded code. These beginning credit card digits are critical to the proper identification of the
credit card issuer, the type of card (rewards, debit, business), and the interchange rate your
dealership pays for accepting the card.
EEO-1 REPORTING DELAYED
The Equal Employment Opportunity Commission has for several years required an annual
EEO-1 report from businesses which employ 100 or more persons (full & part-time) in a single
company or group of affiliated entities. These reports have been required by September 30 in past
years, but the deadline this year has been extended to October 30. Dealerships which filed in the
past were sent notification letters in July. There are some changes this year to the report which
gathers information to be categorized by race/ethnicity, gender and job type. Additional information
on the EEO-1 reporting requirements is available at http://www1.eeoc.gov/employers/eeo1survey.
Your MADA office is available to assist with questions you may have as to your obligations.
AUDITS BY MAINE BUREAU OF CONSUMER CREDIT PROTECTION
A number of MADA members are being audited this year by Maine’s Bureau of Consumer
Credit Protection. As we have discussed in the past, these audits are conducted periodically to
determine compliance with the Maine Consumer Credit Code and Federal Trade Commission rules
governing Truth-in-Lending and Truth-in-Leasing. This year, there is also a focus on dealership
compliance under the federal Gramm-Leach-Bliley law which requires distribution of a Privacy Notice
to customers as well as the development and annual review of a Safeguards Policy and a Red Flags
Policy. These are not new obligations on dealerships. Should any dealership need assistance with
the Notice or Policies, please contact your MADA office. This subject will be an agenda item for our
Fall Regional Meetings.
SCAM E-MAILS
The past few months have seen a significant volume and variety of email traffic which appears
to come from a trusted source, but is in fact an attempt to gain access or obtain funds from your
company. The “apparent” senders have included NADA, MADA, EZ-Pass, individuals from
dealerships, and others. These emails have, in fact, come from other individuals or companies not
related, endorsed, supported or even known to the “apparent” senders. Please carefully screen your
emails, and if you have doubts about the authenticity of an email, feel free to inquire of the “apparent”
sender.
CHIP CARD READERS MAY BE REQUIRED BY OCTOBER 1, 2015
Many of the major credit card companies have announced that retailers must implement “chip-
card” (“EMV”) reading devices by October 1, 2015 or they could face potential contractual
liability for any fraud that may occur. Dealers should consult their counsel and their credit card
providers to determine the outlines of their contractual obligations.
What is EMV?
EMV is an acronym for EuroPay, Mastercard, and Visa, the three companies that developed the
technology. EMV-enabled payment cards have embedded microchips that store the cardholder’s
information. Most credit cards currently in use in the United States do not contain a microchip;
instead, they have a magnetic stripe that stores information about the cardholder.
EMV cards may take a few different forms, most notably “chip-and-PIN” and “chip-and-
signature.” In order to make a purchase using a chip-and-PIN card, the cardholder must insert
his or her card into a card reader terminal and then enter a PIN known only to the
cardholder. Chip-and-signature cards, in contrast, allow the cardholder to sign their name (rather
than entering a PIN) in order to complete a transaction.
What is the Difference Between a Chip Card and a Card with a Magnetic Stripe?
The EMV chip-based technology is thought to provide greater security than magnetic stripe
technology. For example, the requirement of a PIN for chip-and-PIN cards adds an extra layer of
security, thus making the cards less susceptible to fraud. Magnetic stripe cards also are easier to
counterfeit than chip-embedded cards as they can more easily be “skimmed” – that is, a
counterfeiter can hijack an ATM machine or payment terminal with equipment that allows them
to read data off the magnetic stripe. Once the counterfeiter harvests the data, it can be used to
create a counterfeit card. Chip-embedded cards, however, are more difficult to counterfeit
because they employ a technology known as dynamic data authentication (DDA), which is
intended to prevent skimming.i
This does not mean that chip-embedded cards are completely impervious to fraud. Stolen EMV
cards still may be used to complete transactions in environments in which no chip-reading
authentication mechanism is provided, such as e-commerce transactions. It is also important to
note that EMV technology does not preclude the possibility of a data breach, since EMV
technology does not prevent hackers from accessing unencrypted card information that either is
in transmission or being stored by a dealer.ii
National Automobile Dealers Association Copyright© 2015
What Should Dealers Do?
As mentioned above, in order for a customer to complete a chip-based transaction using an EMV
card, the dealer must have installed a card reader that can read the data contained on a card’s
chip. Although dealers are not required to implement technology capable of handling EMV
transactions, the incentives to do so are strong. As noted above, the major credit card companies
have announced that as of October 2015, their contracts will be amended to shift liability as
between a retailer and card issuer so that the party that does not support EMV will be held liable
for credit card fraud. For example, liability for a fraudulent transaction will fall on a retailer if
the affected customer presented an EMV card for payment but resorted to the magnetic stripe on
the card because the retailer did not have chip-embedded card readers. Likewise, a customer’s
bank will be held liable for credit card fraud if the retailer in question offers chip-card reading
terminals but the bank has not yet issued a chip-embedded card to the customer. The “liability
shift” will take place in October 2015 for retailers, and will come into effect for ATMs in
October 2016 and automatic fuel dispensers (for example, at gas stations) in October 2017.
Dealers must evaluate their contracts in consultation with their counsel, and after doing so,
should determine whether to incur the costs of upgrading equipment to accept EMV cards, how
that decision will impact their contractual obligations for fraud charges, and also how their
decision will be viewed in the future in the event that they suffer a point-of-sale data breach.
Dealers are encouraged to consult with their counsel, their credit card companies, and their credit
card processing vendors to explore their obligations and options.
i VISA describes DDA as “a type of Offline Data Authentication in which the card uses public key technology to generate a cryptographic value, which includes transaction-specific data elements, that is validated by the terminal to protect against skimming.” ii Dealers are encouraged not to retain credit card numbers or related information, and should work with their
vendors to ensure that any credit card transmission required for processing is done securely and in an encrypted fashion.
Commentary: NADA Refocuse§ On Core Services
ByBillFox
The National Automobile Dealers Association was founded in 1917 with a singular mission: to
PrOteCt the interests of new-Car dealerships and advocate for an industry that would become an
economic backbone of the nation.
For nearly a century, NADA has been fulfilling that goal and, in血e process, Pioneered some of the
most valunble services in the industry for its growing membership, right under its roof These
Services include the NADA Used Car Guide, Which has been part ofNADA’s heritage for more than
80 years, and NADART, founded in 1 957.
We never imagined we would part with either one, and we would not have unless we fimly believed
doing so would benefit our dealer members and advance NADA’s core mission.
This was the case when J.D. Power made an unsolicited offer to purchase the Used Car Guide
business. With a di縦cult decision at hand but unanimous consensus,瓜e NADA board of directors,
the Guide board of advisors and NADA’s finance and executive committees, all agreed that the best
COurSe Ofaction was to sell the Guide to J.D. Power, a truSted industry ally.
This decision, Which was not reached easily or without careful consideration, Will benefit all parties
invoIved, eSPeCially our dealer members and the Guide’s current and future customers. The Guide
business will continue to grow and become an even stronger industry resource under J.D. Power. As
Part Of its agreement with NADA, J.D. Power will continue to provide NADA members with aCOmPlimentary Guide subiCription as a membership benefit.
In a move uurelated to Guide, after conducting an in-depth review of various retirement plan
PrOViders, NADA made a decision to enter into a relationship with Empower Retirement, a division
Of Great-West Life and Amuity Insurance Company, tO Offer re血ement plans to NADA members.
Empower Retirement is the second-largest retirement plan provider in the United States with nearly 7
million participants. The new NADA Retirement Program from Empower will go live in October of
20 1 5, aS the long-Standing NADART program is retired.
NADA Retirement Program participants can expect to see many enhanced bene紐s, including a
neahy 50-PerCent reduction in program fees, a State-OfLthe-art Website designed to make it easier for
Participants to track their progress in saving for retirement, and fiduciary support services at a level
higher than those offered by other retirement service.providers’Which is a service already familiar to
NADART plan sponsors・ NADART has been working cIosely with Empower to ensure a streamlined
transition process for plans億ansferring to Empower.
While it's di:縦cult to see these long-time services, built over NADA-s history, leave the NADA
family’We look to the future with optimism and renewed vigor. And, as always, We Will continue to
guard the interests ofthe franchised dealers we are privileged to serve’While remaining steadfast to
NADA’s mission that began nearly 100 years ago.
Most importantly・ these moves will allow NADA to become more mission-focused, Centering on
COre member services’Which include protecting and strengthening the dealer franchise system,
advocating on behalf of new-Car dealers with Congress, the regulatory agencies in Washington,
manufacturers’the media and the public, PrOViding education and training resources for dealers and
their empIoyees・ and providing dealer§ With better tooIs to e血ance profitability.
Bill I凍is 2015 M4DA chairman and a m初i諦anchise dealer /n即state NGw %rた