Here Comes October 1st: EMV Reader Deadline Looms for Franchisees
It's October 1, 2015 and a line of hackers is standing outside your store waiting for you to turn on your computer system. Why? So they can steal your customers' credit card data and sell it to the highest bidder, of course.
Okay, it might not be that bad (or at least that literal), but this is a date you can't afford to ignore: it's the deadline for merchants to have EMV-capable devices to read the new, EMV chip-embedded credit and debit cards--or face potentially ruinous consequences in the event of a data breach or hack.
EMV (Europay, Mastercard, and Visa), for years the card format standard in Europe, is now the standard for card issuers here in the U.S. Basically, the long-used magnetic stripe on the back of payment cards is being replaced with a chip that encrypts your data at the point of sale.
Come October 1, if you do not have an EMV-capable device and you are hacked, you will automatically be considered liable for the losses incurred as a result of the breach. Conversely, any merchants doing 70 percent or more of their POS transactions with EMV will shift the liability of lost data at that point away from themselves and back to the card issuers.
Why is EMV better?
With traditional mag stripe technology, data is stored on the card itself within the stripe. This allows a POS device to read that data and transmit it to the processor to complete a transaction. There are two problems with this. First, this means your POS system is reading and potentially storing or transmitting that card data in an unsecure way that could be intercepted. Second, all of that card data is stored unencrypted within the mag stripe, so if a card is physically lost or stolen it can be read fairly easily with a simple device.
With EMV technology, the card data is encrypted within the chip and is never stored or transmitted in a usable format through the POS, and thus is of no value to anyone who acquires your card.
Most franchisees operate within a system that requires certain POS types. And while all POS distributors are working hard to meet this deadline, the fact is that some will not make it. If you haven't already, engage with your franchisor (who should long ago have held discussions with both their POS vendor and payment processor to ensure they are doing what is necessary to meet the deadline).
Please note that installing the EMV hardware does not make you PCI DSS-compliant. It just takes your POS out of scope (a good thing) and makes your annual certifications easier. You still will need to do your annual Self-Assessment Questionnaire and, if transmitting data through an IP connection, your quarterly network scans as well.
Remember, it might be years before all of the mag stripe cards are out of circulation. It is not just about what happens at your POS that makes you compliant, it is also about all the other places that card data touches.
Okay, how much?
Complying with this deadline is going to require at least a small investment. Most POS companies will be offering options for a peripheral that can be plugged into an existing POS device and allows an EMV card to be dipped into that device. Cost for this will vary, depending on how the POS vendors do this. If they require one of their own devices, expect it to cost quite a bit more. If they have integrated with one of the more common credit card terminal vendors, it shouldn't cost more than around $200 to $300 per workstation.
Franchisees that use a standalone credit card terminal will have to either add a PIN pad-like device that allows this or upgrade the terminal they are using now. In either case they can likely find one from their credit card processor for less than $350.
For table service restaurants, this will prompt the use of more mobile devices, where the server will leave a small tablet at your table to make a payment; or you will see a small kiosk-type device on your table that allows you to order additional food and drink or play games, in addition to the ability to process your payment and track your loyalty programs.
My last piece of advice is that if you have to spend the money anyway for an EMV-capable device, make sure you get one that also has NFC capabilities so you can take advantage of Apple Pay, Google Wallet, and CurrentC. Watch for more on these payment technologies in coming issues.
Share this Feature
Comments:comments powered by Disqus
- Multi-Unit Franchising
- Get Started in Franchising
- Open New Units