Verifone Talks About Credit Card Chip and Pin Issues
Regarding SMBs that may think that they don’t need to worry about EMV…
It’s apparent that many SMBs believe that, because of their size, they don’t need to worry about EMV readiness—or that EMV migration doesn’t apply to them. This reflects a major gap in awareness and understanding out there in the marketplace.
As an industry we need to look at the effectiveness and robustness of efforts to educate this market segment on the impact of the liability shift and, just as importantly, how consumer expectations will shift when they get used to using EMV at major retailers.
Verifone doesn’t deal directly with SMB merchants, but we’re working with our processor and acquirer partners to provide as much education and training support as they need to close this awareness gap. There’s a big disparity between larger retailers and smaller retailers, and partly that reflects the fact that larger retailers have dedicated personnel, and because of their sheer size they’re able to draw support from their service providers. But how do you replicate that at Joe’s Pizza shop? Everybody involved in the payments value chain needs to focus on bridging that gap.
SMBs need to understand the impact of the liability shift. If they don’t meet EMV requirements and card fraud takes place at their locations, they could be left holding the bag for the full cost of the fraud. Merchants only have to look at their charge back rates to see how much that could damage, or in some cases bankrupt their business.
The biggest threat to EMV…
I think anybody in the industry could tell you that the biggest problem with EMV right now is the looming certification bottleneck. And the biggest part of that problem is the issue of certifying individual POS solutions.
Essentially, EMV drastically upsets that certification apple cart with processors today. Right now, each POS integration requires a separate certification.
So, for example, if you’re a processor that has customers using POS software from 200 different solutions providers and an estate of 8 payment terminals, that amounts to 1600 different certifications.
And, those certifications will typically take 4-6 months. So, you do the math, if a POS solution provider is just starting to think about EMV certification, there’s likely no way they’re going to be ready for the liability shift deadline. Also, recertifications that will be required when any changes are made to those software solutions.
We think the best approach is to isolate the payment data to the terminal, that way you don’t have to certify each and every POS integration.
If an acquirer or processor only has to certify the 8 terminals in their estate for EMV, that’s a manageable situation. Now you can approve those POS solutions with a simple testing process rather than a complete and separate certification.
So for example, using our Secure Commerce Architecture and our payment terminals can drastically reduce the certification process to a matter of weeks instead of months.
Regarding cost-related concerns some SMBs may have regarding EMV readiness…
We think fear and misunderstanding really overshadows the actual expenses involved. Payment technology has become more affordable, and it’s delivering more and more revenue-generating capabilities.
We would hope that merchants view the EMV shift as an opportunity to take advantage of terminals’ new features and functionality —for example:
- interact with customers and their smartphones to deliver enhanced offers and promotions to keep them coming back to and buying more
- And, access sophisticated analytics that will help them identify opportunities and maximize profitability.
When consumers get used to using EMV at large retailers, they’re going to associate EMV with more robust security. And, smaller merchants that don’t accept EMV could be at a disadvantage if they become viewed as the less secure option. At minimum, that could erode consumer confidence and reduce customer loyalty, which would be just as devastating as bearing the cost of fraud for not being EMV capable.
Regarding a common mis-understanding of EMV..
I’d like to add an additional consideration that’s critical when it comes to protecting card data. Many people mistakenly think that EMV will solve the growing problem of data breaches. That couldn’t be further from the truth. EMV is NOT a security “catch all”
It solves the issue of using counterfeit cards in an EMV environment, but it wouldn’t have prevented any of the major retailer breaches seen over the past couple of years. And, even with broad EMV adoption, it’s going to be years before we see magstripes disappear.
Therefore, it’s important to focus on protecting card data, not just the card, and the best way is with a multi-layered approach to security that couples EMV acceptance with end-to-end encryption and tokenization and Secure Commerce Architecture.
Verifone advocates a multi-layered approach to payment security. This includes EMV acceptance coupled with end-to-end encryption and tokenization as well as Secure Commerce Architecture. With end-to-end encryption and tokenization, payment data is encrypted from the moment it’s collected at the point of swipe, and, it remains encrypted or tokenized as it travels to and from the merchant and the processor. Even if cybercriminals managed to get their hands on this data, it would be useless to them because it’s encrypted.
Another important layer to effective payment system protection is Secure Commerce Architecture—or “SCA”—which connects the terminal directly to the processor.
This prevents payment data from entering the integrated POS, or PC-based electronic cash register—which is the most common channel used by cybercriminals to insert malware that steals payment data.
All of these measures comprise the multi-layered approach to security that we’ve been recommending for quite some time.
Other recent articles on this topic:
|EMV Equipment, what is hot, what is available|
|EMV Progress Update – Cloudy with a chance of sunshine|
|Highline enables first EMV and Apple Pay purchases in Manhattan|
|The Point of Sale Industry Transitions to EMV. What progress thus far?|
Follow us on Twitter – https://www.twitter.com/ThePOSNews
Visit us on Facebook – https://www.facebook.com/ThePOSNews
Need a POS Specialist to make this all come together? Click here to find someone who is local to you
Subscribe to The Point of Sale News – your privacy is respected – we do not share our list.