Posts tagged "EMV"

The following article was posted by OpenEdge Payments on 7/13/2016
For more information: https://openedgepayments.com/emv/update.html

We value our partnership with you and strive to keep you informed related to significant updates across the payments landscape. You may have seen recent stories in the news regarding EMV chargeback policy changes. We’re contacting you to provide an update on how these changes affect you and your merchant customers, and what merchants can expect if they have not already upgraded their systems for chip card acceptance.

What’s the Latest on EMV?
The U.S. continues to see a slow rollout and implementation of EMV. We are now well beyond the start date of October 2015, and most merchants at this point realize there was no need to panic. In fact, only 17% of small to medium businesses using an integrated POS have upgraded to EMV.

The card brands have also taken a step back to evaluate the EMV rollout with both Visa and American Express recently modifying their chargeback policies for merchants who are not yet ready to accept chip cards. Those changes include a decision to block all US counterfeit fraud chargebacks under $25, effective July 22, 2016. According to their own research in the U.S., American Express discovered that 40% of counterfeit fraud chargebacks occur on transactions that are below the $25 threshold.

In addition, beginning October 2016, VISA and American Express issuers will be limited to charging back 10 fraudulent counterfeit transactions per merchant account, and will assume liability for all fraudulent transactions after the limit has been reached on an account. Both of these changes will remain in effect until April 2018. These changes to the EMV chargeback policies are designed to give merchants more time to upgrade their systems for chip cards while limiting merchant fraud losses.

Specific to the verticals that OpenEdge serves, we see low to moderate chargeback risk, with extremely low numbers of chargebacks reported. In fact, over the entire OpenEdge portfolio, only 0.005% of sales volume has been reported as EMV chargebacks.

What Does This Mean to Merchants?
This is good news for your customers. These changes give merchants more time to update their systems for EMV while reducing excessive chargebacks. Please note that there is no action required by your customers related to the updated EMV chargeback policies from Visa and American Express. The changes will be implemented automatically – no intervention is required.

With all of the media coverage revolving around credit card security, PCI compliance, and EMV (chip and PIN) standards, it’s easy to get confused about what’s happening with traditional magnetic stripe credit cards. We at Card Concepts Inc. (CCI) are regularly asked, “Will Visa and MasterCard issue EMV-only cards that won’t be compatible with my CCI system?” EMV standards were adopted in 1995, and 18 years later, only 45% of cards outside of the US are issued with a chip. (Source: EMVCo Worldwide EMV Deployment and Adoption as of Q4 2012 excluding United States)

Major retailers with huge investments in their point-of-sale (POS) systems will not be easily moved to a new POS system. Major issuers will need to replace their entire card-base with chip-enabled cards and that process is estimated to take between 3 to 5 years. Recent documentation from Visa also confirms that magnetic stripe cards are here indefinitely:

  • Visa recommends implementing chip capable terminals that support contact chip, contactless chip, and magnetic stripe capabilities.  (Source: Visa Chip Advisory #20, Updated July 11, 2012: Visa Recommended Practices for EMV Chip Implementation in the U.S. page 3)
  • Visa specifically requires magnetic stripe as the underlying card-reading format – and that it be supported on all cards.   (Source: Visa Chip Advisory #20, Updated July 11, 2012: Visa Recommended Practices for EMV Chip Implementation in the U.S. page 7)
  • Visa also has no current plan to eliminate magnetic stripes. Until global acceptance of the chip card has been reached, Visa says the magnetic stripe will remain on the back of the card.
  • In fact, Visa’s rules require EMV accepting devices to also support magnetic stripe.  (Source: Visa International Operating Regulations (Public version), 15 April 2013, page 421, reference ID#: 150413-010410-0004832)  Visa estimates that mag stripes will be on credit and debit cards for a minimum of 10 years and more likely over 20 years.

Additionally, according to the Smart Card Alliance and Visa, currently all EMV cards have a magnetic stripe. A quote from an infographic called “What is an EMV Chip Card” by Visa, reads “Remember: The chip card still has a magnetic stripe, just in case you need to use it with a traditional terminal.”

Slow adoption of EMV in the United States can also be attributed to the US’s ability to rely on our always-available high speed communications infrastructure for transaction authorization. This system allows merchants to perform online authorizations which provide numerous fraud prevention measures that stop suspect requests for fictitious or non-available payments in offline processing, an infrastructure that other countries are also dependent upon.

Concluding Takeaways: Magnetic stripes on cards, EMV Chips, and CCI systems

Will all current and future EMV smart cards work with CCI equipment, including FasCard and LaundryCard digital card readers?

Yes. While it’s true that EMV technology is quickly becoming more widespread, all EMV chip cards that are in use in the United States must also have a magnetic stripe mechanism for use in payment terminals, which means that all EMV smart cards work with CCI equipment.

What is the liability shift that begins in October, 2015?

The major card brands, Visa, MasterCard, Discover, and American Express, have announced that liability for counterfeit transactions will shift to the party that has not implemented EMV capabilities. Additionally, MasterCard, Discover, and American Express have announced a shift as it relates to lost and stolen chip cards. Liability falls to the party that supports the less secure form of cardholder verification. PIN is the highest form of cardholder verification.

Recently, Visa has announced a shift of lost/stolen liability to the issuer for chip card transactions completed at unattended chip capable terminals that support no cardholder verification. Apparently this is to encourage merchants that deploy unattended chip terminals to support no verification for Visa in addition to PIN for the other brands.

 

How will the liability shift impact laundry merchants?

In practical terms laundry merchants rarely contest a charge back today. The cost of contesting a $15, or $20, charge back is much greater than the cost of the charge back. AND, charge backs today account for less than one-tenth of one percent (.1%) of laundry credit card charges.

Because our industry sees a low number of charge backs and very little benefit in disputing charge backs, the liability shift occurring in October of 2015 will have little if any impact on the small ticket laundry market.

What impact does EMV have on your PCI compliance status?

PCI compliance is a separate issue from EMV acceptance. PCI compliance must be maintained for all systems accepting credit/debit cards whether or not they are accepting EMV capable transactions.  The rules that govern cardholder data, network protection, application security and other factors will also apply to EMV transactions. A merchant is responsible for maintaining and complying with the PCI standards irrespective of EMV acceptance.

 

If  CCI products aren’t EMV and my systems are hacked, am I liable?

Our laundry systems are designed to move responsibility for accepting, transmitting, authorizing, and settling card holder data away from our laundry operator customers and onto our shoulders. We follow PCI  guidelines in our data centers and employ the latest in encryption techniques. Our systems never store any cardholder data.

Fortunately, for the laundry provider, CCI’s laundry systems are designed to nearly eliminate the possibility of a ‘hack’. We do this by encrypting magnetic stripe data and employing prepaid cards/accounts that shield the customer’s card information from hackers. By encrypting the customer’s card information, we are removing the ability for a hacker to access clear text data that could be monetized. Additionally, our laundry systems encrypt the transaction before leaving the laundry controller before the transaction is sent for authorization. The result is two factor security that makes it very difficult, if not impossible, to compromise.

The combination of the security techniques we use along with the fact that Laundromats not being a profitable target for would be hackers, the chances of a ‘hack’ are immeasurably small.