2015 EMV Mandate


emv2

We receive calls about the October 2015 EMV mandate every day. EMV will mostly effect big box stores.  Cards will still have numbers and magnetic stripes.  EMV makes it very very difficult to duplicate a card.  However, EMV will be challenging for table service restaurants.  Primarily EMV transfers responsibility for accepting a bad card from the bank to the merchant.  Nobody really knows how this will play out yet for table service restaurants.  It will likely require some type of mobile emv capable device.  The big challenge for development is multiple card platforms that will all certify different devices.

In addition, Future POS is betting on P2P/End-to-End encryption to become the security standard for table service restaurants.  This means that card readers are injected with an encryption by the processor and only the processor has the encryption key.  Thus the card is encrypted at point of swipe and decrypted at the processor.

EMV-Whitepaper
Datacap Guide to US EMV
8 FAQs About New EMV Credit Cards
Costly shift to new credit cards won’t fix security issues
Wal-Mart exec: Credit card upgrade a ‘joke’

 

The Truth about EMV in the Hospitality Industry

by John Giles, President, Future POS, Inc.

  • EMV is 30 year old technology which is designed to protect the card brands (MC, Visa, Amex, Discover), and offers no real protection to the merchant or consumer. Its sole purpose is to verify that the card being used is legitimate, and not a counterfeit card produced with the intention to defraud.
  • Where EMV has been implemented in markets such as Europe, credit card experts will tell you quotes like “brick and mortar fraud has dropped to virtually zero.” What they fail to mention is that online and card not present fraud goes through the roof.  So for all the effort and expense involved in implementing EMV, all it really accomplishes is to shift fraud from one source to another.
  • This will greatly limit your options with regards to credit card processors, as each EMV “chain” has to be certified separately, which is reportedly a 6 month process. Meaning that 1) each credit card processor, working with 2) every POS company must certify 3) every POS EMV device that is to be used.  Obviously if you do the math, this is far too many certifications to occur in a realistic timeframe, so less “important” processors will get locked out of EMV entirely.  This means fewer EMV options, thus less competition, resulting in higher credit card rates for merchants.  The certification bottleneck will have the unintended consequence of creating a monopoly for larger processors who can throw their weight around to get to the front of the EMV certification line.
  • The hospitality industry only accounts for 9% of counterfeit card fraud. The reason for this is that the risks of using a fake credit card in person are high, so fraudsters will generally target big box retailers, buy the most expensive TV in the store, and then go sell it online.  Taking that risk just to get a free lunch or dinner, by comparison, is a foolish risk, which is why the hospitality industry accounts for a disproportionately low percentage of the total brick and mortar fraud.
  • Point to Point Encryption (P2PE) has been around for at least half a decade, and will all but eliminate the types of PCI compromises you hear about today. The way it works is that the card swiper immediately encrypts the sensitive credit card data before it sends it to the POS system.  So your POS system never has access to sensitive data, and thus you are virtually 100% protected from a PCI breach.  Although this protects the merchant AND consumer far better than EMV, the card brands never really pushed it because it wasn’t to their benefit.  As you can see by all the hype surrounding EMV, the card brands can get the message out when it’s their money on the line, but don’t really care about advancing technology that would truly protect the merchant and consumer.
  • Based on industry data, the average restaurant can expect to see 1-2 fake cards per year. So you need to contrast the loss on 1-2 meals versus the investment that the card brands are asking you to make by purchasing hundreds if not thousands of dollars of EMV equipment – only to serve the interests of the credit card brands.  Once again, the billion dollar credit card corporations are using their leverage to take money out of the working man’s pocket!

Future POS’s EMV Implementation Strategy

Because the EMV rollout has yet to really begin, it remains to be seen how quickly it will be adopted, and if many merchants will just forego being EMV compliant because of the prohibitive cost involved, as well as the low risk for this type of fraud in the hospitality industry.  We’ve already seen how bad the rollout went in the UK, and how difficult it was in Canada despite the Canadian market having very few credit card processors in comparison to the U.S..  So I would anticipate a very slow, clumsy rollout in the U.S., and we don’t want to be pioneers in a process that will certainly have a rocky start.  Thus, our goal is to have one EMV capable residual partner by Q3/Q4 of 2015, and any additional EMV certifications we would do will be on a case by case basis, and many residual partners will never get an EMV certification.  We also have no intention to do EMV certifications for processors/ISO’s who are not residual partners.

 

Sincerely,

John Giles

President

Future POS, Inc.