What Restaurants Need to Know about EMV Compliance
By Brad Kime, SVP of Channel and Alliances, Upserve
We all witnessed the change from swiping to inserting our credit cards two years ago, but that transition is ongoing. Small businesses, and restaurants in particular, can be wary of adopting EMV technology for myriad reasons, including cost, process, and the pressures of adopting new technology. However, one concern stands out above the rest—security, and rightly so. With countless data breaches surfacing in the news every day, and consumers on edge about their information’s safety, every small business should be critical about the new technologies they adopt. It’s no wonder some restaurant owners haven’t moved to EMV compliance yet.
As an advisor to your restaurateur customers, it’s important to be informed on this topic and to acknowledge that reluctance to the change is understandable, but that EMV cards were introduced as a way to make mobile payments more secure. Indeed: they are quickly becoming a global standard for all payment and processing. And, with card security continuing to be a concern in restaurants, the shift to EMV compliance isn’t just a “nice to have” for restaurant POS systems – it’s on its way to becoming mandatory.
We’ve gathered information on common EMV security concerns from restaurants, so that you can help your customers make an informed and wise decision about compliance.
The most common concern surrounding the switch to EMV is security within the chip. Restaurateurs are worried that the new technology may not be as secure as the traditional swipe card. Here’s what they need to understand:
Whereas existing magnetic stripe technology continues to be prone to hacking, embedded chip cards are much safer, with near-impossible encryption to prevent against counterfeiting. Data is actually more secure than on a magnetic stripe card because EMV supports dynamic authentication. This means that the card has an ever-changing password of sorts encrypted within, making it vastly more difficult for hackers to access and copy the data. The United States is one of the last nations to adopt EMV technology, which is surprising considering how global credit card fraud has dropped significantly since worldwide implementation.
While the chip is the most visible change, many restaurateurs are also concerned about who the liability will fall to should there be fraudulent charges on their new EMV payments system.
Prior to EMV, credit card issuers were responsible for the liability in fraudulent chargebacks from customers. But, the liability ownership changed with the deadline for compliance. Now, should an EMV chip card be swiped as opposed to dipped, and concurrently a fraudulent chargeback is claimed, the business is liable for chargebacks above $25. If, however, you have an EMV reader, then the liability shifts back to the card issuer, and this remains true even if the chip is damaged.
This fine print can have a dark impact on restaurants and bars, which already face high overhead and tight margins. It’s not safe to expect the card issuers to perform deep investigations for each chargeback, so the process of fighting these can be difficult, tiresome, and time-consuming. Accordingly, there are some basic questions that you should pose to restaurateurs when they are evaluating whether they need to make the switch.
Is the average check size above $25? – If a restaurant’s average check size is above $25, it should consider EMV more closely. For chargebacks above $25 when an EMV-enabled card is processed without an EMV reader, the liability shifts to the restaurant. In other words, without an EMV reader, a restaurant will likely be on the hook for most fraudulent chargebacks.
Is it a popular night spot or club? – Bars and clubs tend to see a higher rate of fraudulent chargebacks, which eats into margins and managers’ time. If your customer is a bar or nightclub that frequently see high tabs, it’s worth looking at bringing EMV online.
Do fears about chargebacks and liability keep them up at night? – Adopting EMV is a way to avoid the hassle of managing fraudulent chargebacks and worrying about liability. Peace of mind is enough for many restaurants.
Stored Cardholder Data
Another real concern with EMV is physical access to stored cardholder data at the point of sale. While EMV technologies have made advances to protect this data, many POS systems haven’t, making this a point of vulnerability.
Traditional EMV processors will not effectively protect cardholder data at the point of sale, which means that the restaurant goers’ information is more susceptible. However, there are next generation POS solutions that utilize secure cloud processing technology to prevent this customer security risk. In other words, vulnerable cardholder data is stored in a way that denies access to third parties. Not even a data security expert at the POS providing company could access the data un-encrypted.
As such, should your merchants wish to make the EMV switch, advise them to invest in a more advanced POS technology that will better protect their customers’ information and give them peace of mind. It is also worth noting that most cloud-based POS systems include an integrated EMV solution at a lower cost, requiring no support fees and an automatic download of the latest software; this saves time, money, and offers more flexibility to your customers.
You Hold the Information
The integration of new technology always comes with growing pains, especially when it’s being implemented on a national scale. However, complying with EMV standards is ultimately a smart choice for restaurant owners. By using dynamic authentication, chip technology keeps data safer and makes counterfeiting nearly impossible. Additionally, having an EMV reader in store makes small business owners less likely to carry liability for fraudulent charges. Finally, with a next generation POS system that complies with EMV cards, small business owners can better protect their customers’ data at the point of sale.
Now, should restaurant clients raise concerns about security within the EMV technology shift, you have a guide to walk them through the necessary steps, and ease their apprehensions.
About the Author
Brad is SVP of Channel and Alliances for Upserve. He brings over 25 years of leadership experience in growing and scaling companies with being most noted for President and Chairman of OnDeck from 2009 through 2013 prior to their IPO. Brad also is passionate about the restaurant space, owning Tini – a popular cocktail and music video bar in Indianapolis as well a loyal Upserve client for several years. He holds his undergraduate degree from the University of Notre Dame and MBA from the Kellogg School of Management at Northwestern University.
Other Point of Sale news of interest: