-For more infomation on how to protect
your business contact TRCG
If you are a U.S. retail store operator, no government agency
or industry association is requiring you to implement EMV.
You will not be fined if you do not implement EMV by the
often referred to “deadline date” of October 1, 2015. This is
not a deadline. It is your decision whether or not you want to
implement EMV – there is no requirement.
However, since the liability rules change on October 1,
any retailer that hasn’t implemented EMV by this date
may be liable for a fraud resulting from a magnetic -
If you don’t implement EMV, the merchant does not automatically incur liability for all fraudulent electronic transactions. The liability shift applies to whomever is not able to process EMV transactions. If the issuer does not provide EMV capable cards or the acquirer is unable to process EMV transactions the liability will apply to them instead of the merchant. For the liability to shift to the merchant, an EMV card must be processed at the site by an acquirer that supports EMV transactions on a payment terminal that does not support EMV.
Even if you don’t implement EMV-enabled payment devices by October 1, your business will still run the same as it did on September 30, aside from the liability shift. Both older magnetic stripe cards and newer EMV cards can be accepted by non-EMV merchants, as the new chip cards will also have magnetic stripes available for that very reason.
Making your store EMV-ready can involve lots of discussions,
questions and planning about many different things: your POS system, your payment processor and the right kind of payment terminal devices. It’s also crucial that you understand the impact that EMV technology will have on your operation; be prepared to train your staff appropriately and assist customers with using their EMV credit cards.
Believe it or not, magnetic stripes on credit cards are going
to be with us for quite some time. If you’re EMV-ready, when a customer pays with an older magnetic stripe credit card you’ll simply swipe it through your new payment terminal’s card reader. So regardless of whether or not you have implemented EMV, you’ll be able to take all credit cards in your retail store.
Remember – implementing EMV alone will not protect your retail store from being hacked. While EMV helps protect you from counterfeit card use, it’s not the end-all, be-all of store data security. There are measures that you can put into place that are not provided by EMV – such as encrypting credit card data as it passes through your network – that will safeguard your store from a data breach as well as give you greater peace-of-mind.
EMV and Point-to-Point Encryption (P2P) are two separate
technologies that address different security concerns and require independent implementations. EMV focuses on securing credit card counterfeit fraud while P2P focuses on securing track and account information in store systems. EMV transactions without P2P will expose track equivalent data and account information in the clear to payment applications. As a merchant you must decide if you want to implement P2P capabilities in addition to EMV and confirm that both your host and pin-pad provider support a common encryption scheme required for implementation.
Estimates are that only 20 to 30 percent of cardholders in the
United States will have new EMV-ready cards by October 1, 2015. Meanwhile, industry experts are saying that it will take at least 3-5 years in order for EMV to reach full acceptance in the U.S., and in Europe the adoption took much longer. So know that it’s going to take a while for everyone to finally make the transition to EMV
To comply with Durbin’s routing requirements, debit cards for the US market will include two or more AIDs. The cards will include Global AIDs that will enable cards to be processed with the card brand (e.g. Visa, MC, Amex, Discover) and US Common AIDs that will enable cards to be routed to the merchant’s debit network or choice. Until support for the US Common AID is implemented, POS
systems may process these cards using the Global AID that is specific to a single processor. This will still allow cards to be processed, but will not enable cards to be routed to the merchant’s processor of choice. Further, in most cases the Global AID will result in the cards being processed as Credit transactions, which will restrict the ability to offer cash back or fuel using debit specific pricing.
You don’t need to implement EMV in order to be compliant with PCI Data Security Standards. While EMV can be one component of your data security strategy, it is not required nor mandated by PCI Data Security Standards, nor will implementing EMV make you PCI compliant.
2016 | DESIGN BY THE RETAIL COMPUTER GROUP