|Providing protection in a digital world|
|Written by Brent Casey|
|Wednesday, 20 May 2015 04:23 PM America/New_York|
How Christian retailers can minimize risk as customers’ mobile payment options grow
There is a lot of talk these days about EMV cards (an acronym for Europay, MasterCard and Visa), liability shifts and Apple Pay. Despite the ubiquitous nature of information, retailers—including Christian retailers—are uncertain of how their businesses should respond to this changing financial landscape. In fact, many wonder why they should even bother with the expense and fuss of becoming EMV compliant.
The rush to EMV (also referred to as chip cards, smart cards or chip and PIN) is predicated upon the belief that the embedded computer chip will be far superior to magnetic strips in protecting cardholder information and accounts from would-be thieves and hackers. Traditional magnetic strip cards contain a significant amount of information about the cardholder and their account. Once a card is swiped at your store, that information is transferred to the stand-alone terminal or software used to process the transaction and from there across the network to the card issuer for approval. Unscrupulous types are tempted to test the security of terminals, networks and computers to gain access to this information. These days even the most secure systems are subject to a security breach.
PROTECTING YOUR CUSTOMERS
Historically, cards with magnetic stripes are susceptible to a variety of scamming techniques. The content on the magnetic stripe is complete, unencrypted and relatively easy to steal.
Conversely, an EMV card with an embedded chip and built-in encryption protocols enhance and ensure a more secure experience for the cardholder by using a small computer chip to interact with every payment device. The chip, which makes the card “smart,” stores information, performs processing and contains secure keys that help generate cryptographic data. But the most important aspect of an EMV card is the dynamic data generated with each transaction. This data makes it virtually impossible to create counterfeit cards or replay intercepted transactions.
Once presented on an EMV-compliant device, a tokenized number—rather than the actual card information—is provided to the merchant’s reader, whether connected to a stand-alone terminal or integrated into a POS software application. This process closes a possible point of breach and enhances cardholder security and keeps the bad guys from obtaining usable information. Utilizing a PIN adds further card security. In fact, the Payment Card Industry Security Standards Council (PCI SSC) indicates that acceptance of an EMV card with a PIN is superior to signature EMV and far more secure than the magnetic stripe.
Readers are available as “contactless” or “contact” configurations. With a contactless reader, also known as a near field reader (NFR), your customer simply taps or holds the card within an inch or 2 of the reader. Contact readers require the card to be inserted into a slot on the reader from the beginning of the transaction to completion. Both provide the same enhanced security and confidence for the cardholder.
At Bookstore Manager Software, we are enhancing our software and testing readers to make sure our users have a low-cost option to become compliant. Also, since we have partnered with National Processing Company to provide aggressively competitive processing, we are able to help our users traverse the implementation of the EMV technology.
AVOIDING UNNECESSARY RISK
The big question for the retailer is: What happens if a merchant does not implement these changes?
Historically the card issuers (Citibank, Chase, Capital One and others) have borne the cost of fraudulent cards. As of October 2015, the PCI-SSC has mandated that the liability for fraudulent transactions shift to merchants who do not upgrade their card acceptance system to be EMV compliant. This means that, beginning in October, retailers who are not EMV compliant will be at risk every time they swipe a card.
With lower average transaction amounts and the smaller market in which Christian merchants operate, fraudulent transactions seem to be a low-risk endeavor. However, merchants need to be aware that a non-compliant store will bear the entire cost of every bogus transaction. This includes the cost of the lost merchandise as well as chargeback fees and other costs imposed on questionable transactions. Plus, in the event of a breach (loss of cardholder information), additional financial burdens will include cost of the forensic investigation, replacement of cards and penalties imposed for compliance violations.
What about Apple Pay and other mobile device wallets? Apple announced its new mobile wallet payment solution on Sept. 9, 2014. Apple Pay and other similar products are a virtual wallet where consumers can store their credit and debit cards until that moment when they decide to purchase something. Since Apple Pay utilizes well-defined standards and technologies such as NFC (Near Field Communication), transactions ride the same processing “rails” that other cards use.
Similar to EMV cards, Apple Pay exchanges the “clear” (actual) card data for tokenized card information. Only the token is saved to the iPhone or other device. Likewise, the retailer will never access the actual card number. Remember, to accept Apply Pay or any other digital wallet, retailers must deploy a contactless solution.
UPGRADING YOUR CHECKOUT
As a retailer in the Christian products industry, what should your course of action be? Depending on whether you use a stand-alone terminal or Point of Sale (POS) software, your process and cost may be different. Let’s consider software first.
Bookstore Manager Software users will be able to add an EMV reader for about $200-$250 per checkout station. We do not charge users who are active on our Maintenance and Update program for the software enhancement, so hardware is the only additional expense.
Check with your POS software supplier for information on how to implement its EMV solution. Upgrading your software may be as simple as loading the latest update or a more difficult process. Simple or difficult, retailers will want to avoid waiting until Sept. 30 to get the software and hardware up to date.
Merchants who use a stand-alone terminal should expect to replace both the terminal and PIN device. The processing agent will confirm if an existing terminal is EMV compatible. It is also possible to use an EMV-enabled terminal to eliminate the added cost of a PIN pad, however, the terminal is usually positioned facing the clerk. This creates a situation where the frontliner will need to turn the terminal toward the customer to allow for card reading or PIN entry. The EMV PIN pad eliminates this exercise since the PIN pad may be customer-facing at all times. An added bonus is that consumers are accustomed to PIN devices, reducing customer training. The cost? Retailers who use terminals and PIN pads can expect to spend $400-$500 per station to complete the conversion.
Regardless of your implementation, you should begin now to budget for the hardware and/or software you need to become compliant.
A word of caution: While there are many honest people providing payment processing services across the nation, the new EMV rules have provided other, less scrupulous representatives of processors an opportunity to “scare” Christian retail merchants and ministries into poor decisions concerning card processing. Often, equipment leases are structured so a merchant may pay four or five times the value of the terminals. Other times there may be fees hidden in the processing charges that are hard to discern on your statement.
As a registered ISO for the card brands and enjoying a close relationship with National Processing Company, Bookstore Manager Software is uniquely positioned to assist Christian operations in evaluating offers and options regarding processing. This is a service that is not limited to Bookstore Manager users. We are committed to the Christian booksellers industry and will help any Christian retailer or ministry make informed decisions.
INVESTING IN TECHNOLOGY
How soon will consumers get EMV cards? Industry experts expect that 50 percent of all cardholders will have EMV cards by the end of this year. Coupled with expected compliance of more than half of all retailers at the same time, EMV transactions should be common by this Christmas.
How does investing in this technology benefit a retailer?
First, retailers who are compliant will continue to enjoy the confidence that the issuing banks will bear the liability burden. This is no small matter, considering that fraudulent card activity is continuing to increase with each passing day.
Next, compliant retailers may avoid future fees or other costs. Consider that, according to the Federal Reserve Bank of Kansas City, losses from card fraud in the United States are estimated to be more than $3 billion annually. These types of losses have been built into processing fee structures for many years. Nonetheless, issuers are eager to transfer this liability to the merchant. Merchants who fail to adopt EMV could find themselves burdened with additional fees and higher rates.
Finally, new technologies such as Apple Pay, Google Wallet and others will influence the way people make purchases. By having the capability to accept EMV cards and digital wallets, stores will never miss a sale due to an inability to take a payment. An EMV upgrade is an important measure to protect your business from financial loss or additional costs from fraudulent charges.
With the glut of information concerning EMV and cardholder security you may find yourself frozen into inaction. Avoid this pitfall by ensuring you are working with a trusted resource as you implement these necessary changes.
Brent Casey is vice president of operations at Bookstore Manager Software (bookstoremanager.com) in Abilene, Texas. The leading provider of point-of-sale and other tech solutions for Christian retail stores, Bookstore Manager has been a registered independent sales organization for the card brands since 2002.