Safety First: Reassessing Your POS System
The October 1, 2015 deadline for EMV-capable POS readers has come and gone. And much like Y2K 16 years ago, the world did not end and most POS systems are still working just fine.
As I am writing this, only about 40 percent of credit or debit cards in the marketplace even have the EMV chip on them, a number expected to reach only around 65 percent by the year-end. Banks are dragging their feet on shipping these cards. After all, why would they rush to flood the market with cards that shift the liability from you to them?
In addition, even if a consumer does have an EMV chip on their credit or debit card, about 60 percent of POS terminals are still not enabled to accept them. While we may be seeing EMV-capable terminals installed, the software has not yet been turned on because of programing issues.
With Visa's Technology Innovation Program (TIP), any merchants including "Level 4" businesses (those doing fewer than 1 million Visa or MasterCard transactions per year, i.e. the vast majority of franchisees) would be exempt from the much-hated Annual Self-Assessment Questionnaires if they can accept 75 percent or more of their total transactions using the chip technology. However, based on the penetration numbers above, this is not likely to happen until first quarter of 2017 at best.
One of the issues that has slowed adoption from the merchant side is both merchant and consumer unhappiness with the time it takes for an EMV transaction. Typically, it takes just 1 or 2 seconds for a swiped transaction at a POS terminal. But with the EMV cards, consumers must dip or insert their card into the terminal and leave it in the device for about 20 seconds, greatly slowing transaction times. Imagine how this has affected the QSR industry, where speed of transaction is of the utmost importance.
Nobody really wanted to deal with this last October as they were moving into the busy holiday season. I think the speed-of-transaction issue may ultimately push more franchisors and franchisees to start paying attention to contactless NFC technology. Almost all terminals shipped with EMV capabilities also have an NFC reader that allows for the faster (and some might argue, even safer) Apple Pay, Android Pay, and Samsung Pay NFC transactions.
With the holidays over, I think many CTOs are now pushing to get this done. And even if it is impossible to reach that 75 percent threshold until perhaps early to mid-2017, the transactions that do get processed this way will be safer than the swiped ones.
Who supplies your software?
Another issue I am looking at now is the new Qualified Integrators & Resellers (QIR) certification from the PCI Security Standards Council. This is an assurance that third-party service providers and integrators meet the PCI Data Security Standard (PCI DSS). Why should you be concerned about this, since it should really be an issue just for your POS vendors?
Here's why. I've been speaking with franchisors for years about their home-grown software and the need to get PCI-certified. In the past, these in-house systems were never mentioned specifically in any PCI regulations, but I certainly felt there could be some liability if such a system were hacked.
Many service concepts, such as carpet cleaners, handyman brands, and other mobile franchises have developed their own software combining CRM, estimating, and even links to a payment portal. If your franchisor has a technology fee that covers this, or charges you a direct monthly fee for software, a good attorney for a consumer group that got hacked would not have to work very hard to prove that your franchisor was a third-party reseller (since they are not connected to you by a tax ID number, in essence forced you to use the software, and is charging you for it).
The deadline Visa has set for all Level 4 merchants to use only certified QIRs is January 2017, about 9 months away. Since it is no easy task and sometimes a bit expensive, I would recommend to all franchisors using their own proprietary software for credit or debit card transactions to jump on this certification right away.
The silver lining with EMV is that franchisors and their CTOs are finally taking a look at their payment technology landscape and taking this seriously. With more than 400 separate breach cases in 2014 investigated by the FBI, this issue is not going away anytime soon, and in fact seems to becoming more common.
Share this Feature
Comments:comments powered by Disqus
- Multi-Unit Franchising
- Get Started in Franchising
- Open New Units