As Jan. 1, 2000 approached, everyone on the planet was told to update their computer. Why? Original computer programs were not written to handle a four-digit year, and pandemonium was going to occur if programs and hardware were not updated. However, the date came and went and pandemonium didn’t occur.
Now you can mark Oct. 1, 2015 on your calendars. According to MasterCard, Visa, American Express and Discover, come October 2015, if a customer presents you with an EMV chip-based card, you are supposed to be able to process it on an EMV device.
So, what is EMV? EMV stands for “EuroPay, MasterCard and Visa” — and it’s not new! The rest of the world has been using EMV cards for almost a decade.
An EMV card is different because of the small metallic square embedded into the card. That square is actually a computer chip, and that is what sets these cards apart.
Today, you swipe a magnetic strip on your credit card to pay for a purchase via debit or credit. The information (hopefully encrypted) on the magnetic strip is sent to the processor that sends back an approval code. However, the information on the strip never changes and contains all your data.
When an EMV card is used, it is inserted (called card dipping) and the small metallic computer chip is used to create a unique transaction code every time you shop. That new code is written to a computer chip, changing your card every time you shop. So, unlike your magnetic stripe cards whose data never changes, every time an EMV card is used, the data on the card changes and can only be used once, never to be used again.
Less Fraud, But There Is A Cost
Credit card fraud rates in countries that have adopted EMV are a fraction of what the U.S. is currently experiencing. In fact, half of all credit card fraud in the world now occurs in the U.S. That, along with the massive breaches that have occurred in the last few years, has prompted the credit card companies to draw a line in the sand.
Think about what happened at Target. Data from 70 million magnetic strips was stolen. If, instead, EMV cards had been used, the thieves might have still broken into the system, but the stolen information would not have done them any good. The information they were stealing could not be used. The only transaction numbers to which they would have had access would have been unusable, and any attempted fraudulent transactions would simply be declined.
Credit card fraud is how we got here. So, what is it going to cost?
The cost is going to vary greatly by retailer. At a minimum, you will need the EMV terminal for every POS station, including your seasonal checkouts. You may also need to upgrade your computers. Are you still running XP? You shouldn’t be; they are not PCI complaint.
The bigger issue is that you may need to upgrade your POS system. Lots of retailers do not stay on the current version of their POS system. POS providers are scrambling to comply with EMV and make the necessary changes to their software. They will not be going back and making previous versions of their software compatible.
The cost of EMV equipment varies from $200 to $900, depending on the model you buy. Why the range in prices? Like a car, EMV comes with options. An EMV with a pin pad is much less expensive than an EMV with signature capture, Point-2-Point-Encryption (P2PE) and a payment display. The more features, the more expensive the device.
Then, there’s the encryption. Like pin pads, all EMV devices are encrypted, and that encryption matches your processor and (sometimes) your POS software. What that means is you cannot simply Google EMV terminals and buy the cheapest model you find. Your device has to match your POS system and your processor.
How To Know If You’re Ready
The best advice is to call your POS partner. They should know exactly what you need and the options available. Before you make the call, please be aware that, in many cases, your options on EMV terminals are going to be limited. Most POS systems will only certify one or two devices to work with their systems. Unless you are willing to start processing EMV cards outside your POS system, you will need to pick your EMV devices from a very small list.
Do you need a POS upgrade? If you are running an older version of your POS system, then, in all likelihood, an upgrade will be necessary. And garden centers are just one part of a POS system integrator’s portfolio. In other words, if you need an upgrade, start planning for it now. Don’t call your POS partner in September and expect to be upgraded and ready to use EMV on Oct. 1, 2015.
What happens if you can’t take an EMV card on Oct. 1, 2015? Nothing. You can still use the magnetic strip to verify the card, get an approval code and get paid. But — and this one is big — if the consumer presented a chip card and you didn’t process it on an EMV device, and you have a breach, you are totally responsible for the losses, not the bank! “Totally” doesn’t mean the purchase at your store; it means all charges made due to the breach. Then, there are the fines and the publicity and the loss of consumer confidence in your store.
The burden of credit card fraud is, in essence, being moved from the banks to the retailers. It’s a titanic shift, and every retailer needs to be prepared. To protect your customers, your garden center and yourself, you need to make a plan now and move forward on it quickly.
Of course, you could always skip EMV and stop taking credit cards!
Old Cards Will Still Work
On a positive note, magnetic strip cards will continue to be used for quite a while. EMV chip-based cards will have both the chip and a magnetic strip so customers can use their cards everywhere. The credit card companies want to insure your ability to use their product.
You Might Be Ready Now
A second positive note: Some retailers have already purchased EMV compatible equipment. The Ingenico isc250 is widely used in the green industry because the encryption and signature capture are EMV-ready devices. So, check your equipment — it may be EMV compatible already.