It's October 1, 2015 and a line of hackers is standing outside your store waiting for you to turn on your computer system. Why? So they can steal your customers' credit card data and sell it to the highest bidder, of course.
Okay, it might not be that bad (or at least that literal), but this is a date you can't afford to ignore: it's the deadline for merchants to have EMV-capable devices to read the new, EMV chip-embedded credit and debit cards--or face potentially ruinous consequences in the event of a data breach or hack.
EMV (Europay, Mastercard, and Visa), for years the card format standard in Europe, is now the standard for card issuers here in the U.S. Basically, the long-used magnetic stripe on the back of payment cards is being replaced with a chip that encrypts your data at the point of sale.
Come October 1, if you do not have an EMV-capable device and you are hacked, you will automatically be considered liable for the losses incurred as a result of the breach. Conversely, any merchants doing 70 percent or more of their POS transactions with EMV will shift the liability of lost data at that point away from themselves and back to the card issuers.
With traditional mag stripe technology, data is stored on the card itself within the stripe. This allows a POS device to read that data and transmit it to the processor to complete a transaction. There are two problems with this. First, this means your POS system is reading and potentially storing or transmitting that card data in an unsecure way that could be intercepted. Second, all of that card data is stored unencrypted within the mag stripe, so if a card is physically lost or stolen it can be read fairly easily with a simple device.
With EMV technology, the card data is encrypted within the chip and is never stored or transmitted in a usable format through the POS, and thus is of no value to anyone who acquires your card.
Most franchisees operate within a system that requires certain POS types. And while all POS distributors are working hard to meet this deadline, the fact is that some will not make it. If you haven't already, engage with your franchisor (who should long ago have held discussions with both their POS vendor and payment processor to ensure they are doing what is necessary to meet the deadline).
Please note that installing the EMV hardware does not make you PCI DSS-compliant. It just takes your POS out of scope (a good thing) and makes your annual certifications easier. You still will need to do your annual Self-Assessment Questionnaire and, if transmitting data through an IP connection, your quarterly network scans as well.
Remember, it might be years before all of the mag stripe cards are out of circulation. It is not just about what happens at your POS that makes you compliant, it is also about all the other places that card data touches.
Complying with this deadline is going to require at least a small investment. Most POS companies will be offering options for a peripheral that can be plugged into an existing POS device and allows an EMV card to be dipped into that device. Cost for this will vary, depending on how the POS vendors do this. If they require one of their own devices, expect it to cost quite a bit more. If they have integrated with one of the more common credit card terminal vendors, it shouldn't cost more than around $200 to $300 per workstation.
Franchisees that use a standalone credit card terminal will have to either add a PIN pad-like device that allows this or upgrade the terminal they are using now. In either case they can likely find one from their credit card processor for less than $350.
For table service restaurants, this will prompt the use of more mobile devices, where the server will leave a small tablet at your table to make a payment; or you will see a small kiosk-type device on your table that allows you to order additional food and drink or play games, in addition to the ability to process your payment and track your loyalty programs.
My last piece of advice is that if you have to spend the money anyway for an EMV-capable device, make sure you get one that also has NFC capabilities so you can take advantage of Apple Pay, Google Wallet, and CurrentC. Watch for more on these payment technologies in coming issues.
The only publication dedicated exclusively to the hottest topic in franchising - Multi-Unit and Multi-Brand Franchisees.
A unique event because it is highly influenced by its advisory board, consisting of the very best multi-unit franchisees. The board works diligently to ensure that the conference delivers on its promise of being the best platform for franchisees to learn how to grow their businesses.