Should Software Companies Integrate EMV Payments?
By Scott Blum, VP of Marketing, Business Development and Software Partners, Total Merchant Services
The U.S. EMV chip card migration is well underway. We have reached 50 percent adoption of chip cards with more than 600 million new cards issued in the last 90 days. More than 1.2 million merchants accept chip cards in the US today. While adoption hasn’t been universal and there is still a long way to go, EMV is clearly gaining strong traction in the US market.
EMV helps merchants reduce fraud, mitigate liability and give consumers peace of mind. EMV chip cards provide greater security than conventional magnetic stripe cards. The microprocessor on the EMV chip cards creates a unique transaction code for each use, eliminating the possibility of counterfeit cards. Chip cards stop counterfeit fraud, the number one source of in-store fraud, without a PIN. For consumers, it keeps their personal data safe while providing peace of mind that thieves won’t be making purchases using their card. Merchants that cannot accept EMV chip cards may face liability for credit card fraud. Prior to October 2015, the liability of a chargeback for card fraud fell on the issuer. Since the EMV mandate, liability has shifted to the merchant in certain scenarios.
Challenges to Upgrade to EMV
As EMV becomes the standard, it will be imperative for software companies to upgrade. But there are definitely challenges for software companies to upgrade to EMV in a fast and cost-effective manner. First, integrating a compliant EMV payment device with a software application can be a long and expensive undertaking due to stringent EMV and PCI requirements. EMV certification can take more than a year and can cost hundreds of thousands of dollars to implement. Further, the Payment Card Industry Data Security Standard (PCI DSS) applies to companies of any size that accept credit card payments. Companies that accept card payments and store, process and transmit cardholder data must comply with PCI requirements. Since payments is not the main business of a software company, there is little appetite to make the investment in these costly and time-consuming security certification processes.
Second, the process of enabling merchants that are currently accepting mag-stripe payments to accept EMV needs to be a smooth and easy, which can be challenging from both technical and educational perspectives. Technical issues may arise at the point of implementation due to incompatible software residing on a merchant’s client. In addition, store employees need to understand how to use the EMV device and when to accept EMV payments with limited instruction.
Third, chip cards take more time to process than mag-stripe and NFC payments. While the card brands are working on making improvements to speed the process, accepting a chip card can currently take two to three times longer than a mag-stripe card. This will be a challenge to merchants as well as their customers due to the increased time to check out. Contactless payments such as Apple Pay are just as secure as EMV payments but take just seconds to complete, and therefore are an important addition to an EMV implementation.
Strategies for Software Companies to Implement EMV
In order to eliminate the need for a costly and time-consuming integration, new “semi-integrated” architecture is helping software companies keep both EMV and PCI “out of scope.” In a traditional integrated environment, a physical connection is maintained between the software or POS app and the payment terminal. This model requires sensitive cardholder data to be transmitted to the POS/ECR and merchant back-office systems before reaching the payment gateway. Because payment data is transmitted to the software or POS app, EMV and PCI requirements are “in scope” for the developer. Semi-integrated architecture routes sensitive cardholder data directly to the payment gateway and non-sensitive customer information to the POS and merchant back office. Sensitive card data is encrypted and routed directly to the payment host or gateway, thereby keeping EMV and PCI “out of scope.”
Making sure that the merchant’s client software does not have any local software that can create technical issues can be resolved by various strategies, including the creation of an installation wizard that checks the merchant’s local software and corrects any issues, or by clearly defining system requirements for the merchant.
One important component of the solution to alleviate the time to process EMV payments is to include the option for NFC and contactless payments. As more merchants and consumers realize that NFC and contactless payments are just as secure as chip cards, mobile wallets that enable Apple Pay, Android Pay, and Samsung Pay will become more popular. Therefore, making sure the payment solution accepts all payment types, including EMV, NFC, and mag-stripe, is important and will ensure speed at check-out.
Training and education for merchants, store employees, and customers on the various payment types shouldn’t be underestimated. Mag-stripe transactions have been the standard for many years, so visual aids and instructions will be required for the change in behavior. Strategies for education include using easy-to-understand communication materials at the point of sale such as terminal underlays, countertop materials and instructions on the payment device itself.
All the Ways to Pay
The move to EMV still has room to grow. According to a recent EMV adoption survey by credit card group CardHub, which evaluated 55 major retailers and 1,000 consumers, 42 percent of retailers have not updated any terminals in their stores, and 56 percent of consumers don’t care if a retailer’s payment terminal is chip enabled. But major retailers such as Walmart, Costco, Kroger, Target, the Home Depot, CVS and others have upgraded their terminals to accept EMV. Over time, this will influence consumers, and EMV payments will become the norm.
In addition, NFC and contactless payments are growing. In a recent earnings call, Apple CEO Tim Cook noted that Apple Pay is bringing in one million new users per week and that transaction volume is “five times higher” than at this point one year ago. The speed of the transactions relative to EMV and new features will increase adoption even more.
It’s clear that the trends are moving in the direction where retailers want to accept all payment types, including EMV and NFC contactless payments, and POS software companies will continue to upgrade. We believe we will see a high percentage of POS software companies upgrading to EMV in the next 12 to 18 months.
About the Author
Scott Blum leads Marketing, Business Development, and Integrated Payments for Total Merchant Services.
Scott has served in a variety of executive leadership roles for financial technology companies, including Chief Marketing Officer for CAN Capital and Director of Marketing and Global Payments for Intuit. Scott was also a management consultant for Deloitte Consulting. Scott has an undergraduate degree from UCLA and an MBA from the Wharton School.
Other Point of Sale articles that may interest you: