There is a new revolution in payment technology underway and all retailers need to be aware of how it will impact them and their customers. We have come a long way from our local merchant extending credit over the barrel to those clients who they knew well. In the 50’s Diner’s Club, American Express and Visa started issuing general purpose cards, meaning that the card holder could use the card at multiple stores. Next up was Bank of America issuing their card and licensing it to other banks, and finally in 1976, what we know as Visa came into existence.
Now you can mark Oct. 1, 2015 on your calendars. MasterCard, Visa, American Express and Discover expect that come October 2015, if a customer presents a retailer with an EMV chip-based card, they are supposed to be able to process it on an EMV device.
So, what is EMV?EMV stands for “EuroPay, MasterCard and Visa” — and it’s not new! The rest of the world has been using EMV cards for almost a decade.
An EMV card is different because of the small metallic square embedded into the card. That square is actually a computer chip, and that is what sets these cards apart. If you have gotten a new card within the last 6 months or so, you now have a chip card.
The way it works today is you swipe a magnetic strip on your credit card through a magnetic swipe reader to pay for a purchase via debit or credit. The information on the magnetic strip is sent to the processor who sends back an approval code assuming that you have enough credit on the card and it has not be reported as comprised. However, the information on the strip never changes and contains all of the data needed to clone a card. A cloned card can be used just like your card and can have anyone’s name on the front. It is the data that is swiped that tells the credit processor who owns the card.
Each time an EMV card is used, it is inserted (called card dipping) and the small metallic computer chip is used to create a unique transaction code. That new code is written to a computer chip, changing the card every time you shop. So, unlike your magnetic stripe cards whose data never changes, every time an EMV card is used, the data on the card changes and can only be used once, never to be used again.
Less Fraud, But There Is A Cost
Credit card fraud rates in countries that have adopted EMV are a fraction of what the U.S. is currently experiencing. In fact, half of all credit card fraud in the world now occurs in the U.S. That, along with the massive breaches that have occurred in the last few years, has prompted the credit card companies to draw a line in the sand.
Think about what happened at Target. Data from 70 million magnetic strips was stolen. If, instead, EMV cards had been used, the thieves might have still broken into the system, but the stolen information would not have done them any good. The information they were stealing could not be used. The only transaction numbers to which they would have had access would have been unusable, and any attempted fraudulent transactions would simply be declined.
Credit card fraud is how we got here. So, what is it going to cost?
The cost is going to vary greatly by retailer. At a minimum, retailers will need the EMV terminal or device for every POS station, including if they have mobile devices. Intuit is currently in the process of switching out older terminals for the IPP350 which is EMV compliant. Lastly, they are also switching Merchant Service Platforms; therefore, a retailer will need the IPP350 that is programmed for the new platform. They may also need to upgrade their computers. Are they still running XP? XP is a big NO NO as those computers are not PCI compliant.
The bigger issue is that retailers may need to upgrade their version of POS. Lots of retailers do not stay on the current version of POS and while the merchant service processing will work on the older versions, it most likely will not be made EMV compliant, especially the non-supported version (V10 and earlier).
How to Know If You, as a Retailer, Are Ready?
Educate yourself on the new requirements and know your options. You should also know that if you call September 30th and want to upgrade, it will take time to get the software, install it, etc. If you are on a very old version, your installer may need to stair step the file to get it to V12.
What happens if a retailer can’t take an EMV card on Oct. 1, 2015? Nothing. They can still use the magnetic strip to verify the card, get an approval code and get paid. But — and this “but” is big — if the consumer presented a chip card and the retailer didn’t process it on an EMV device, and it is a fraudulent transaction, the merchant is totally responsible for the losses, not the bank!
The burden of credit card fraud is, in essence, being moved from the banks to the retailers. It’s a titanic shift, and every retailer needs to be prepared. To protect themselves and their customers, every retailer needs to become EMV compliant as quickly as possible. Of course, they could always skip EMV and stop taking credit cards and go back to managing accounts over the cracker barrel… NOT!
Old Cards Will Still Work
On a positive note, magnetic strip cards will continue to be used for quite a while. EMV chip-based cards will have both the chip and a magnetic strip so customers can use their cards everywhere. The credit card companies want to insure your ability to use their product, but retailers will need to be prepared to know what to do when presented with an EMV card so that they don’t swipe when they should dip.
Author: English, William S., President of English Management Solutions, Inc. August 2015