Celerant POS Addresses EMV Issues For Business Owners
Many major credit card issuers have begun replacing customer cards with new ones containing embedded microchips. Nearly 600 million such cards are expected to be in circulation by the end of 2015, implementing the new standard in credit card security called EMV. This security upgrade represents a significant shift in fraud liability, with more than ever falling on the shoulders of retailers that don’t keep up with technology.
EMV – short for Europay, Mastercard, Visa – is a new security standard that is placed on a “smart chip” directly embedded into credit cards. The goal of EMV is to cut down on fraud, primarily by making counterfeit cards more difficult to produce. By creating a unique transaction code that can not be repeated for subsequent transactions, the EMV smart chip makes it impossible for criminals to complete more than one fraudulent transaction. That is, unless they hack the EMV chip technology itself.
Credit card brands are still scrambling to comply with their own new standard, but most retailers and hardware manufacturers are behind. Many are standing on the sidelines waiting to see where the chips fall, but the October compliance deadline is concrete. There are a lot of heads buried in the sand when it comes to what is truly at risk.
Why issuers are rushing to compliance
Credit card issuers are currently held completely liable for any fraudulent credit card transaction regardless of fault. EMV complicates fraud by adding an additional layer of security to credit cards. But more importantly, October 2015 marks a fundamental shift in credit card fraud liability regulation. That’s when liability shifts away from credit card issues to whichever party is the least EMV-compliant. The big takeaway is retailers that fail to implement EMV-compliant hardware can find themselves on the hook for any fraudulent transactions they complete.
Credit card issuers know this and realize that they can mitigate some of their liability risk by achieving the highest levels of EMV-compliance. They are dedicating massive resources to make sure they are the party of least compliance in as few as possible cases.
When credit card customers report fraudulent charges, processors triangulate the data to find the last good location the compromised card was used. Retailers in this unfortunate position face intense investigation, possibly from the FBI and secret service, and are interrogated. They can be forced to pay for forensic audits costing $30k – $100k, pay hefty fees that automatically disappear from accounts, and notify all potentially affected customers.
And after all this…they are forced to comply with EMV anyway. The best approach is to do so before any of this happens.
What retailers need to do
The two main things that retailers must do to achieve EMV-compliance is install hardware that is capable of taking advantage of the new security features employed by EMV, and ensure that the retail software platforms they operate are also EMV-compliant. The expense of EMV compliance puts small to mid-sized retailers at most risk,
Luckily, many retail software vendors like Celerant are well-versed in EMV-compliance and can advise their clients on what hardware is needed, along with providing software that is compatible with it. which is also where the majority of fraud happens. In fact, 80% of all attempts to hack customer data from retailers happens in these sectors despite the headlines that focus on breaches at big box stores. The results of a data breach are chilling: 45% of retailers that experience such a breach
are forced to declar bankruptcy.
Celerant retail management platforms are EMV-compliant, and the company advises its clients to purchase and install the necessary hardware prior to October to avoid liability for credit card fraud. Because EMV-compliant transaction verification relies on signatures and not PIN numbers, Celerant believes that the actual impact EMV adoption has on credit card fraud will be minimal. Tokenization and peer-to-peer encryption already make intercepting transaction data transmissions extremely difficult, and EMV only attacks the problem from the standpoint of physically counterfeiting cards. Celerant believes that counterfeit cards will still be produced and the inclusion of PIN authentication would have cut down on this significantly.
However, the liability risk of non-compliance of EMV standards still warrants dedicating the necessary resources to avoid falling behind credit card issuers.
Although the risk of fraud can not be completely prevented, EMV-compliance transfers that risk back to card issuers. Retail software vendors are excellent resources to help guide retailers to this level of compliance and lessen risk.
Find out more about
Images courtesy of Ingenico.
Find case studies for implementation of barcodes and RFID by topic, below: