Editor’s Note: This is “Part 2” of a 2-part series. “Part 1: Who Is Responsible for Losses?” we published previously.
This article is mostly for brick-and-mortar retailers, as the October 2015 rule changes, which I discussed in “Part 1,” are specific to card-present merchants. However, ecommerce merchants should understand the potential impact, as some observers predict that EMV’s added security at the card-present level will result in more fraudulent transactions for cards not present.
Currently, card-present counterfeit losses are generally the responsibility of the issuing bank. However, on October 1, 2015 the card companies are changing the rules for that responsibility.
On that date, the lowest form of security will be responsible for these chargeback losses. That means a card-present merchant will likely be responsible for the chargeback loss if a transaction involved counterfeit card with a chip embedded, but the merchant did not have a point-of-sale device that could properly read and transmit EMV chip card information.
Therefore, the first decision merchants need to make is whether they want the financial responsibility for these chargebacks or, alternatively, if they want to invest in the proper POS device to read and transmit EMV chip card information.
I suspect the card companies are hoping that the liability shift will convince most merchants to obtain EMV POS devices. However, having the EMV devices could help merchants serve their clientele, as cardholders are concerned about identify and card theft and many will presumably appreciate the added security of EMV.
In fact, as a consumer I’m already irritated by major retailers that cannot process my chip cards. Cardholders will likely learn to appreciate the added security of EMV. If so, how will your customers view your business if you can’t process the chip card information?
Also, bad guys tend to go to the point of least resistance. If you cannot process the EMV chip card data, you may be the point of least resistance. This is also the reason why some entities believe ecommerce merchants will see more fraudulent transactions. Therefore, ecommerce merchants should discuss potential increases in fraudulent activity and any information and tools the provider has to prevent it.
EMV Factors to Understand
- PIN-enabled devices. Most chip cards will likely be “chip-and-signature” versus “chip-and-PIN.” In other words, the cardholder’s signature will be required instead of a PIN number. However, some issuers may require their cardholders to use a PIN number, which may create difficulties and added cost for certain merchants.
For example, restaurants generally have their POS devices away from the cardholder. Those restaurants may have to invest in wireless EMV PIN pads or other solutions to enable chip-and-PIN at the table. Also, service businesses, such as physicians’ offices, often have their POS devices behind the front desk window. They may need to buy an EMV PIN pad that connects to their POS device, so customers have privacy while entering their PIN number.
- Apple Pay requires NFC capability. Not all providers can currently process Apple Pay, even if you have a NFC receiver, because Apple Pay uses a format called tokenization so customers don’t have to enter their card information at the POS device.
- Chip cards can be processed as contact or contactless. An EMV POS device should recognize a chip card if it is swiped, and prompt the merchant to insert the card in the EMV slot, to read the chip data. In this case, the card is left in the slot during the entire transaction process.
Some POS devices and PIN pads have NFC (near field communication) capability to enable a contactless transaction. NFC capable devices can read the chip information if the chip or other NFC enabled devices, such as a cellphone, are placed within a couple inches of the NFC receiver.
- Merchants that have software-based POS systems should discuss EMV with their POS provider. Not all POS systems currently have an EMV solution. Therefore, merchants should make EMV part of the discussions when reviewing different POS systems.
- Merchants should train their staff on EMV acceptance. Visa offers a PDF brochure on EMV that can help. Also, VeriFone, a terminal manufacturer, has produced this video, which is helpful.
What Should EMV POS Devices Cost?
The good news is this: If you have obtained a new terminal in the last two or three years, it is likely EMV capable. It may require an upgrade and your provider may have a swap-out program at a reduced cost or no cost to enable chip card processing.
If you need a new EMV terminal or PIN pad, realize that it generally costs the provider $200 to $300 for a new EMV terminal and roughly $100 to $125 for a new EMV PIN pad. Wireless devices are more.
What you will pay is up to your provider’s business plan and your negotiation skills. I’ve found most reputable providers are not charging more than $350 for an EMV terminal and $150 for an EMV PIN pad. If you have a salesperson that is willing to review your needs, recognized the value of that service, as well as the salesperson’s travel and time when determining a reasonable cost.
Lastly, as I’ve written many times, I detest lease programs. I have heard of EMV terminals being leased for up to $99 per month for 48 months. If your provider or salesperson tries to lease the equipment to you, find a new provider — for more reasons than just the equipment lease.
The purpose of this series is to provide a general overview of EMV chip cards, the liability changes on October 1, 2015, and the decisions card-present merchants will have to make specific to EMV acceptance. Merchants must discuss specific needs with their provider, salesperson, and POS vendor to ensure they meet the October 1, 2015 liability requirements.