By Jeremy Gumbley, CTO, CreditCall
The U.S. is one of the last major economies to adopt EMV card technology, which replaces magnetic stripe card payments with more secure Chip and PIN or Chip and Signature based transactions. With organizations having to upgrade or replace every POS terminal and their payment infrastructure before the 2015 Liability Shift, time is of the essence.
Today, financial institutions take on the high costs of card reissuance and fraud reimbursement — but after the October 2015 migration deadline set by Visa, MasterCard, American Express, and Discover Financial Services, retailers will be the ones who are liable for fraud. According to 2011 data from The Nilson Report, the U.S. accounted for a staggering 47% of global credit and debit card fraud. Countries where credit cards have adopted EMV payment technology fared much better.
Advertisement
Why is EMV more secure?
EMV-enabled cards are often called “smart” cards. The chip inside the card contains cryptographically secure information that allows a secure authentication process at the register to prevent skimmed or counterfeit cards being used. Many EMV solutions include P2PE which means sensitive card holder information is encrypted at source which means retailers aren’t transmitting personal information through their networks. The added safety means retailers can reduce security-related costs that arise from PCI DSS compliance requirements.
The traditional magnetic stripe is far less secure. It contains customer information which can be duplicated much more easily and cheaply, increasing the risk of fraudulent transactions. The combination of the U.S. being the world leader in fraudulent activity and the 2015 liability shift, growing pressure exists for retailers to make the move from the magnetic stripe. Even so, some retailers are on the fence about whether EMV is the way to go.
Why not forget about EMV and embrace mobile payments?
Retailers have notably been slow to embrace EMV, citing an overwhelming infrastructural undertaking and an underlying concern the technology will be dead on arrival in the face of mobile payment technology. Although mobile payments are influencing our lives every day, they aren’t quite ready to overtake cards. In fact, not even close. The U.S. Bureau of Labor Statistics showed Americans spent $10.7 trillion on shopping alone in 2011. Meanwhile, in 2012, mobile payments only accounted for about $24 billion in transactions, according to a recent Gartner report.
Assuming 2011’s number is similar or higher when 2012’s aggregated data is released, the major difference between card, check and cash transactions and mobile transactions indicates cards aren’t going away any time soon.
That’s not even mentioning that mobile still has plenty of hurdles to overcome. Take Google Wallet, for example. After investing an undisclosed amount and $300 million in acquisitions, mobile carriers are teaming up to ditch Wallet support and back Isis, which is currently only a test program.
Some might argue that the leap into mobile is even more of a leap into the unknown than EMV. There simply aren’t national, let alone global, standards in place for mobile payments in the same way there are for other existing payments methods. Speaking of global, credit cards are accepted standards of payment for tourists worldwide, something mobile has lot of catching up to unseat. In summary, we can’t leapfrog EMV in favor of mobile. Cards aren’t going away, they’re simply changing. The retail industry can’t sit on its hands when it comes to reviewing its POS terminal infrastructure.
What are the next steps?
To roll out EMV successfully, retailers and other merchants must upgrade or replace their POS devices. This doesn’t just include furnishing EMV-enabled card readers and POS terminals, it also includes integration and complex certification and testing. Because the cost falls on the retailer, budget is a massive consideration and there are other cost effective options available as the deadline approaches.
So what does your roadmap look like? Consider the answers to the following questions to help determine cost, timing and logistics within the October 2015 deadline. Every retailer is different, so there isn’t a one size fits all solution, but don’t be afraid to work with third-party solutions providers for an outside opinion if undertaking the task internally seems monumental.
Know your hardware and software: Some hardware and software will need to be totally replaced, while some can accept upgrades that will enable compliance.What can be upgraded with kernel deployments? What has to be completely swapped out? When planning for EMV, are you also planning to integrate contactless/mobile-enabled solutions?
Choose how the POS customer experience should be: The Durbin Amendment gave retailers and other merchants the ability to choose whether to require a PIN, or a signature for cardholder authentication for magnetic stripe debit and credit card transactions. The same decision will also impact EMV-enabled cards. How do you want your customer experience to work? How will that change your hardware and software needs?
Get ahead of the learning curve: Both employees and customers are likely to be unfamiliar with the chip-based EMV cards and POS systems. What can you do to prepare? What resources do you need to implement companywide employee training? How can signage and employee assistance help?
Retailers are just scratching the surface of the EMV transition. As the 2015 deadline creeps closer, many have yet to plan their migration and some are still in the early stages. Waiting for mobile to supercede EMV doesn’t provide a stop-gap alternative for this inevitable change in card technology. Solutions providers are coming up with cheaper ways to complete system overhauls, but it’s up to key decision makers to reach out and start planning for a more secure retail experience.
Jeremy Gumbley is the CTO and technical director for CreditCall. Starting with the company in 1999, he spearheaded the company’s technical development. Gumbley is a veteran of the payments industry, having driven product and technology development roadmaps to accommodate EMV migration programs in the UK, Europe, Africa and the Middle East as well as the U.S. and Canada. As CTO, he is responsible for the design, development and implementation of the company’s card payment solutions and portfolio of EMV Level 2 Kernels. Under his technical leadership, the company has licensed and deployed over one million Kernels in the last decade. In addition, Jeremy oversees the maintenance of the company’s PCI DSS Level 1 compliance.