EMV Charges Up Security

September 28, 2015

If you are a consumer with credit and debit cards, chances are you’ve opened your mail recently and were greeted with a new credit card that include an embedded computer chip. For consumers, these chipped cards mean added security and maybe a little more peace of mind when using the card at local retailers and ATMs.

But at the other end of the transaction, retailers who take cards may find the addition of the chip adds confusion and potentially increased costs for their business.

The new chip cards are called EMV.   The name is derived from the names of the original companies, Europay, MasterCard, and Visa, that developed the new security standard for credit card processing. EMV has been in use across Europe and around the world for a few years and is quickly replacing older cards in your customer’s wallet. These new cards create a unique transaction code every time they are used. If a cyber-criminal was to hack information from a single transaction they wouldn’t be able to duplicate the card, since no usable information would be available.

After last year’s massive credit card security breaches at Target and Home Depot, issuing banks and large-scale retailers started moving quickly to roll-out this more technologically advanced credit card system.

Considering how many users and retailers conduct business with credit and debit cards, this is an epic job. Not only will 600 million new credit cards find their way to consumers, but retailers will be obligated to upgrade their in-store technology. The cost of the new card readers and supporting technology may be a sizable investment for smaller retailers. For retailers who use the smaller mobile readers the cost may be as low as $30, but other retailers could spend between $400 and $600 for each new card reader. And if changing to an EMV credit card acceptance requires updating an entire POS system, the cost could be several thousand dollars.

Effective October 1, 2015, a new mandate for the way credit cards are processed takes effect. After that, if a counterfeit or compromised card is used for in-store transactions the liability for unauthorized transactions shifts from the issuing bank or processor to whichever party is the least EMV compliant. So, if a retailer is still using non-EVM technology, they will be liable for the losses. For smaller retailers, the question now is the risk of liability more expensive than the cost to upgrade. If you look at the results of the credit card breaches from this past year, most of the fraud that occurred didn’t happen at Home Depot or Target, but rather with retailers such as The Apple Store. The Apple Stores did not incur an information breach, but ended up as popular targets for thieves with fraudulent cards to purchase high-priced – and very pawnable – goods.

It’s surprising how many retailers have installed new card readers but haven’t taken the steps to train their employees on how to use them. In many cases, new card readers have been installed in stores but the chip and pin functionality has not been activated even as customers are asking to use it. Smart retailers clearly understand the investment has to be made in both upgrading hardware, as well as the time necessary to train employees on how it works.

So how big a target will your store be for fraudulent transactions? High-end jewelry and artwork retailers may be surprised that they have suddenly popped up on the radar for credit card criminals. As retailers become more fortified with EVM technology, smart crooks may begin to look for alternative, softer targets such as museum stores or other non-profit retailers.

Stores with ecommerce capability should be on the lookout for increased fraudulent activity for online or “card not present ” sales. It’s logical cyber criminals will take the fraudulent card information and move to friendlier online environments, as other avenues are lost to them. Fortunately for the retailer, liability for online losses remains with the issuing banks and processors.

Ultimately, security conscious consumers may find they’re most comfortable spending money where their transactions are less at risk. Changing over to an EMV system sooner rather than later may turn out to be good for the retailer and a strategic marketing tactic.

By Jama Rice, Executive Director and CEO of MSA.