This is the fourth post in our series on implementing EMV. If you’d like to catch up, here are links to the previous posts:
Step 1 – Hardware and Environmental Considerations
Step 2- Software Changes and the Impact on Merchants
Step 3 – Certification Requirements
Training Associates & Customers
Operationally EMV cards are going to significantly impact merchants. Most notably, we are very quickly going to move from a “hand the card over to be swiped environment” to a “consumer self-insert or self-tap” environment. Further, the implementation of the PIN entry technology may require PIN entry for some transactions and not for others at the same merchant. As such, not only will store associates need to be trained to handle the new transactions from a POS perspective, but these associates will need to be trained sufficiently to help novice EMV card users through the transaction process.
A further operational consideration for EMV transactions will include back office procedures including chargeback handling and potentially other back of the house tasks. These back of the house operational changes will become clearer as the acquirers and others in the payment ecosystem start actually implementing the systems to support EMV transactions. The take away here is that there should be an understanding that both POS system operation and back office processing will be impacted by the implementation of EMV.
As briefly mentioned above, consumers will also have to be trained to use EMV cards. This is going to be especially confusing for consumer as the initial cards will have both a mag-stripe and a chip. Those consumers will expect equivalent functionality at all merchants and instead may be prompted to insert their cards after swiping at EMV enabled merchants. Much in the same way that cashiers anticipate the failures to act of consumers standing at terminals today, these same cashiers will need to understand that EMV transactions are a possibility and dual interface card holders are going to be prompted to insert instead of swipe and thus able to direct the consumers accordingly.
Further, the timing of the insert in relation to the swipe is going to change. In today’s environment, we have been trained to swipe essentially as soon as the transaction has been initiated at the POS. In an EMV environment, one can’t insert their card until the final transaction amount has been received by the card accepting terminal.
Also of note is that the requirement for PIN is potentially optional based on the dollar amount of the transaction. Consumers who use PIN today are not variably prompted, so this will be a bit of a change for them as well.
All in all, it is likely easy to underestimate the impact on store operations associated with consumer training, but it is a very real consideration and should be taken into account while developing associate training plans.
While the four steps provided throughout this series of posts are the fundamental steps associated with supporting EMV transactions, there are a few other considerations which should be factored in when developing a plan for support.
As noted in the second post in the series, (1) card accepting terminals will need to be maintained much more actively than in the past. Developing a maintenance plan for these devices which includes an ability to push software updates either through a service like VeriFone HQ or through other mechanisms provided by other environment provides will be key.
(2) Threshold Monitoring – Visa and MasterCard have incentives in place for achieving certain percentages of transactions initiated at EMV Contact and Contactless accepting terminals. For Visa, achieving these thresholds allows the merchant to skip compliance reporting for that year. In the case of MasterCard, merchants that meet the thresholds get relief from ADC (Account Data Compromise) fees and penalties. With those in mind, a good EMV implementation plan should thus target threshold achievement at the earliest possible date. Further, it is a good idea to make sure that you as the merchant are able to accumulate this data independently as providers throughout the system may not be prepared to provide this data when it is needed.
(3) PCI Compliance – This has been stated a number of times, yet it is worth stating again. Adoption of EMV card accepting terminals and the associated infrastructure does not alleviate the need for PCI Compliance. EMV cards pass the PAN and other card data in the clear to the terminal and the terminal to the host. Thus implementing scope eliminating technologies such as end to end encryption and tokenization, and continue PCI DSS compliance is an ongoing requirement. To be very clear, even if an on-site audit is no longer required, merchants are required to maintain PCI compliance and are ultimately responsible for any breaches.
(4) Future Proofing – Moving forward with EMV is not going to be an insignificant investment for merchants. As such, specific care will need to be given to the ‘bilities’ (Flexibility, Reliability, and Maintainability) in order to maximize dollars spent both on the capital as well as on the ongoing ownership of the devices. Selecting partners with long histories of excellent Flexibility, Reliability and Maintainability will pay dividends for years to come.
Overall, support for EMV is going to change several different aspects of the card processing environment for merchants. The good news in this situation is that providers like VeriFone have extensive experience bringing this specific technology to market and are well positioned to help merchants throughout the analysis, planning and implementation process.