EMV And The Hospitality Industry – a developers perspective
With all of the buzz surrounding the upcoming move to EMV in the United States, merchants are being bombarded with a sea of information and misinformation as to what that will mean. Having been in the industry for my entire adult life, I’ve seen these kinds of software doomsday scenarios before. (Remember Y2K?) The biggest challenge with these kinds of changes is separating the fact from fiction, and determining what the real impact will be for your business. With EMV, there is a tremendous amount of hype, and I’d like to share my knowledge on the topic to hopefully help some business owners sleep better at night.
- EMV is 30 year old technology which is designed to protect the card brands (MC, Visa, Amex, Discover), and offers no real protection to the merchant or consumer. Its sole purpose is to verify that the card being used is legitimate, and not a counterfeit card produced with the intention to defraud.
- Where EMV has been implemented in markets such as Europe, credit card experts will tell you quotes like “brick and mortar fraud has dropped to virtually zero.” What they fail to mention is that online and card not present fraud goes through the roof. So for all the effort and expense involved in implementing EMV, all it really accomplishes is to shift fraud from one source to another.
- This will greatly limit your options with regards to credit card processors, as each EMV “chain” has to be certified separately, which is reportedly a 6 month process. Meaning that 1) each credit card processor, working with 2) every POS company must certify 3) every POS EMV device that is to be used. Obviously if you do the math, this is far too many certifications to occur in a realistic timeframe, so “less important” processors will get locked out of EMV entirely. This means fewer EMV options, thus less competition, resulting in higher credit card rates for merchants. The certification bottleneck will have the unintended consequence of creating a monopoly for larger processors who can throw their weight around to get to the front of the EMV certification line.
- The hospitality industry only accounts for 9% of counterfeit card fraud. The reason for this is that the risks of using a fake credit card in person are high, so fraudsters will generally target big box retailers, buy the most expensive TV in the store, and then go sell it online. Taking that risk just to get a free lunch or dinner, by comparison, is a foolish risk, which is why the hospitality industry accounts for a disproportionately low percentage of the total brick and mortar fraud.
- Point to Point Encryption (P2PE) has been around for at least half a decade, and will all but eliminate the types of PCI compromises you hear about today. The way it works is that the card swiper immediately encrypts the sensitive credit card data before it sends it to the POS system. So your POS system never has access to sensitive data, and thus you are virtually 100% protected from a PCI breach. Although this protects the merchant AND consumer far better than EMV, the card brands never really pushed it because it wasn’t to their benefit. As you can see by all the hype surrounding EMV, the card brands can get the message out when it’s their money on the line, but don’t really care about advancing technology that would truly protect the merchant and consumer.
- Based on industry data, the average restaurant can expect to see 1-2 fake cards per year. So you need to contrast the loss on 1-2 meals versus the investment that the card brands are asking you to make by purchasing hundreds if not thousands of dollars of EMV equipment – only to serve the interests of the credit card brands. Once again, the billion dollar credit card corporations are using their leverage to take money out of the working man’s pocket!
Visit us on Facebook
Image courtesy of Verifone