With an October 1 deadline fast approaching, many merchants are scrambling—or still blissfully unaware of the need—to upgrade their credit card processing technology to accept chip-embedded cards. Accepting the more secure cards is a step all merchants will need to take to avoid liability for fraudulent transactions. Thefts made via purchases with the old magnetic strip cards will no longer be the credit card companies’ problem.
Many smaller merchants are relying on their POS (point of sale) technology providers for help making the switch. ShopKeep is one such provider easing the transition for its customers, who operate its POS systems in 15,000 storefronts and 20,000 cashpoints around the U.S.
Yahoo Small Business Advisor spoke with ShopKeep CEO and president Norm Merritt about the looming deadline and how his company, which offers an Apple-based solution, is helping its customers adjust.
Merritt explains what the change is all about: “The magnetic stripe was easy to duplicate. Now, with EMV, there’s a computer chip on the card that gets updated every time it’s used. When you swipe, the data gets encrypted with 260-bit military-grade encryption and only gets de-encrypted by the card company to determine in sub-one second if that person is authorized to use that card. And it is impossible to duplicate a card.”
Merritt calls the change “a complex thing being forced on the market,” but concedes that it’s necessary. “There’s no easy answer here. There are dishonest people out there taking advantage of any holes. This goes a long way to preventing that,” he says.
To be sure, it’s more than just small merchants feeling the pressure to come into EMV compliance within the month. “While the card readers we’ve been putting in place are EMV-capable they are not yet connected,” Merritt says. In fact, he predicts an enforcement delay: “All of the payment processors are scrambling to get compliance in place to make them work with EMV. And there are large [merchants] not yet ready.” He expects small merchants to be offered a hiatus or reprieve.
Still, ShopKeep is doing what it can to ensure that its customers, who were alerted well in advance to put the deadline on their radar screen, will be ready.
“Merchants with large check averages have more to lose with a fraudulent transaction,” he says. “We first emphasize the need for security and to protect themselves against hacking, which EMV does not address. We’ve addressed that through military grade encryption at the point of swipe, so our systems are impervious to those hackers.”
ShopKeep also recommends that its merchants use machines that work with the technology their own customers want to use. “For instance, as they upgrade their readers to be EMV capable, we offer technology with an NFC (near field communication) antenna. We’re recommending independent merchants adopt that because it gives them EMV and Apple Pay capability,” Merritt says. The advantage of ApplePay? Its biometric thumbprint makes transactions even more secure than EMV, Merritt says.
If your business is floundering, you’re not alone. Merritt says the transition is causing a disruption in the marketplace, and he doesn’t mean in a good way. “There are millions and millions of readers out there. Some folks are on a PC with XP, which is no longer supported by Microsoft. Their reader reads the credit card but the data is not encrypted before it goes into the XP operating system.”
“While the Targets and the Neiman Marcus stores of the world have IT departments plugging those holes, for smaller businesses, all it takes is a rogue employee with a rubber ducky USB that will recognize credit card data,” Merritt warns. “That person could walk away with 1,000 credit card numbers and sell them on the black market.”
Meanwhile, Merritt points out that EMV security won’t do much to prevent online fraud. “Card-not-present transactions cost the merchant more to transact because there’s a higher incidence of fraud. There will continue to be opportunities for fraudsters there.” The evidence: When EMV was implemented in Canada and Europe, the thieves moved to smaller merchants and online shops, he says.
Merritt says ShopKeep wants to help customers “skate to where the puck is going to be.” In other words, be ready for more changes. Indeed, it’s probably only a matter of time before merchants will be faced with another upgrade. As the trade publication PaymentSource noted last week, “EMV will help reduce fraud at point of sale, but that matters less and less as shoppers continue to migrate to online platforms, especially mobile ones.” PaymentSource pointed to the Marketing Research Association’s data, which says just 29 percent of shopping events now take place “in-person only.”
Follow Adrienne Burke @adajane
