Autopay clients leave you open to more fraud, not EMV liability

Your Business Credit columnist Elaine Pofeldt
Elaine Pofeldt is a journalist whose articles on entrepreneurship and careers have appeared in Fortune, Working Mother, Money and many other publications. She is a former senior editor at Fortune Small Business magazine and an entrepreneur herself, as co-founder of, a website for independent professionals. She writes "Your Business Credit," a weekly column about small business and credit, for

Ask a question.

Question Dear Your Business Credit,
On the new credit cards with the chip, can you key in the card number instead of inserting it into the new card reader? Our small business has several customers on autopay every month, meaning their card info is saved in the system and when payment is due, it is processed without card present. -- Trinda

Answer Dear Trinda,
Great question. Many merchants have been concerned about issues related to the shift in liability for card-related consumer fraud that kicked in on Oct. 1, 2015.

As of that date, merchants became liable for card-related consumer fraud if they had not started using a credit card machine that can read cards that have EMV chips, which are more secure than magnetic stripes. The cost of that fraud was previously borne by banks. While many merchants have now bought the new card readers, my reader mail suggests that some are unsure of best practices for using the new card readers.

To answer your specific question, I contacted Michael Kleinman, CEO of the credit card processing company Centurion Payment Services in Boca Raton, Florida. The answer he gave me is that you can key cards in, on a very limited basis, but if the card is used in person, you must dip the card into the chip reader, to avoid liability for chargebacks.

According to Kleinman's email reply, the only time you should manually key in transactions if you have an EMV card reader is if the sale is classified as "mail order / telephone order," or MOTO, as it is known. MOTO transactions include those carried out when you are not face-to-face with the customer. If you run a restaurant and someone gives you a credit card number by phone, it is a MOTO transaction. These sales are also called card-not-present (CNP) transactions. CNP transactions are not subject to the rules of the liability shift.

Autopay is considered an online, or CNP, transaction and therefore not subject to the EMV liability shift.

If you swipe a chip-enabled card, under any condition, you face liability for transaction chargebacks, as proposed by Visa and MasterCard rules, Kleinman adds. The liability shift will only take place if the card is swiped and not inserted into the card reader, Kleinman said. "While manually keying transactions exposes you to more fraud liability, due to not seeing the card, you will be OK with the EMV chip card rules, as of now," he said in his note. "However, this may change in the future."

EMV card readers are likely to be a topic of considerable concern for merchants as these devices get road-tested in the United States. If any other readers find that questions on them are cropping up as you use them, please send them in. I'm happy to track down an expert to address them. Chances are, there are many other readers out there who have similar questions to yours who will benefit.

Since consumer fraud can be costly enough to put a small merchant out of business, this is not a good area of your business to use the traditional entrepreneurial approach of winging it.

See related: 7 merchant tips to understanding EMV fraud liability shift, Video: Small-merchant guide to EMV credit cards, Avoiding fraud in a post-EMV world

Meet's reader Q&A experts

Does a personal finance problem have you worried? Monday through Saturday,'s Q&A experts answer questions from readers. Ask a question, or click on any expert to see their previous answers.

Join the discussion
We encourage an active and insightful conversation among our users. Please help us keep our community civil and respectful. For your safety, do not disclose confidential or personal information such as bank account numbers or social security numbers. Anything you post may be disclosed, published, transmitted or reused.

If you are commenting using a Facebook account, your profile information may be displayed with your comment depending on your privacy settings. By leaving the 'Post to Facebook' box selected, your comment will be published to your Facebook profile in addition to the space below.

The editorial content on is not sponsored by any bank or credit card issuer. The journalists in the editorial department are separate from the company's business operations. The comments posted below are not provided, reviewed or approved by any company mentioned in our editorial content. Additionally, any companies mentioned in the content do not assume responsibility to ensure that all posts and/or questions are answered.

Weekly newsletter
Get the latest news, advice, articles and tips delivered to your inbox. It's FREE.

Updated: 03-23-2019