Transitioning to Chip and Pin Technology: What Retailers Need to Know about the EMV Mandate
As data breaches become more common among retailers and financial institutions, new security measures are proving to be an essential factor in protecting consumer data. Recently, multiple multi-national corporations have fallen victim to monumental data breaches, and in the process compromised millions of accounts belonging to individuals and businesses. These institutions unknowingly handed over millions of credit and debit card numbers, putting consumer financial information at risk.
Currently, U.S. credit and debit card systems are based on magnetic stripe reader (MSR) technology which, in light of recent events, has proved ineffective at impeding cyber theft of consumers’ financial information. In an effort to counter these threats, integrated payment technology will become increasingly important in the U.S. as a preventative measure against future cyber-criminal activity.
An alternative to MSR has recently been proposed as a more effective payment technology solution. Europay, MasterCard and Visa (EMV), also known as chip-and-pin smart card technology, which was first adopted in Europe in 1992, embeds a chip in cards which is linked to a pin number assigned by the card user. After swiping a card, the point of sale (POS) terminal connects to the chip embedded in the card and in order to complete the transaction, the customer must enter a four-digit PIN, minimizing the risk of card-stealing malware that lets thieves create counterfeit copies of cards that customer’s swipe.
This technology is already seeing tangible results in Europe, minimizing risk for cardholders and retailers. In fact, the United Kingdom Cards Association has reported that the adoption has helped reduce fraud from counterfeit cards by 70% between 2007 and 2012.
The transition from MSR to EMV has already begun in the U.S and has been catalyzed by credit card issuers. On October 1, 2015, retailers will be required to become EMV compliant due to the mandate commissioned by Visa and MasterCard, or they will be held liable for any fraud as a result of not complying. Additionally, the U.S. Government has also taken up the charge to prevent future credit card breaches. President Obama recently signed an executive order requiring increased security measures for federal credit cards as well as microchips and PIN numbers in government credit and debit cards starting in January. This mandate has required retailers to reconsider their mobile payment technologies and move towards more secure mobile devices that integrate pin and chip payment technology.
By the end of 2015, 70 percent of U.S. credit cards and 41 percent of U.S. debit cards will have security chips, according to the Aité Group. Credit card companies are leading the charge by educating their issuers, processors and merchants of the forthcoming change with an emphasis on the new technology’s fraud reduction capabilities. Hurdles still remain, however, in transitioning to EMV in the U.S.
Implementation of EMV hardware and software products into the current retail store payment technology will undoubtedly be a difficult process with the dependence the U.S. currently has on MSR technology. Despite initial costs of updating millions of POS devices and exchanging current consumer cards with ones equipped with chip and pin technology, nothing is more important than protecting consumer data from potential security threats. Some merchants and financial institutions have already begun the process of meeting payment card industry compliance standards by upgrading their systems or modifying their products to adapt to EMV hardware/software.
While initial costs of POS replacement may seem high, no retailer can afford to lose the consumer confidence that may be squandered following a data security breach.