Regarding SMBs that may believe they don’t need to worry about EMV…
It is apparent that many SMBs think that, due to their size, they do not need to worry about EMV openness –or that EMV migration does not apply to them. This reflects a significant gap in consciousness and understanding out there in the market.
As an industry we must check out the efficacy and robustness of efforts to educate this industry segment on the effect of the liability change and, just as importantly, how customer expectations will change when they get accustomed to using EMV at major retailers.
Verifone does not deal directly with SMB merchants, but we are working together with our processor and acquirer partners to provide as much education and training support as they should shut this awareness gap. There’s a large disparity between bigger retailers and smaller retailers, and partially that reflects the fact that larger retailers have committed personnel, and due to their sheer size they are ready to draw support from their support providers. However, how do you replicate that in Joe’s Pizza store? Everybody involved in the payments value chain should concentrate on bridging that gap.
SMBs will need to comprehend the effect of the liability shift. When they don’t meet EMV requirements and card fraud occurs in their places, they are left holding the bag for the complete cost of the fraud. Merchants only have to check at their charge rates to determine just how much that could hurt, or in some instances bankrupt their business.
The largest threat to EMV…
I believe anyone in the market could tell you that the biggest problem with EMV at this time is that the looming certification bottleneck. And the biggest aspect of that dilemma is the dilemma of certifying individual POS solutions.
So, by way of instance, if you are a chip that has clients using POS applications from 200 distinct solutions providers and an estate of 8 payment terminals, that amounts to 1600 distinct certifications.
And, those certificates will normally require 4-6 months. Thus, you do the math, if a POS solution provider is only beginning to consider EMV certification, there is likely no way they are going to be prepared for the liability change deadline. Also, recertifications which will be required when any modifications are made to all those applications solutions.
We believe the best approach is to isolate the payment information to the terminal, that way you do not need to certify each and every POS integration.
When an acquirer or chip only has to reevaluate the 8 terminals in their estate for EMV, that is a manageable position. You can now approve those POS solutions using a simple testing procedure as opposed to a complete and separate certificate.
So for instance, using our Secure Commerce Architecture and our payment terminals can radically lower the certification process to a matter of weeks rather than months.
Seeing cost-related concerns some SMBs might have regarding EMV willingness…
We believe fear and misunderstanding actually overshadows the real expenses involved. Payment technologies has become more affordable, and it is delivering more and more revenue-generating capacities.
We would expect that merchants view the EMV change as an opportunity to make the most of terminals’ new features and performance –for example:
- Interact with clients and their smartphones to provide improved promotions and offers to keep them coming back to and purchasing more
- And, access advanced analytics that will help them identify opportunities and maximize profitability.
When consumers become used to using EMV at big retailers, they are likely to associate EMV with stronger security. And, smaller merchants that don’t accept EMV could be at a disadvantage if they get viewed as the secure alternative. At minimum, that could erode consumer confidence and reduce customer loyalty, which might be equally as catastrophic as bearing the cost of fraud for not being EMV capable.
Regarding a Frequent mis-understanding of EMV. .
I’d like to bring another consideration that is crucial when it comes to protecting card information. Lots of people mistakenly feel that EMV will fix the growing problem of information breaches. That couldn’t be farther from the truth. EMV is NOT a safety”catch all”
It solves the dilemma of using counterfeit cards in an EMV surroundings, but it would not have prevented some of the significant merchant breaches seen over the last couple of years. And, in spite of broad EMV adoption, it is likely to be years before we see magstripes disappear.
Thus, it’s important to concentrate on protecting card information, not just the card, and the best way is using a multi-layered approach to safety that couples EMV approval with end-to-end encryption and tokenization and Secure Commerce Architecture.
Verifone recommends a multi-layered approach to payment protection. This includes EMV approval coupled with end-to-end encryption and tokenization in addition to Secure Commerce Architecture. With end-to-end encryption and tokenization, payment information is encrypted from the moment it is accumulated at the point of swipe, also, it stays encrypted or tokenized as it travels to and from the merchant and the chip. Even if cybercriminals were able to get their hands on this information, it would be useless to them because it is encrypted.
Another important layer to successful payment system security is Secure Commerce Architecture–or”SCA”–that connects the terminal directly to the chip.
This prevents payment information from entering the integrated POS, or PC-based electronic cash register–that is the most frequent channel used by cybercriminals to insert malware which deletes payment data.
All these measures include the multi-layered approach to safety that we’ve been advocating for quite a while.
►►► ConnectPOS is a cloud-based POS software compatible with multiple platforms including Magento, Shopify & Shopify Plus, and BigCommerce.
Our Feature Posts: