Eight things retailers need to know about EMV
Through a special arrangement, presented here for discussion is an excerpt of a current article from Commerce Anywhere Blog.
If you’ve received a new card from your bank in the last six months, it is likely an EMV card with a chip. Banks are issuing EMV cards and retailers are installing EMV-capable terminals. Both are working toward the October 2015 deadline whereby a liability shift occurs.
Today, when a counterfeit card is used in a store, the bank takes the loss. In October, if the bank has issued an EMV card but the retailer has not upgraded to an EMV terminal, the retailer takes the loss resulting from counterfeit cards.
But there are many other nuances with the EMV migration. Below are eight aspects every retailer should know:
1. If you’re not already testing EMV-capable terminals, you’re behind. But you’re not alone as many retailers are questioning the cost of upgrading terminals. The rollout in the UK and Canada took several years.
2. The EMV specifications allow several methods for cardholder validation: online PIN, offline PIN, signature, and none (for low value transactions like vending machines). The issuing bank decides which method to use. The card brands are recommending online PIN, but many banks have chosen signature which is much less secure. Only Mexico and Brazil continue to use signatures.
3. The chip in the EMV cards is really aimed at preventing counterfeit cards but it does nothing to help with other types of fraud. Retailers are still not responsible for stolen card usage.
4. The EMV specification supports both contact and contactless (NFC) cards with some cards supporting both. As mobile payments mature, it’s likely that contactless gains popularity so it’s probably worth the investment in terminals that support NFC.
5. New EMV cards will continue to have a mag-stripe for several years as terminals are upgraded. If a consumer tries to swipe an EMV card in an EMV-capable terminal, the terminal will ask them to insert instead. Expects slower lines as consumers learn this.
6. When a card is inserted, it must be left until the transaction completes. Cashiers must educate consumers to leave the card during the transaction, but not forget the card when complete.
7. Initially fraud won’t decrease. Instead, card-present fraud in stores will migrate to card-not-present fraud online.
8. Account numbers are not encrypted. Each transaction gets a unique cryptogram that ensures the card is not counterfeit, but otherwise the account number and associated data travel the same path we’re used to. Put another way, EMV cards and terminals would not have prevented recent thefts at large retailers. But it does make it harder to use the stolen account numbers, because EMV cards can’t be counterfeited and used in stores.
What challenges do you see with the rollout of EMV-capable terminals? What may go wrong? How should store operations be preparing?