A recent security breach at Hilton Hotels may have compromised some of its guests' credit card data, the chain said this week. Security breaches like that one will become costlier for victim companies after new liability rules go into effect in the United States this week.
As of Thursday, US retailers, including travel companies, are required to have upgraded to new point-of-sale terminals that work with credit cards that have computer chips. The new chip-based cards are called EMV, for Europay, MasterCard and Visa, and they are slowly replacing cards with magnetic strips.
Starting October 1, retailers that haven’t upgraded to EMV point-of-sale terminals will be liable for fraud that takes place via their terminals.
That means that the cost for the point-of-sale breaches that Hilton, Mandarin Oriental, and other travel companies have recently experienced may may significantly increase for those businesses.
For instance, some of the Mandarin Oriental’s point-of-sale systems at some of its luxury hotels in the US were infected with malware capable of stealing customer card data, the company said last March.
Smaller travel (and other) businesses that rely on swipe-based credit card machines are also vulnerable.
The US is broadly adopting chip-and-signature cards instead of chip-and-PIN cards that are standard in Europe.
You might think that tightening security on credit cards will mean an overall reduction in fraud for travel and other companies. But that's not what history suggests. When Europe switched over to the chip-based cards, it saw fraud attempts rise for online transactions that don't require physical cards.
So-called "card not present fraud" will more than double in the US by 2018, forecasts Aite Group, a consultancy. Companies can try to combat that problem using encryption, cross-verification, and other methods.
MORE: Details on the Hilton Hotels security breach
EARLIER: Mandarin Oriental provides more details on credit card malware