Ordering | June 2015 | By Bryan Reesman

The EMV Evolution

As banks and consumers move to chip-protected credit cards to prevent fraud, operators must be ready to adapt.
QSR restaurants use new EMV point of sale to follow guidelines.
In October, operators who do not use an EMV system will be held responsible for fraudulent transactions. first data

For many years, Europe has had stronger protection against credit card fraud than the U.S. But now that technology is making its way stateside.

Scores of retailers, including quick-serve operators, will begin using EMV chip card technology to more effectively combat the pervasive and costly problem of credit card fraud. Although merchants who do not switch over to EMV (which stands for Europay, MasterCard, and Visa) will not be fined, they will be liable for any fraudulent transactions beginning in October.

The EMV system is different in that the credit card contains an embedded microchip that authenticates transactions by sending a special code from the card to the card issuer via a merchant terminal. Once the issuer confirms the card’s authenticity, the transaction goes through. While credit card transactions will take a few seconds longer, they will be more secure.

In the past, the costs of an EMV system, including production and infrastructure, have hampered its adoption in the U.S. First Data, one of the largest electronic payment processors in the world—handling 45 percent of electronic payments in the U.S.—has teamed up with Oberthur Technologies, a French company specializing in digital security, to jointly produce chip cards stateside.

“I think the move here will be in two phases,” says Vini Letteri, global product lead for First Data’s tablet-style POS system, called Clover. “It is how it happened in Canada as well: The initial EMV move was to chip and signature, where you insert the card and then sign. Then step two, which is where Europe is now and is the most secure system, is chip and PIN.” In this system, customers enter a PIN number associated with the card to verify the transaction’s authenticity. Letteri says that while First Data is creating devices capable of chip and PIN, many other devices can only do chip and signature. “That’s why I think you’ll see a bit of a two-step process,” he adds.

Two online educational resources, the EMV Migration Forum and VisaChip.com, can assist merchants and acquirers in dealing with this POS shift from informational and implementation standpoints. Merchants interested in learning about the minimum terminal requirements in the U.S. and how to migrate to the new POS system can visit the EMV Migration Forum online. POS terminal vendors can help operators assess whether a terminal is chip-ready, what next steps are required, and if operators need to download new software or replace their system.

Once incorporated, EMV technology can thwart fraudsters. Under the current system, thieves can copy standard magstripe data to create counterfeit cards. With EMV, they will be unable to bootleg a chip-based card.

“Over 80 percent of the fraud that happens today is as a result of a data breach, and most of that turns out to be counterfeit,” says Stephanie Ericksen, vice president of risk products at Visa. “Over 60 percent of the fraud we see in the face-to-face environments is counterfeit.” But, she adds, despite its large size, fraud is at an all-time low; for every $100 transacted through Visa, less than 6 cents is stolen globally.

Letteri says the few extra seconds it takes for credit card transactions to go through may quietly exasperate some consumers accustomed to faster charging times and encourage an increase in mobile payment systems like Apple Pay. Ericksen also thinks a move to mobile payments could happen in lieu of a new chip-and-PIN system that would be pricy to implement.

“The same technology that we use for chip is the same field, the same security, and the same message format that we use for mobile and tokenization and the security behind Apple Pay,” Ericksen says. “It’s laying that infrastructure and also paving the way for innovation.”

Jim Melvin, CEO of e-commerce and mobile technology company AppSmyth, does not believe EMV technology has heavy ramifications for the quick-serve world. He represents approximately 20 limited-service brands with 35,000 units across the U.S. “Of those 20 brands, not a single one said they were going to implement EMV for EMV’s sake,” Melvin says. Still, after looking at various scenarios including data breaches, three clients did convert to EMV for increased protection, which would safeguard them from paying for fraudulent charges.

Fraud within the quick-service sector is likely smaller because of the perishable nature of the products being sold, Melvin says. “It’s not like somebody overseas is going to steal it,” he says. “People do that with refrigerators at Best Buy; they don’t do it with hamburgers.” He adds that one of the chains does $1.3 billion in sales and thought fraud might reach $2,000–$3,000 annually, but an EMV upgrade could cost it approximately $800,000.

Quick-serve operators still have security issues to contend with given the high volume of transactions they process.

“They’re continuing to invest in encryption, tokenization, and other security methods in addition to EMV to make sure that not only each transaction is secure, but that their systems are being shored up and reinforced in case hackers want to steal the data out of their system,” Ericksen adds.

Add new comment