The old saying is that “cash is king.” Even though cash is actually much safer than widel- used debit and credit cards, it’s more of a hassle for both consumers and merchants.
It remains safer because in the U.S., at least, credit and debit cards employ outdated technologies that are ripe for hacking. The U.S., in fact, is the only developed country where credit card processing hasn’t shifted to more secure EMV chips.
That’s about to change.
What Is EMV?
While it may sound like some kind of electric-powered car, EMV actually stands for Europay, Mastercard and Visa—the credit and debit card issuers that jointly developed the technology designed both to enable mobile payments and improve international operability and security. It is a global standard for smart chips that are integrated directly into cards to replace the outmoded magnetic strip.
How is this more secure? The magnetic strip contains static data only: the card number and expiration date. It’s easily counterfeited. The EMV chip contains dynamic data, which encompasses dozens of encrypted and unique data points including a security code that changes with every transaction.
Kiplinger quotes MasterCard’s senior vice president of product delivery, Carolyn Balfany: “Even if fraudsters were to intercept a transaction, creating a legitimate transaction with the information would be nearly impossible.”
So even if thieves crack a company’s customer information database, as happened recently with Target as well as other major retailers, the data would be basically useless. As Janna Herron points out in Bankrate, there’s no database hackers can crack to obtain a dynamically generated security code, simply because it is generated randomly and, once used, is never used again.
While it doesn’t prevent actual theft of the physical card, or online fraud, you can’t counterfeit an EMV-enabled card as you can a magnetic strip card.
Related Guide: Business.com Guide to Taking Credit Cards
If EMV-cards are so impervious to attack, why is it that, according to Level2Kernel, an insignificant 0.12 percent of all card transactions in 2014 in the United States used the technology?
Because EMV technology is expensive and time-consuming to test and implement. That’s why the players in the payment system industry—credit and debit card issuers (banks), users (merchants), and the financial firms that manage the transactions—have resisted implementing EMV, which has been around since the 1990s.
Moreover, as The Washington Post reports, the amount of fraud due to counterfeit cards was manageable up until the major data breaches at Target and other larger retailers. But the credit card companies issued an ultimatum three years ago that beginning in October 2015, merchants that accepted non-EMV cards would assume all liability for fraudulent transactions (ATMs and gas stations are the exceptions, with extended deadlines to 2017 due to the extra challenges and expenses to change out their particular card readers).
Related Article: Fraud is Now a $5.5B Business—Are You At Risk?
Is Your Business Ready for EMV?
If it's not, it should be. Fox News reports how increasingly difficult it is for smaller merchants, which are big targets for hackers, to recover from the loss of consumer confidence resulting from data insecurity. Already, there are reports of increased fuel-related credit card fraud; the theory is that fraudsters are getting while the getting is good, before the 2017 deadline kicks in for gas stations to put in place EMV-capable card readers.
So you need to get moving. Fortunately, as noted by Tom Gara in The Wall Street Journal, the point-of-sale terminals you need are readily available. Unfortunately, there’s extensive testing and certification required beyond just installing the machines.
Consider the investment in new EMV equipment as necessary to accommodate consumer preferences as well as to improve security. Think of it as a potential competitive differentiator that you accept the latest technologies.
Related Article: Don’t Be Spastic with Plastic: Why SMBs Should Accept Credit Cards
How To Implement EMV
So, like it or not, you need to make the change. Mobile Payments Today recommends the following:
- Put together a dedicated team or person to manage EMV implementation. This is a complex transition involving a number of evolving issues. It’s not something to be done when you get a chance to look at it. It’s something that needs to be carefully looked at now, and implemented with concentrated focus.
- Partner with your processor. If you’re not getting the support you need from your processor to migrate to EMV, find another processor.
- Upgrade to NFC. As long as you’re paying for new technology, you might as well ensure your terminals have NFC (Near Field Communication) capabilities that allow mobile smartphone transactions. Historically, wherever EMV is implemented, NFC becomes equally popular.
- Consider additional encryption. Remember, the onus for fraud liability is now on you. So the more encryption you use, the better protected you are. EMV is a good step, but also consider implementing Point-to-Point encryption (P2PE) and tokenization to add to your payments processing system.