EMV communications, webinars and lectures are certainly the hot topic of the year and continuing to grow. This is a trend I expect to continue into the fall and holiday season as the US deploys new payment processing solutions. At conferences I have attended and observed there has been a plethora of EMV based topics, oftentimes delivered with great angst and trepidation.
At schools throughout the country I meet IT, compliance, and business officers who are evaluating where they stand and asking what needs to be done. In some industries such as high-volume retail establishments I see a swell of focus approaching levels not seen since Y2K.
EMV is certainly a real and significant transition for all of us associated with payment processing. There are procedural changes, there is likely to be equipment expense and there are business risks we all need to be aware of. However, based on my conversations over the past few years I am optimistic that the education payment industry will be less burdened than most others. This is primarily due to our reduced volume of in-person card present payments as well as a greater tendency to stay up-to-date with equipment.
That being said there are still some things to be aware of and changes we will all experience in order to make this a smooth transition for ourselves, our students and their families. Education and awareness is the first-step to making this a seamless change.
1. Why EMV?
Credit card fraud continues to grow at an alarming rate. As merchants and consumers this is something we all need to deal with. EMV technology is a proven step toward helping to reduce the use of fraudulent credit cards in a card present environment. It does this by making counterfeit cards, as they exist today, obsolete. It does not provide protection against data breaches but it does make that data more difficult to use and profit from.
2. What is EMV?
EMV refers to a set of technologies that are intended to reduce fraud associated with in person card based payments. The letters “EMV” are derived from the organizations that helped originate these solutions: Europay, Mastercard and Visa. Although EMV is new to the US it is not a new solution. EMV is a global standard, governed by the trade group EMVCo, that has been around for almost 20 years and is widely used throughout the world outside of the US.
3. What isn’t EMV?
EMV is not a magic cure-all, it is only part of our toolkit to help prevent fraud. Most notably, EMV will only help with in-person transactions where counterfeit cards might be presented for payment. Additionally, the upcoming deployment in the US will be somewhat limited due to its initial focus on Chip and Signature rather than the more secure Chip and PIN solution.
In a Chip and Signature solution consumers will utilize their new cards with microchips but they will still complete their transaction using a signature as they do today. This reduces the ability to counterfeit the card but it does nothing to help validate that the person presenting the card is the rightful owner. Chip and PIN is a more sophisticated solution that will extend consumer protection by requiring that a secret code (PIN) be used when making a payment instead of the signature used today. We all know how illegible and ignored signatures can be in today’s retail environments. PIN adds a second authentication factor that has been proven to provide meaningful protection. This type of solution is what you will find implemented at virtually all ATM’s in use today. Many of us in the industry are strongly advocating that we quickly move toward a CHIP and PIN requirement and I expect we will see this happen over the next 5-10 years (quickly is a fuzzy term when it comes to payment processing changes).
The biggest thing to be aware of is that EMV has no impact on card-not-present (CNP) transactions. In fact EMV deployments in other parts of the world have shown that there is likely to be a migration of fraud to CNP channels as fraudsters seek the path of least resistance. As an industry that receives the majority of our payments online or over the phone this is something we need to consider. It is important that we be properly prepared to deal with this likely event.
4. What is the significance of October 1, 2015?
On October 1st the card brands will be implementing what they call the “Liability Shift”. This is being done to spur adoption of EMV and has been successful in doing so in other parts of the world. The liability shift essentially means that in the case of fraud whoever was the least prepared to prevent the fraud will bear the burden of the financial liability. In practical terms – if you are not capable as a merchant of processing EMV transactions then you will be taking on additional risk and liability effective October 1, 2015.
5. What does it mean to be capable of EMV transactions?
Here’s the good news, this is pretty easy to do. It simply requires that your card payment terminals have EMV capabilities. Most terminals manufactured over the past few years have had this capability even if you have not used it and responsible sales-agents have been assuring that any new equipment deployed over the past few years is already EMV capable. My suggestion is to take a full inventory of all card processing equipment used on campus and identify those that are not already EMV capable. This would include traditional desktop readers, POS equipment and any mobile/portable solutions you may have in use. If you have any questions about your equipment be sure to speak to your provider. If you need new equipment it is fairly inexpensive and given the low quantity of terminals I typically find on campus this is a manageable and worthwhile expense to avoid the liability shift.
For additional information you may find value in monitoring the following websites:
If you would like additional information on the topic of payment acceptance, download a copy of our free guide “A More Strategic Approach to Payment Acceptance.“