On October 1, merchants were required to have special new credit and debit card payment terminals in place that are designed to accept special "chip" credit and debit cards.

The updated cards, which are known as EMV (Europay, MasterCard and Visa) have small chips that communicate unique data with each and every transaction. These new cards require a special type of payment terminal to process these transactions.

The technology is designed to prevent card theft from Internet thieves who seek to hack into terminals and steal credit and debit card information. A specially-designed chip that is embedded in the card can be read only once, thus reducing the opportunity for fraud from theft. That is, if a hacker tries to use stolen chip information from a specific point of sale, the stolen transaction number that is created for the fraudulent charge cannot be used a second time. Thus, the transaction will be declined.

Businesses that do not install these special terminals, which can read the unique data associated with the EMV card transactions, are now responsible for the costs associated with any credit or debit card fraud that results from fraudulent activity on the old terminals. "If you're given the chance to upgrade to EMV-capable equipment, but don't do so within the above timeframe, you will be held financially liable for security breaches after October 1," said Anthony Lucatorto, senior vice president, association partner division, for the National Federation of Independent Business (NFIB). What does "given the chance" mean? If a payment processor does not offer EMV-compliant upgrades to the businesses it serves, then any financial responsibilities related to breaches would fall on the payment processor, not on the business.

The Electronic Transactions Association, the global trade association representing more than 550 payments and technology companies (including Visa and MasterCard), expects that only about 45 percent of the eight million U.S. businesses that accept electronic payments (credit and debit cards) will implement the new terminals by the end of 2015.

However, the percentage of smaller businesses doing so is expected to be much less. "Not only is this expensive, but small businesses just aren't prepared for the shift," said the NFIB in a September 25 press release.

And, according to data from the Strawhecker Group, a management consulting firm specializing in the merchant acquiring sector of the payments industry, smaller merchants are indeed moving slower to make the transition than are larger merchants. As of late September, only four percent of merchants with fewer than 20 employees had adopted the EMV-compatible terminals. In addition, a full 72 percent of small businesses surveyed reported having no plans to install the new terminals by the October 1 deadline.

Besides leaving themselves open to financial losses associated with credit and debit card fraud, small businesses that do not implement the new terminals may lose customers as well. Research conducted by the Electronic Transaction Association found that 84 percent of consumers take retail payment security into account when they are deciding where to shop, and 69 percent of consumers are likely to shop at retailers with the most advanced payment security technologies in place, even if it means driving a few extra miles.

Still, even businesses that do install the new terminals won't see all of the cards being swiped being EMV-compliant. According to research conducted by the Aite Group, a financial services consulting firm, only 70 percent of credit cards and 41 percent of debit cards in the U.S. currently support EMV. "Taking the world's largest card market from mag stripe to EMV is a massive undertaking," said Julie Conroy, research director for Retail Banking at Aite Group.

While businesses that swipe non-compliant cards with the compliant EMV terminals won't be responsible for fraud from the non-compliant cards, they will still be responsible for fraud that occurs from EMV-compliant cards swiped through non-EMV-compliant terminals.