EMV and NFC is Here. Is your business Ready?
NFC (Near Field Communications) and EMV (Europay MasterCard Visa) also known as Chip and PIN, chip and signature, or or smart card payments are due to take full effect in October 2015. This date has been set by Visa and endorsed by MasterCard is spurred by the fact that the United States is the last major country in the world to adopt this more secure payment technology. This fact has made the US a target for international hackers seeking easy targets for ID theft, credit card fraud, and information harvesting.
Thankfully we are moving forward, the deadline for US acquirers (credit card processors) to enable their systems to not only support EMV transactions but to also utilize dynamic authentication has long passed April 1, 2013 and the deadline for merchants to upgrade their card acceptance methods to support EMV enabled cards is October 2015 - or face a liability shift. The initial implementation of EMV is going to be with Chip and signature. Although the proven and seemingly safest adoption would be to follow the existing European model of Chip and PIN combined with dynamic authentication. This is due to the inability for many smaller platforms to invest in the technology enabling them to support PIN based EMV transactions.
What is Dynamic Authentication?
Dynamic authentication is a process by which a cryptographic message is included with each transaction to make each one completely unique. The combination of contact less chip and PIN transactions coupled with dynamic authentication has proven throughout Europe to greatly reduce the credit card fraud rates experienced by retail merchants and consumers alike.
Why is the U.S. the last major country to adopt EMV chip and PIN/signature payments?
The answer is as simple as it is confusing! It really just comes to money. Business owners and card issuing banks have resisted adoption because of the cost to implement. Business owners will need to upgrade their current payment acceptance methods to include EMV readers and encrypted PIN pads while banks will have to produce the much more expensive chip enabled cards. Ironically these relatively small investments will make huge steps to long term cost savings and in the battle against credit card fraud. If credit card fraud rates in the U.S. are reduced as they were in other countries it would seem that the interchange cost of transactions could be lowered while simultaneously merchants will have much less time and money invested in fighting fraudulent charges and identity theft and counterfeit credit cards.
Why should you care about the October 15, 2015 EMV deadline?
Because the EMV adoption deadline for merchants comes with both benefits and penalties set by Visa and MasterCard to expedite the adoption of this technology. Merchants who embrace EMV technology before the deadline will benefit. One of the biggest benefits is that merchants who are able to generate 75% or more of their sales from EMV capable terminals will be relieved of their need to annually validate PCI compliance. This will not relieve merchants from needing to maintain their PCI compliance standards but will present an annual time and cost savings. Additionally merchants who have installed EMV enabled terminals will receive relief from the PCI audits, fines and fees in the event of a breach. Conversely after the October 2015 deadline merchants who have NOT integrated EMV payment technology at their places of business will have increased liability in the event of a breach. Business owners who choose not to invest in EMV technology will be held liable for all fraudulent transactions that are processed using an EMV card on a non EMV compatible terminal. This liability will include forensic costs, card replacement and the laundry list of other fines and fees that were traditionally charged to the card issuing bank if a merchant was PCI compliant. This liability shift is a stiff incentive for business owners to take the proper steps and enable their payment systems to accept EMV payments.
Apple Pay, Google Wallet, Softcard and NFC.
When it comes to mobile wallets I just want to ask can’t we all just get along? EMV and NFC are often times confused as being the same but this is not the case! As NFC gains speed and support in our day to day lives it has fueled the battle for mobile wallet dominance. Everyone from Google Wallet, ApplePay, Softcard (formerly ISIS wallet for obvious reasons!), major card brands, to coalitions of major phone service providers have all drank the cool aid and jumped in the pool. The technology that enables our smart phones to make payments is NFC or Near Field Communications which is similar to the technology of EMV but is NOT the same.
EMV is a defined set of specifications for authentication, risk management and transaction authorization. An EMV contact transaction takes place physically by inserting an EMV contact payment card into an EMV reader, whereas, EMV contactless transactions take place by presenting an EMV contactless card in front of an EMV reader at a very short range to activate the radio frequency communication.
This is in contrast to NFC which is a technology similar to Bluetooth that enables a radio connection between two electronic devices within proximity to each other. NFC technology isn’t directly associated with financial transactions like EMV transactions are. NFC’, however, can be applied to enable contactless payments via mobile devices, in addition to its much broader applications for data sharing, keyless door entry, and much more.
NFC and EMV are not the end all in payments security.
Although NFC and EMV technologies are incredibly exciting from the standpoint of increased consumer safety resulting in higher spending and innovative products like the mobile wallet it is not the end of the road in the search for fraud proof credit card payments. One thing is for sure though and that is that it is an important intermediate step to secure our payment system protecting both business owners and the public. So what lies beyond NFC payments? Ultimately it appears that the future of payments will rely on cloud based technology. For now, however, the focus is to bring the payment system in the United States into the 21st century and adopt EMV chip and signature payments. Although the initial push is not being implemented with the already proven chip and PIN dynamic authentication that will undoubtedly be coming in the not so distant future.
What do you need to do to be EMV Ready?
Simple! All you need to do is make sure that your terminal or card reader is EMV compatible and enabled. If your current terminal is not EMV compatible then you will need to buy a new one (or add a SoftPay reader) and I recommend that you purchase a EMV and NFC compatible terminal so that you can not only process EMV payments but allow your customers to pay with their Google Wallet, SoftCard, or by ApplePay if they like. EMV compatible terminals will range in cost from about $350-$700 depending on your business' needs and EMV card readers for your POS system will start at around $150. If you don't want to put the money out up front companies like the Merchant Doctor will be able to set you up with a lease or even a FREE terminal program if you switch to their services.
The Merchant Doctor was created to provide superior merchant services while simultaneously being an advocate for today's business owner in the complex world of payments. Our ability to adapt and stay ahead of the curve in technology while providing personalized service have made us the authority in the credit card processing industry. You business deserves a credit card processor who will pro actively work to make your business better.