Planning for EMV Payment Security
As I mentioned in my February Divisional Update column, VISA (and now MasterCard) have announced EMV will be required to secure credit and debit payments by 2015 or liability for counterfeit transactions may shift to the merchant.
The EMV specification is a global standard for interoperable credit and debit payment cards, POS payment terminal and transaction processing networks based on microprocessor “chip card” technology. The EMV payment process can function online or off-line, and validates that the person presenting the card or phone is the owner of the account.
EMV is often referred to as “chip-and-PIN,” but both signature and PIN processing are allowed within the EMV specification, with PIN being the most common option worldwide. Allowing both is very important: As contactless payments via mobile become widely adopted, having to enter a PIN for small purchases will unnecessarily slow the transaction process. The payment application can determine if a PIN is required based on the purchase amount: No PIN is required for purchases less than $5, for example, but the buyer could be prompted to enter one after a total of $30 in non-PIN purchases.
Adoption of EMV in the United States has been discussed for years, and there are clearly pros and cons. On the positive side, EMV:
• Has been proven to reduce credit card fraud.
• Creates a single global payment security process (of the major world economies, only the United States has yet to adopt it).
• Encourages mobile contactless payments, as retailers can purchase payment equipment for both mobile and EMV.
On the other side of the ledger, EMV will require retailers to purchase new POS devices and modify/upgrade their POS application and networks, a very expensive proposition. New cards will need to be issued to consumers; the retail industry has estimated five years and $10-plus billion dollars to implement EMV.
So how does a retailer prepare to meet this mandate? ARTS recommends five steps:
• Gain an understanding of the various implementation options for EMV and chip-and-PIN.
• Learn best practices from those who have already implemented in Canada, Europe and elsewhere.
• Participate in retailer-led associations and groups like NRF and the Merchant Advisory Group, which are organizing to collect and share knowledge and influence the payment industry to implement EVM processes conforming to retailer requirements and fair fees.
• Evaluate EMV conversion costs compared with the added expense of potential chargebacks minus the reduction in PCI audit costs offered for implementation. Based on this analysis, a retailer might decide not to convert — or to convert by store or region, depending on the volume of chargebacks.
• Develop an implementation plan that considers current and future payment alternatives for cards, mobile and biometrics from multiple payment processors, with a bias toward open standards-based solutions like the payment standard being developed by ARTS.
The importance of standards
Why are standards so important in the payment process? Consider the multiple players in the ecosystem: acquiring bank, networks, issuing bank and nearly three dozen payment solutions and processors that a retailer may wish to link with to offer payment alternatives to customers.
Use of standard data formats and protocols within the payment ecosystem will make it easier for retailers to change payment process, thus creating competition that can have a positive influence on service fees. EMV and mobile payments will require modification to the payment ecosystem, and retailers would be wise to define the standards and promote adoption. The proposed ARTS standard creates the payment function as a stand-alone SOA service that can be integrated to POS applications. This will clearly reduce the time and cost of PCI audits, and the associated open protocol will ease EMV implementation.
The ARTS payment standard will be placed in the public domain, and we encourage organizations interested in creating a fully comprehensive “payment standard” to consider working with NRF and ARTS to enhance/expand and promote global adoption.