Dreading Data Security
Retailers await yet another set of mandates with EMV, expressing concern over additional cost
Processors must be able to handle the transactions and card issuers have to get the specially equipped cards into cardholders’ hands.
The difference between what a merchant is doing today and what is going to happen with EMV involves the transaction itself. With EMV, Tyler explains, the integrated chip on the card has a dynamic number on it. It’s “dynamic” because it changes with every transaction, making it difficult to skim the card (pull important data from it) and make fake cards.
Once inserted into the reader, a validation code from the chip in the card goes off to a host. Once that host validates that the data is correct, it sends a new number that gets written to the chip.
Because of this, every payment device has to be able to read the card data, thus requiring an equipment upgrade. Most devices, Tyler says, can read data, but not all are able to write data to the imbedded, integrated chip. The same would be true for in-pump POS.
“There’s a huge benefit in reducing chargebacks by fortifying the infrastructure,” Tyler says, referring to fraudulent charges that are pushed back to retailers.
But what also changes is the process itself and the time it takes for a customer to pay. In a current transaction, a customer swipes the card and the transaction happens. With EMV, the customer inserts the card and leaves it there as the writing happens.
For many customers, Tyler says, EMV will be a learning process. “One of the things I learned is that it takes consumers a lot longer to embrace the technology than anyone planning for EMV thought it would,” he says. “Consumers are used to swiping and going on with their payment or dipping the card in and pulling it back out. With EMV, that cancels the transaction.”
Knowing that every decision regarding data security won’t necessarily provide a return, suppliers are advising retailers to upgrade pumps as their normal replacement cycles come up, but certainly upgrade with equipment that can eventually be enhanced to handle EMV.
Many suppliers have opted to discontinue selling devices that can’t be upgraded to EMV, says Tyler of VeriFone. As many retailers opt to wait until the deadlines draw nearer to upgrade to EMV, “Unfortunately, here’s where inertia builds,” Tyler says.
Failure to meet the deadlines--whether or not a retailer is caught in the last-minute rush--would be a shift in accountability from the card issuer to the banks, which will most likely then be shifted to merchants. Accountability could include fraudulent charges, mitigation, card reissuance costs and legal fees.
With consequences potentially costing millions of dollars, Tyler says suppliers such as major oil companies are most likely going to demand retailers be compliant. “The oil companies … are not going to be put in the position where retailers will fail,” he says. “Independently, retailers may make the decision not to upgrade, but they’ll most likely have to de-brand.”
Retailers interested in site upgrades typically ask about EMV, says Parker Burke, director of marketing for Gilbarco Veeder-Root, Greensboro, N.C. But that’s not the only place where they’re investing. Often retailers are looking to assess their overall return on new dispensers, possibly including TVs in their pumps as a potential value-add or even a new revenue stream.
“When we talk to forward-thinking retailers, they are not only thinking about their path to EMV migration, but while they are upgrading their equipment, what are the other things they should do to improve their business,” Burke says. “While I’m doing [EMV], how can I take the opportunity to also improve my consumer’s shopping experience?”