With all the buzz surrounding the upcoming move to EMV in the USA, merchants are being bombarded with a sea of information and misinformation as to what that will mean. Having been in the business for my whole adult life, I have seen these sorts of applications doomsday scenarios before. (Remember Y2K?) The biggest challenge with these sorts of modifications is separating the fact from fiction, and deciding what the true impact is going to be for your company. With EMV, there’s an enormous amount of hype, and I’d love to share my knowledge on the subject to hopefully help some company owners sleep better at night.
EMV is 30 year old technology that’s intended to protect the card manufacturers (MC, Visa, Amex, Discover), and provides no security to the merchant or user. Its sole purpose is to confirm that the card being used is valid, and not a counterfeit card created with the intention to defraud.
Where EMV has been implemented in markets like Europe, credit card specialists will tell you quotes such as”brick and mortar fraud has fallen to almost zero.” What they don’t mention is that online and card not present fraud goes through the roof. So for all the work and cost involved in implementing EMV, all it really accomplishes is to change fraud from one source to another.
This will limit your choices with respect to credit card processors, as every EMV”chain” must be certified individually, which is allegedly a 6 month procedure. Meaning that 1) every credit card processor, working together with two ) every POS company must certify 3) every POS EMV apparatus which is to be utilized. Obviously if you do the math, this is much too many certificates to happen in a realistic timeframe, so”less significant” chips will get locked out of EMV entirely. This means fewer EMV choices, thus less competition, leading to higher credit card charges for merchants. The certificate bottleneck will have the unintended effect of creating a monopoly for bigger processors who will throw their weight around to get into the front of their EMV certification line.
The hospitality sector only accounts for 9 percent of counterfeit card fraud. The cause of this is that the dangers of having a fake credit card in person are large, so fraudsters will usually target large box retailers, purchase the most expensive TV from the shop, then go sell it on line. Taking that risk merely to get a free lunch or dinner, in contrast, is a foolish risk, and that’s why the hospitality sector accounts for a disproportionately low percentage of their complete brick and mortar fraud.
Point to Point Encryption (P2PE) has existed for at least half a decade, and will all but eliminate the kinds of PCI compromises you hear about now. The way it works is that the card swiper instantly deletes the sensitive credit card information before it sends it to the POS system. So that your POS system never gets access to sensitive information, and thus you’re virtually 100% shielded from a PCI breach. Although this protects the merchant AND consumer much better than EMV, the card manufacturers never really pushed it since it was not to their advantage. As you can see by all of the hype surrounding EMV, the card manufacturers can find the message out when it is their money at stake, but do not really care about advancing technology that would really protect the merchant and customer.
According to industry data, the typical restaurant may expect to see 1-2 fake cards each year. So you will need to contrast the reduction on 1-2 meals versus the investment which the card manufacturers are asking you to make by buying hundreds if not tens of thousands of EMV gear — just to serve the interests of their credit card brands. Once more, the billion dollar credit card companies are using their leverage to make money from the working man’s pocket!