October 1st is around the corner and the new EMV rules take place. Don’t panic if you don’t have new equipment in place … you may not even need to make a change. It is simply a risk tolerance issue. If you are a coffee shop you are not a likely target for someone with a stolen card, and even if you are, your risk is minimal. Be safe and get a picture ID if you aren’t sure or it the transaction is large. If you are selling electronics, you should be following the new rules for reading EMV (computer chip) cards as you are a likely target. It is a common sense issue as we all begin the migration toward more secure transactions. Call us and we’ll help you navigate through the change.
The new rules for EMV processing take effect on October 1st, 2015. These are simply rule changes that shift the liability from the bank that issued the card to the merchant if the merchant does not have equipment capable of reading EMV (computer chip) cards. The only time the liability shifts is if it is a counterfeit card or, in some cases, card not received by cardholder. The equipment needed is not expensive and in many cases may be provided at no cost. The challenge lies with the processors and their ability to support the equipment. It is a work in progress.
Let’s keep some perspective. If you are a business that sells high dollar electronics, televisions, computers, etc., you definitely want to be compliant on October 1st. If you are a business selling flowers, coffee, fast food, etc., you aren’t likely a target for someone looking to steal. Even in the rare case they would target you (which would be extremely rare) your loss would be minimal. So keep things in perspective when making your shift to EMV supported equipment.
Direct Payment Systems is here to help make the shift smooth and inexpensive. Contact us for our view on how your business may or may not be impacted by this rule.
I found this article at money.usnews.com that talks about the EMV issue in greater detail.
Coming Next Fall: More Chip and PIN Cards in the U.S.
When fraud liability shifts to merchants next October, expect more EMV cards and new payment terminals.
Starting next October, payment terminals will likely be required to accept chip-based cards.
By Susan Johnston Oct. 28, 2014 | 9:21 a.m. EDT + More
Americans traveling in other parts of the world are sometimes bewildered to discover that their debit or credit cards don’t work at automated kiosks that use new chip and PIN technology rather than magnetic stripes. (The technology is also referred to as EMV, which stands for Europay, MasterCard and Visa, the three card brands that created the chip in Europe and Canada.)
EMV cards have been the standard in Canada, Europe and other parts of the world for several years now, but they’re not as widely used in the U.S. That’s likely to change next October, when liability for fraud shifts from U.S. card issuers to merchants if merchants don’t upgrade their payment terminals to properly accept chip-based cards. (Some smaller merchants may be slow to adopt the new technology if they feel it’s less expensive to assume the fraud risk than update their payment terminals.) President Barack Obama also recently signed an executive order to embed this technology in all government-issued credit and debit cards.
Instead of swiping a magnetic stripe, consumers insert their EMV card into a payment terminal until the transaction is completed. This reduces the risk of fraud for in-person transactions. “Magnetic stripes contain data that is simply read by a swipe terminal as the card passes through, similar to reading a very short piece of a VCR or tape cassette,” explains Chris Camejo, director of assessment services for NTT Com Security, an information security and risk management company. “The data on a magnetic stripe can also be overwritten, just like a tape cassette. The devices to rewrite magnetic stripes can be bought online for a few hundred dollars, so it makes cloning cards cheap and easy.”
Chip-based cards also contain cryptographic keys, Camejo adds. “Rather than just reading data off of the card, the terminal sends transaction data to the chip, which processes it with the cryptographic keys and then returns the data to the terminal.” Cloning these cards is much more expensive and complicated, so fraudsters tend to exploit the lower-paying fruit, like older magnetic stripe cards.
Chip and PIN cards also require a second authentication factor: the customer’s personal identification number. “This means that an attacker who just steals the card number can’t use it unless he manages to get the PIN as well,” Camejo says. “Theoretically, our current magnetic stripe cards have a second authentication factor as well – the signature – but those signatures are rarely subjected to much scrutiny, especially in the age of self-checkout lanes.”
As U.S. customer cards expire, some banks and financial institutions have already begun replacing the old magnetic stripe cards with chip-based cards. (The cards also have a magnetic stripe as a back-up option in case you visit a country or a merchant that doesn’t accept chip-based cards.) Often, though, these are chip and sign cards rather than chip and PIN cards. “These have the anti-cloning benefits of the chip but lose the strong second authentication factor of the PIN,” Camejo says. “These cards can also be very difficult to use at automated kiosks in European countries that utilize chip and PIN almost exclusively.”
Nick Clements, a former banker and co-founder of MagnifyMoney.com, a comparison website for financial products, predicts that while chip and sign cards are the first wave of chip-based cards in the U.S., issuers will eventually shift to cards that require a PIN. “Card issuers don’t have to issue the chips, but they very much want to, because it’s better for security and consumers want it more and more,” he says. As countries shifted to chip and PIN cards, he adds, their fraud losses decreased. “The United States right now is really the weakest from a fraud protection standpoint,” he says.
If PINs become de rigueur, restaurants will need to adopt the portable card readers used in Canada and Europe so patrons can pay their bill at the table rather than handing over their credit cards – a move Clements feels will ultimately benefit consumers. “It’s shocking how often you give your credit card in a restaurant,” he says, “but this way, you never lose sight of your card.”
If chip and PIN cards are more secure than magnetic stripe cards, why aren’t they more common in the U.S.?
Cost is a major concern for card issuers and merchants. “EMV cards are significantly more expensive to manufacture than traditional magnetic stripe cards, which may explain why many banks are still not offering them despite the fact that the credit card brands are expecting them to be fully deployed by October of 2015,” says Dave Oder, president and CEO of Shift4, an independent payment gateway. In fact, TSYS Acquiring Solutions, which offers payments solutions to financial institutions and businesses, estimates that replacing magnetic stripe cards will cost issuers $3 billion, and merchants will collectively spend $2.5 billion to replace their payment terminals.
And even after issuers and merchants pay billions of dollars to transition to the newer technology, it’s not a cure-all for fraud. “It will likely reduce instances of card-present fraud because it makes it much more difficult – though not impossible – to use duplicated cards,” Oder says. “Will it stop breaches like the ones we’ve been plagued by recently? Absolutely not.” Chip and PIN cards can help prevent fraud for in-person purchases, but they don’t prevent fraudulent purchases online. E-commerce is a multitrillion dollar business, and growing, so merchants and card issuers will need to find other ways to address that issue.
As Clements sums up EMV technology, “it’s not invincible, but it’s better than a magnetic stripe.”
We call it the EMV slow dance. Check out the recent article by Mike Strawhecker. We couldn’t agree more here at Direct Payment Systems!
What is stalling EMV at small merchants?
Mike StrawheckerVP / Director of TSG Metrics at The Strawhecker Group
Three key impediments that are stalling EMV at small merchants:
Limited awareness: While improving, EMV awareness among small merchants remains low, with many unfamiliar with the technology, the upcoming liability shift, or both.
Absence of a clear ROI: Many small merchants are unconvinced by the business case for the rollout of EMV. This is particularly true for merchants whose transactions are dominated by low-ticket items, such as quick-service restaurants. Here, the fraud and chargeback risk is so minimal that many argue any losses brought on by the liability shift would still dwarf the cost of an investment in EMV technology.
A story they’ve heard before: Small-business owners are incessantly hounded by vendors to upgrade to the next greatest technology. To many, the EMV story seems all too similar to many told in the past, causing it to fall on deaf ears.
If you are a merchant make sure you audit your monthly billing statement. Many times increases in fees slip through and is has become common to see penalties for unknowingly being out of compliance with one or more of the new rules or regulations. These penalties likely generate profit for a processor, bank, or sales organization. With a little legwork they can be eliminated. Contact your service organization as ask that they help you remove any unnecessary fees. If they won’t … move your business.
Direct from Direct
What is all this about EMV and Apple Pay? EMV is a globally accepted smart chip technology payment standard established by EuroCard, MasterCard and VISA in the early 1990s. EMV cards come with an embedded microprocessor (chip) that provides better transaction security, card authentication and additional application capabilities not possible with traditional magnetic stripe cards. Apple Pay is the ability to process payments from your customer’s iPhone by having them waive it in front of your payment equipment. It is called Near Field Communication (NFC).
Why EMV? The migration to EMV technology in the U.S. will help:
- Ensure that only the rightful card owner can use the chip card, protecting against lost or stolen card fraud.
- Protect data on the chip against unauthorized changes, protecting against counterfeit fraud.
- Enable U.S. cardholders to use their secure chip payment cards anywhere in the world.
When do merchants have to be compliant?
October 2015 is the important date to remember. It is then that liability will begin the shift to merchants without compatible equipment. There’s plenty of time but now is the time to begin looking for options.
Don’t get fooled. The new equipment is not expensive. The cost can be as little as a few dollars in some cases but will be just slightly above $200 in most.
EMV Benefits for Merchants
Increases security and fraud protection to reduce card present fraudulent transactions and charge-backs:
- Reduces skimming at the point of sale
- Enables increased PIN use for stronger cardholder verification
- Helps prevent the use of counterfeit, lost and stolen cards
Improves customer service:
- Enables PIN transactions for both credit and debit cards, reducing time needed to obtain a signature and the need for authorization referrals.
- Supports contactless transactions which are approximately 53% faster1 than a traditional magnetic stripe card transaction.
Enables merchants to offer cardholders a secure payment of their choice:
- Meet expectations of cardholders who want more secure payment transactions
- Accept foreign cards that are already EMV enabled
Drives innovation in emerging consumer technologies:
- Chip-based applications can be embedded into a mobile wallet, enabling consumers to pay via their mobile devices.
- Chip card technology works on the same technology that enables mobile payments at the POS
Things to think about …
Are you familiar with the new EMV or chip-based payment cards? Have you seen them?
EMV cards are the new cards that the major banks and credit card issuers will be sending out to their customers in the U.S. A few consumers have already received these new cards, however approximately 100 million EMV cards will be issued in the U.S. this year. You will definitely see more customers with this type of payment card very soon. The EMV card contains a gold microchip, which adds an additional layer of security, and will be easily recognizable to you.
Is the current terminal you use EMV- enabled? How is the terminal that your currently use working?
We have a range of solutions from easy to use terminals to full functioning POS solutions.
Do you want to accept contactless payments such as Apple Pay™?
Contactless payments including Apple Pay provide solutions for payment that are 53% faster1 than traditional magnetic stripe card transactions, providing faster checkouts and greater customer satisfaction. In addition, both Apple Pay and EMV provide an opportunity to drive more innovation to the customer experience by adding emerging technologies to boost loyalty, repeat business, and improve customer satisfaction.
Things we hear in the field…
I’m a small Merchant; I don’t need to worry about card fraud.
As recently published and widely covered card breaches at several large national retailers in the US show, breaches and card fraud are extremely costly and damaging to the brand. For a small business, an incidence of fraud can be catastrophic. In addition to minimizing the risk of fraud merchants implementing EMV chip payments in neighboring countries, including Canada and Mexico, have reported a significant decrease in fraudulent transactions. In addition, on October 1, 2015, the merchant whose POS system is not EMV-enabled will assume full liability risk for fraudulent card-present transactions when processing chip cards on a non-EMV enabled terminal.
My bank or processor has to worry about that, I’m covered.
Companies you work with can help but it is up to you to become compliant with the EVM requirements and deadlines.
I don’t take that many payments.
Number or size of payments doesn’t matter. The Merchant will be liable for any and all fraudulent transactions if the point of sale equipment isn’t EMV capable.
Nothing has happened yet.
The likelihood of a data breach is greater than you may think and consequences can be catastrophic. With the move to EMV in Mexico and Canada, more fraud is migrating to the US where EMV has yet to be fully adopted. As a case study, the Netherlands was a late adopter of EMV in Europe – they saw a 300% increase in fraud rate in 4 years2.
DIRECT PAYMENT SYSTEMS
in Des Moines, IA and