The US is the last G-20 country on Earth that isn’t using EMV cards - which have a microchip rather than a magnetic strip - but change is rapidly approaching.
NB: This is a guest article by TJ Sassini, CEO of ZOZI.
October 1st heralded the introduction of “Payment Networks’ Liability Shift” in the US whereby businesses - not credit card companies - will be responsible for reimbursing consumers when fraud occurs.
The shift to EMV (a standard set up by Europay, MasterCard and Visa) is intended to reduce fraud for in-person transactions. As a result, many online retailers are waiting to invest in EMV technology until a “truly unified payment system” - which features security for mobile, retail and online transactions - emerges.
However, this is a mistake.
Experts predict that since it will be harder to hack offline transactions, fraudsters will instead focus their efforts on ecommerce. Online retailers have to be prepared, and can (and should) also leverage EMV solutions to secure online transactions. For example, MasterCard and Visa both offer EMV authentication programs that provide an added layer of security.
EMV is designed to improve payment security, which is a major and growing concern. Global losses due to card fraud have risen steadily over the past few years. The Aite Group found that counterfeit card fraud doubled between 2007 to 2014, and now represents 10 cents out of every $100 transacted. Card fraud is predicted to cost the US $10 billion this year.
EMV chips are an effort to stem, and prevent, these losses, and their implementation will have an impact on card-present and card-not-present businesses alike.
EMV chips keep payment data more secure than magnetic strips by using encrypted data that is unique to each purchase. This makes data nearly impossible to duplicate. EMV chips are already the norm outside of the U.S. The adoption rate of EMV is 83.5% major European countries and 59.5% in Canada, Latin America and the Caribbean.
In contrast, it was just 7.4% in the US at the end of 2014, according to EMVCo LLC, a global consortium devoted to EMV development and implementation.
The liability shift is designed to fuel adoption of EMV technology by businesses, although it is not yet widely adopted. According to a survey from Fiserv, a global provider of financial services technology, only 5% - 10% of U.S. retailers have replaced their traditional credit card scanners with ones that accept the EMV card.
And more than six out of 10 credit card holders had not received their replacement EMV cards by October 1, according to a CreditCards.com report.
One challenge is that EMV cards only work with special credit card terminals and readers, which means businesses have to upgrade their systems. Intuit conducted a survey which found that the biggest barriers to small businesses becoming EMV-complaint is cost and a lack of time or resources.
It estimates that 86% of small business owners who will not migrate, or are undecided, may not be able to handle the financial and legal liabilities of fraudulent card transactions.
The shift to EMV affects all businesses, online and offline. Here are six steps to help small business owners prepare for and benefit from this shift.
1. Understand the difference between chip card systems
New EMV readers are designed as Chip-and-PIN or Chip-and-Signature devices. This means merchants can either accept the EMV card with a PIN number or require a signature, as with traditional credit cards. If you integrate a Chip-and-Signature device, keep in mind that you may need to upgrade your hardware again when PIN transactions become the method-of-choice for processing transactions.
2. Purchase EMV card readers
The average EMV card reader costs about $200 for a new model and as little as $150 for a refurbished model. You can also rent a terminal for about $100 or less per year, and merchants who use Square can pre-order an EMV chip reader for $49. It’s fair to say that this is not a major cost commitment.
Beyond cost, merchants also need to consider the right type of terminal for their business. Do you need a counter-top terminal for face-to-face transactions or a wireless terminal for sales made at events or on-the-go?
Wireless terminals are ideal for tour and activity operators who want to process payments offsite, such as after a tour is completed. If you only process payments from an office or booth, than a countertop terminal is more appropriate
3. Update all software programs
Your new EMV card reader may come packaged with software that you will need to install on all devices, including POS terminals, mobile payment devices (like tablets), and handheld devices that you use to process payments. The installation process can be completed within an hour or two, so consider going through with the EMV migration after-hours or during a slow period when you won’t need to process any customer transactions.
4. Protect yourself from the Heartbleed Internet security bug
Approximately 17%of secure websites were affected by the Heartbleed bug in April 2014, according to Netcraft. Heartbleed poses a threat to all companies that use the popular OpenSSL software programs. If you use Google, Yahoo!, and other online services, you may be at risk. Protect yourself from Heartbleed by changing your EMV software passwords and other online passwords regularly.
For additional protection, make sure employees never share passwords.
5. Train your employees
Prepare a training seminar, webinar, or presentation to ensure all your employees are aware of the switch to EMV and know how to use the new readers and software.
And since customers will no longer need to swipe the card, employees will also have to change their language, asking customers to “insert” their card in the reader (instead of “swiping”) and leave it there for a few seconds to process the transaction.
6. Notify customers that you are EMV-compliant
After achieving EMV compliance, send out an email or formal letter that explains what is going on. Summarize the industry-wide changes and explain how EMV helps your business ensure the security of its customers. This shows your customers that you are trustworthy and prioritize their security, and can easily accept their EMV chip cards as a form of payment.
Remember that customers who choose to pay with traditional magnetic stripe credit cards can still complete their transactions with the new credit card readers—EMV readers are designed to accept both magnetic stripe and microchip-enabled cards.
Adopting EMV does not mean you have to turn customers with older credit cards away. But it’s in every merchant’s best interest to process all transactions using new, EMV-enabled machines.
NB: This is a guest article by TJ Sassini, CEO of ZOZI.
NB2:Image by Shutterstock.