Six tips for becoming EMV compliant
“Liability shift” is a phrase striking fear in the hearts of payment accepting retailers, restaurants, hotels, banks and more. The October 2015 shift of liability from banks to sellers (attended transactions) is now less than one year out. Hardware, software, and payments processing vendors who operate in the POS marketplace are at various stages of EMV compliance, development, and marketing to sellers in the position of identifying the best long term solution for their organization.
How are sellers going about the process of moving to an EMV compliant solution?
If your organization has a PCI Compliance Officer or a Chief Security Officer, the transition likely sits squarely in their court. For those organizations that do not have an employee tasked exclusively with focusing on PCI compliance and security, the IT department is likely next up for research, recommendations, and implementation of EMV compliant systems.
Derek Nettles, Director of IT for the Dickie Brennan Restaurants, has recently implemented an EMV-compliant payment solution throughout their four restaurants in the French Quarter. The tablet solution, provided by TableSafe, allows customers to pay their bills from their table without handing their credit card or payment to a third party. The tablets are EMV ready, and are compliant for digital signature verification, or PIN verification — two factor identification methods deemed acceptable. With this solution, Nettles took the opportunity to combine the transition to EMV compliance with the addition of customer self-service options.
On behalf of the Dickie Brennan Restaurants, Nettles initiated the search for a digital payment device to allow customers to pay their bill without waiting for a waiter or handing over their credit card. By necessity, the solution was required to be EMV compliant, so as not to require additional hardware upgrades in the near future. The appearance of the device was of utmost importance, with a “fine dining” aesthetic that represented the quality and image expected by a Dickie Brennan Restaurant customer.
The research and decision making process, driven by the IT director, took six months, with input from the CFO, and the Director of Operations. The devices were paid for by each of the four Dickie Brennan Restaurants, rather than hitting the corporate office’s IT budget. There were 12 tablets deployed per location and the implementation process began in September 2013 (for the first restaurant), and will be completed in December 2014 (at the fourth location).
Nettles recommends that those in the process of updating their POS systems need to “work with staff members to educate them about what the transition to the new system is all about.” In short, getting buy-in and acceptance from staff is an integral piece to the implementation process. Providing them with enough information to understand the need for the change can go a long way to getting them on board with the transition, making compliance and implementation a smoother process. Additionally, Nettles recommends that those involved in the decision making process “make sure that all solutions and interfaces are compatible.”
What can other sellers learn from those that have recently upgraded to EMV-compliant systems?
Rob Chilcoat of UCP Inc., a distributor of hardware devices specifically for the acceptance of credit and debit cards for OEM cash handling and retail, notes that there are more moving parts in the current U.S. payment processing system than in years past or markets abroad: “Whereas in previous years, payment processors were the primary source of hardware equipment for retailers and sellers, there are a plethora of hardware solutions that are not simply one-size-fits-all. This adds to the mix ‘payment gateways’ that communicate between software, application, hardware & processors.” With this new component, sellers and retailers have increased flexibility to find a solution that best meets their needs, but also creates an unlimited number of options, with the need to select the appropriate hardware, application software, payment gateway, and lockdown software for your organization.
Given that there are many moving parts, how can businesses navigate the transition to EMV compliance?
1. Start early. While you can purchase devices that are EMV-ready/EMV-compliant, the decision making and implementation process can take months. POS system vendors are already seeing a high demand for this service and may have waiting lists that make it difficult to rush the process. Manufacturing and delivery of the new systems, or staff to upgrade existing systems may all serve as bottlenecks throughout the process.
2. Plan for the future. Buy a device and system that will modify and scale as the needs of the EMV system change. Find out what other payment options might be useful to accommodate in the future and determine if the system can be easily modified to add those options.
3. Communicate. Communicate the issues, reasons, and implementation process clearly to everyone from C-level execs to the staff working with the devices. A better understanding of why the transition needs to occur can make it a more positive experience with support from all levels of the organization chart.
4. Identify a list of must-haves.What functions and forms are required? What application or tasks should be included? What is the budget range you have to work with?
5. Select suppliers. Find suppliers that will give you the support needed. Will you need assistance in design, installation, and implementation? Will this vendor make your business a priority? Can they help you meet a particular (agreed upon) deadline? Look for companies that have devices that are compatible with multiple two-factor identification methods, experience in the already established European market, and those with a corporate history that understands scalable systems that are flexible in the ever-changing market.
6. Budget funds. Set aside funds that are earmarked for this transition. The implementation may require a staged rollout and should not be shortchanged. Pay for what is necessary to purchase the proper system and equipment. Consider the high cost of not complying, and the PCI fines that may be incurred as well as the cost of a catastrophic data breach for which your organization will be liable.
Some questions to ask early in your process:
1. Can your current system be upgraded with a hardware modification and/or software update?
2. Does your current system meet the needs of your business or are you looking to change vendors or systems?
3. Does your current hardware or software require other upgrades (operating system updates or network changes)?
4. What is the risk to not updating? Can your organization sustain losses due to card fraud and liability, and to what degree? Will the cost of the upgrade to EMV compliance exceed the losses you would likely sustain?
The answers to these questions should help to determine how urgent the shift will be for you, what will be involved in transitioning, and how risky it is to delay becoming EMV compliant. Shaun King, US EMV Specialist for Triton Systems believes that most sellers are educated on the shift to EMV. Having been through the transition with Canada and the UK, Triton (an ATM provider) has first-hand experience with the road bumps we can expect. King states, “It is no longer an education issue, but a timing issue for those impacted by the change.” When sellers will choose to shift and how vendors will be able to scale the manufacturing, servicing, and installation process is the next hurdle on the horizon. The need to become EMV compliant (or be held liable for fraudulent transactions) is no longer an ephemeral idea but is a done deal. Following the advice of those that have gone before may make the process less painful.
(Photo by Ben Watts.)
Laura Miller Laura Miller is an Internet marketing professional with 15 years of marketing experience and a background in qualitative research and marketing strategy. Her current position is as the director of marketing for KioWare Kiosk Software. www