Hospitality Industry? Don’t Be Caught Napping About EMV
With EMV Chip and PIN compliance becoming mandatory in the US from October, TISSL’s Stuart Coetzee describes the new payment security standards and advises hospitality operators not to be caught napping.
In matters technical and financial, we’re used to the United States leading the world. In the field of credit card payments, however, the world’s largest economy is a huge laggard rather than an early adopter. The EMV Chip and PIN payments standards that the US is to adopt later this year have, for example, been in place in the UK for 10 years. The security and convenience offered by EMV versus magnetic stripe cards is immense; their introduction resulted in a 30% reduction in UK card fraud.
Globally, 29.74% of card-present transactions meet the EMV standard. In Western Europe and other first world countries, the percentage is as high as 96.33%; it is as low as 0.03% in the US. But the nationwide shift to EMV is now well underway. Approximately 120 million Americans have already received an EMV chip card and that number is projected to reach nearly 600 million by the end of 2015.
The payments landscape is undoubtedly a complex one and EMV is just a small part of the total ecosystem. Whilst the scale of the retail industry represents the greater challenge in terms of volume of transactions processed, hospitality operators are affected by the new standards just as much as retailers. They, too, need to sit up and take notice of the following elements:
EMV liability shift – Part and parcel of the US’ switch to EMV Chip and PIN cards is the liability move to the least secure point in the case of compromise or fraud; this is often the merchant/the point-of-purchase;
PCI standards adherence – Hospitality operators will need to demonstrate adherence to PCI standards. These standards aim to reduce security compromises and card fraud by ensuring that card data is adequately protected both in ‘card-present’ and ‘card-not-present’ scenarios;
Tokenization and P2PE – Tokenization is a means of ensuring that credit card data is securely stored as a token rather than a number, whereas point-to-point encryption is about encrypting customer credit card data as it enters the system;
NFC payments – Standing for “Near Field Communication”, NFC is where you can tap and pay with the credit card, much as the Apple wallet works on the iPhone 6. The difference with an NFC-enabled card is that it gives the security of a PIN transaction with the speed of a credit card transaction.
Mobile payments – Customers are increasingly demanding mobile payment via smart devices, necessitating the integration of gift cards and loyalty programmes. In some cases, this will require an overhaul of the technology used at point-of-service.
Hospitality operators need to review and secure all points of entry for card data. This includes online food ordering and accommodation reservation, as well as face-to-face payment of checks. Not only is this good practice to reduce fraud but it also limits the scope of any PCI audit and potential exposure to financial penalty, saving operators cost, resources and brand damage.
Other articles about the hospitality industry:
Subscribe to The Point of Sale News – it’s free, either daily or weekly or once a month.