Keeping Payments Simple for Law Firms – NFC, EMV & PCI
For several large retailers, 2014 marked the year of data breaches and fraud. The technology for accepting credit cards and preventing fraud is quickly evolving to protect businesses and card holders. The main focus of payment programs such as NFC and EMV is to prevent acceptance of counterfeit cards at the point of sale. What does all this mean for your law firm? Don’t worry if you can’t keep up with the newest acronyms in the payments industry. Most new payment technology has very limited benefit to attorneys because law firms do not process payments in a traditional retail situation. Historically, law firms have not suffered from accepting counterfeit credit cards because attorneys are more familiar with their clients. Even with the reduced risk of credit card fraud in the legal industry, your firms should still adhere to security guidelines and PCI compliance. Here is your quick guide to fraud preventing payments trends:
NFC stands for Near Field Communication. NFC is not required by any of the major card brands. These are payments made through credit cards stored on smart phones called mobile wallets. Charges are made by tapping, waving or simply getting close enough for a NFC credit card machine to read the digital signal from the card. The benefit to card holders is they do not have to worry about theft or carrying physical cards. However, the benefit to merchants has been debated due to the high cost of required hardware needed to support NFC. The most popular NFC program is ApplePay. However, like other NFC or wallet programs, ApplePay requires the card holder to be present, or close enough for the credit card terminal to read the signal. This means your firm can only accept ApplePay when a client is physically in your office. Decide if NFC is even possible for your firm, and if it provides any real cost savings before rushing out to buy a new point-of-sale system. For most traditional law firms, NFC does not make sense as a payment solution.
EMV or Europay-MasterCard-Visa or sometimes known as “pin and chip” cards is not new technology. EMV has been commonly used in Europe since 1992. EMV is a credit card embedded with an electronic chip, and considered a key security feature in preventing the use of counterfeit credit cards. Similar to NFC, EMV cards are mostly processed by a card machine during a retail point of sale transaction. EMV technology has been largely focused on mid-size to large retailers, but is making headlines due to the upcoming liability shift on card present or “swipe” transactions.
According to Visa, as of October 1st, the liability for fraudulent transactions will officially belong “to the party that is the cause of a chip transaction not occurring, and will be held financially liable for the resulting card present counterfeit fraud losses.” However, responsibility for fraud on your merchant account is nothing new. Most merchant agreements already hold your business responsible for chargebacks, fraud and bank fees on any transaction processed through your merchant account.
There is a great deal of noise and miscommunication surrounding the upcoming EMV deadlines. The “deadline” only applies to retail stores or businesses with “swipe” machine transactions. Unfortunately, it has become a common sales strategy within the payments industry to pressure merchants into purchasing new EMV equipment, many times unnecessarily.
As a law firm, you have an advantage over traditional retailers because you know the identity of your clients, which drastically reduces the risk of accepting a counterfeit credit card. In addition, the majority of payments for legal services are done out of the office, or “card not present” in which case EMV deadlines do not apply.
PCI DSS, or Payment Card Industry- Data Security Standards has come to broadly represent the overall compliance and security when accepting credit cards. PCI is required by the card brands (Visa,MC, Discover) regardless of the method you choose to accept credit cards (i.e card present or card not-present). Introduced in 2006, PCI was not officially required by merchants until January 2015. PCI is managed through a series of self- assessed security questions. Usually, law firms can reduce the security requirements and protect their firms by implementing a few small changes.
The fastest path to PCI compliance is to eliminate the need to see, collect or store any credit card data from clients. If no one in your office touches, records or handles a client credit card, or the credit card number, then the risk for card fraud is almost eliminated. For example, with a service like LawPay, this can be done by using a secure web-based system that securely encrypts the credit card. Programs are available to add secure payment links to your website or send electronic invoices directly to clients. These methods also eliminate the need for traditional credit card machines, thus further reducing your risk. As a best practice, avoid contact with all credit card information and simply allow your clients to enter their payment information directly.
Besides being three letter acronyms, NFC, EMV and PCI payment all have the potential to drastically reduce credit card fraud. Card data breaches made national headlines last year with incidences reported by Target, Home Depot, Michaels Stores and others. The reality is card hackers and counterfeiters have a new level of sophistication and more technology than ever. What does this mean for your law firm, and more importantly how can you best protect client information? Take time to understand and evaluate your current process for accepting payments and assess your potential risk for accepting fraudulent credit cards.
NFC and EMV do not provide much protection to traditional law firms, and they are not required for non-retail businesses. However, as a merchant, you still have an obligation to protect both your firm and your client’s card information through PCI. The good news, you have an enormous advantage over large retailers because you are not blindly accepting payments from the general public. Even if you do not physically see clients in your office, at the very least you have probably talked to them over the phone or email, and have contact information for them. Always take steps to ensure the cards you accept for payment are legitimate, ask for identification, and request a signature to support any future conflicts, and protect against fraud. The best acronym against fraud is ABC- Always Be Careful.
The LawPay program, is a custom payment solution designed for attorneys. The LawPay program complies with ABA and state requirements for managing client funds. As a member benefit of the Dallas Bar Association, law firms save up to 25% off standard credit card fees. If you are currently accepting credit cards, we encourage you to compare your current processor with LawPay. To learn more contact 866-376-0950 or www.LawPay.com/dallasbar