It’s time to make the move! October 1, 2015 is right around the corner and coming quickly. The transition to EMV means greater protection against fraud. It’s clear that small businesses are getting hit from all directions by the rising cost of doing business and converting to EMV can be expensive; however, if you don’t switch to EMV and someone commits credit card fraud through your point-of-sale system, the liability you will face could put you right out of business. Advisen Front Page News outlines some important facts.
The clock is ticking and the rush is on for issuers of credit cards to add the “chips” needed to make the pieces of plastic more secure from fraud and theft as consumers use them amid an environment increasingly fraught with data and security breaches.
Columbus-based credit-card processor TSYS, which also produces and mails out cards for some of those issuers, naturally is in the thick of things as the transition occurs.
“We’re certainly behind the scenes preparing for the shift, and we’ve done a lot of work, purely from a card production standpoint,” said Blake Barker, TSYS senior director of output services. “There are lot of things that are happening that have to be prepared for as you roll this out. All of our issuers have to select the chips that they want to put into their card, what types of applications that they want to put on the chip, in addition to the size of the chip in terms of memory and that sort of thing.”
The stakes are high, with the liability of fraudulent card charges shifting to those companies that opt to not go with the EMV chips and the chip-enabled merchant terminals that make such transactions possible.
The loose deadline — set by card companies Visa, MasterCard, Discover and American Express — for adopting the EMV chip technology is October. EMV is an acronym for Europay MasterCard Visa.
Visa, on its website, cites an Aite research report estimating about 60 percent of retailers that employ 2,500 or more workers — meaning larger businesses — will have the proper chip-capable devices in place this year.
The way the technology works is instead of simply swiping a card during a purchase and waiting for the transaction to be completed — sometimes requiring a signature — the chip-embedded cards are inserted into a transaction terminal and then, after a short pause, uses a one-time encrypted code containing a person’s account information to conduct the sale.
If the issuer requires a PIN, or personal identification number, for the transaction, and the device is capable of accepting a chip PIN, then a signature is not necessary. Thus far, the industry is not requiring PINs and instead will use signature verification — and keep magnetic stripes on cards — as the retail world absorbs and complies with the technology, which is new to the U.S., but has been used in Europe for years.
The key element of the switch to chips is that critical consumer account information isn’t always stored on the card and waiting to be copied or stolen.
That’s unlike the predicament now in which thieves can use data from magnetic stripes to copy and duplicate cards for fraudulent transactions, which are the responsibility of card issuers or merchants, depending on contract agreements.
“As you can imagine, we’ve got some (card issuing and merchant) customers that are kind of on the forefront of it, and they’re running out there and getting it done pretty quickly in big volumes. And you have some that are just starting up and dabbling in it … on a small scale. And we kind of have everything in between as well,” Barker said of the work going on at the TSYS North Center, where 4 to 5 million cards each month are stamped and embedded with data on the traditional magnetic stripe and on the newer chip. In May, the company celebrated the overall milestone of having manufactured 1 billion credit cards since 1993.
Barker said June was a “big month” in general for production and shipment of chip cards to consumers, while July, August and September will also see Columbus employees working hard to fill demand that is ramping up.
“But even as the liability shift comes, I heard a statistic the other day that 50 percent of the merchant terminals will not be ready for the liability shift,” he said.
The first exposure to the new technology for some U.S. consumers will come as they receive credit cards reissued in the coming months with the chips inside them. They are easily recognized by the square, gold or silver metallic-like image on the front of the plastic.
During a conference call earlier this year with Wall Street analysts who follow his company, TSYS Chairman and Chief Executive Officer Troy Woods said about 45 percent of the firm’s direct merchant clients had the EMV-capable terminals installed already.
“We are actively engaged with our merchant community to educate and provide them support to ensure they understand the impact of the fast approaching October liability shift deadline,” he said.
Woods noted that the push to have cards and merchant terminals outfitted with the latest technology had “ramped up toward the end of 2014” and that the company was poised to produce at least 10 times the number of plastic cards in 2015 than it did last year.
The company also has said it expects about 80 percent of its own card clients to be issuing, or at least phasing in, chip cards by the end of this year.
The global card processor’s stake in the manufacture and rollout of chip cards is more complex than making a dollar for doing so. Though it has been largely tight-lipped about data and card breaches, some of its clients have been hit by hackers pilfering valuable personal and financial information.
That has included retailer Target, a longtime TSYS client, which suffered a massive breach during the Christmas shopping season of 2013, with roughly 40 million customer credit and debit cards impacted.
At the time, TSYS stressed it had no connection to the security breakdown that allowed hackers to grab the names, card numbers, expiration dates and three-digit security codes of Target customers making purchases over a three-week period.
While credit cards embedded with the chips is a wave that can’t be stopped at this point, the move to them isn’t without concern.
The National Retail Federation and a handful of other retail and marketing associations sent an open letter to the U.S. Congress in March asking that chip and PIN cards be the standard in the industry, rather than allowing chip transactions with the “weak” requirement of a signature.
“Attaching a personal identification number (PIN) to a payment card drastically reduces fraud by verifying the person presenting the card is authorized to use it,” the letter said. “According to the U.S. Federal Reserve, the benefits of PINs are clear; simply adding a PIN to a debit card transaction makes it 700 percent more secure than transactions authorized by a signature, which can easily be forged.”
The organizations, in their letter, said that merchants spend billions of dollars each year to protect customer data and that it will cost “tens of billions of dollars” during the current transition from magnetic stripes to computer chips as the industry adopts the new security standard.
“Unless we catch up with the rest of the world and utilize the stronger chip-and-PIN technology, the United States will remain the top target for fraud,” the groups said.