To understand what changes are on the horizon of credit card processing, EXEControl Global Solutions reached out to one of our partners. Kristopher Riley, Product Manager for Direct Connect, a partner in credit card processing shared with EXEControl Global Solutions information regarding chip-enabled cards.
For you who do not want to read the entire paper provided by Kristopher Riley, here is the bottom line, starting October 1, 2015 (in one year), VISA and other card issuers are mandating that you process credit card transactions using EMV (chip-read) technology. If you continue to swipe magnetic strips, you will lose the current fraud protection you currently enjoy with the major credit card providers.
Here is what we learned from Kristopher Riley:
We Are Definitely Not In Kansas Anymore
The recent data breach at Target and the resulting stolen credit card numbers was a wake-up call to everyone affected by U.S. consumer security practices. In the aftermath, a chorus of security should’ve, could’ve and would’ves have been on the minds of many companies…primarily the chip card standard from Europay, MasterCard and Visa, or EMV. Since 1993, the majority of the world adopted EMV as the security standard for credit card processing. The U.S., up until now, maintained use of the magnetic stripe that came into existence in the 60s. What happened at Target, while unfortunate, put credit/debit card security on the minds of every American.
The data breach included stolen credit card numbers, customer names, addresses and phone numbers. All told, in excess of 100 million customers had their information compromised. And to make matters worse, it was not just one store targeted. Neiman Marcus, Sally Beauty, Michael’s and countless other smaller retail stores have been hit in 2013. In 2012, Joshua Brustein of Businessweek.com reported, that the U.S., “accounted for 47 percent of global fraud, while processing just 24 percent of the payments [volume]”. The U.S. was obviously doing something wrong. So much so that Senator Al Franken of Minnesota (who is also the Chairman of the Subcommittee on Privacy, Technology and the Law) sent letters to the CEOs of banks and card issuers asking for detailed information regarding their implementation of EMV – with a deadline. Some people might question government’s role in the private sector, stating it is ‘out of place’ and ‘overbearing’. Others understand that when something affects over 100 million Americans; it is the government’s responsibility to step in and protect their citizens – especially when that something is theft. Either way, it is opposite sides of the same security coin. Something needs to happen and soon.
In his white paper, “EMV in the U.S.”,Dom Morea, SVP and Division Manager at First Data, wrote that it is, “[necessary to put] the issue of EMV in the United States into perspective for merchants and [financial institutions]”. In handling that issue, VISA and other card issuers are incentivizing (some consider it penalizing) merchants to take chip-enabled transactions. This mandate is effective starting on October 1, 2015. From this day and moving forward, if a merchant takes a non-chip enabled transaction and it is found to be fraudulent, the liability for that transaction will shift to the merchant or their acquirer. Based on the 2013 Identity Fraud Report by Javelin Strategy & Research, the cost of fraud was nearly $21 Billion in 2012. Considering that the liability for that hefty bill will soon shift – merchants, consumers, banks and other parties involved in credit card transactions should be focusing on using and accepting EMV. Getting chip enabled cards into customer’s hands, certifying terminals to take and transmit EMV data and getting these terminals to merchants is a monumental task. Completing this task by its due date or “EM-V Day”, will definitely have its fair share of winners and losers.
Solutions Sooner Than Later
Even though EMV technology is new to the U.S. marketplace, some companies are already out in front of this change. Companies like Direct Connect are pushing the envelope in technology and preparing merchants for “EM-V Day”. They are making the investments into technology like their DC 80 terminal that is PCI 3.X certified and capable of taking contact level chip-and-pin transactions. Combining that with an integrated, enterprise class gateway and special cost effective purchase programs, merchants have the opportunity to be ahead of this technology change – avoiding the cost and risk associated with non-compliance. Knowing that this real issue has a real date with real repercussions, EMV should be a top priority for every merchant.
EXEControl Global Solutions thanks Kristopher for his insight in this important topic and continued support of the EXEControl Community.
Should your organization be interested in making sure your business is ready for “EM-V Day” please contact EXEControl Global Solutions at email@example.com and/or contact Direct Connects’ Sales Department at 703-481-7000.