To explain, I sat through a perfectly well informed and accurate EMV panel discussion yesterday. The panelists reacted and performed much as I have done in the past. They talked about online PIN, offline PIN, debit complexity, kernels, contact, contactless, timelines, and blah, blah blah. In short, they covered all the bases in an accurate and efficient manner.
Well done guys. During this actually quite lively discussion, the audience was deeply and enthusiastically engaged – with their smart phones.
EMV is a pretty big deal, so why was this audience lost to their own devices? From my perspective, the message has simply been lost. Stepping away from yesterday’s panel, the EMV discussion has largely been dominated by technical implementation details which, while important, are overshadowing the big picture. Don’t get me wrong, these details are extremely important, but why would a typical merchant care?
Ultimately, merchants don’t and won’t care about these details as, quite simply, they are going to be somebody else’s problem.
So let’s get the discussion back to what Merchants should be caring about in regards to EMV. To that end, let’s start with “Why?”
While there are potentially lots of reasons, I will point out the three most direct:
- Decrease corporate exposure to card data breach risk
- Eliminate duplicate card fraud chargebacks
- Provide for better customer service
Clearly merchant sectors and even individual merchants will assign different weights to these reasons and as a result will ultimately formulate their adoption plans. Those adoption plans can and should be relatively simple as the complexity will ultimately be shouldered by their vendors.
That said, instead of being dragged down into the minutia of the technical implementation, let’s focus on practical advice that merchants can use right now.
That said, here is my abbreviated version of EMV for Merchants:
- EMV is coming to the US. Yes, it really is. The infrastructure and incentives are finally in place for the issuers. Big box retail will lead (e.g. Wal Mart) as the liability shift is a real and meaningful number to them.
- EMV doesn’t eliminate the need for PCI Compliance. A couple reasons for this: 1) EMV transactions present PAN and expiration date in the clear which could, in theory, be used for online purchases, and 2) the magstripe-to-EMV migration is going to be long and therefore there will be an extended amount of time where full track data will be present in merchant’s systems.
- Acquirers will be first to adopt, per the mandates, while POS system providers will ultimately be pulled along by the merchants. For some verticals, this will mean availability of solutions in the middle to end of 2013. For others, availability may not occur until 2014.
- Living with EMV will not be the same as living with Magstripe. First, the transactions are going to be slower due to the interaction between the POS and the chip on the card. Second, the card accepting terminals will need to able to be maintained overtime.
So with that ground work, here is the short list of “What Merchants should be doing now.”
- Assess your company’s desire to support EMV based on the primary reasons provided above as well as any ancillary factors.
- Understand the high level processing requirements:
- EMV accepting terminal (both contact and contactless)
- POS software changes to accept and transmit the new data elements and
handle the transaction flow differences
- Acquirer / Gateway interface spec changes.
- Develop / modify their EMV card accepting terminal plan.
- If already have terminals in the field today, implement a plan to start
replacing terminals with EMV ready terminals. Further, determine a target
for full replacement with liability shift dates in mind.
- If no terminals in the field, then review options and work with POS providers
and determine solution availability dates. To be clear, don’t solve the EMV
problem now. Rather you should be putting in the rails for EMV so that it can
be enable it at the appropriate time.
- Understand the Visa / MC incentives as deploying EMV accepting terminals sooner or in a more directed fashion may have an impact on compliance reporting requirements and overall breach exposure.
- Stay informed, but keep out of the weeds. That is to say that understanding high level info is going to continue to be important, but monitoring the impact of the Durbin Amendment on the transaction flow of debit cards is simply not going to be a good investment of time for most merchants.
- Keep an eye on the bigger picture. The changeover to EMV accepting terminals provides for an unparalleled opportunity to materially change the way you interact with your customers. Pulling in marketing, finance, operations and IT to create a retail vision for your interactive consumer payment terminal will ultimately provide for a solution which has the desired look and feel, takes advantage of emerging payment technologies which can lower acceptance costs, streamline operations, and create a more secure payments environment.
As we continue to ride this wave of change in the payment space, there are a multitude of challenges. Focusing on the bigger picture associated with creating a flexible, reliable payment infrastructure, which will ultimately provide the platform for EMV acceptance, should be the near term goal. Achieving this goal will ultimately make the enablement of EMV, or really almost any other card based scheme, relatively easy.