Foreword Online

Ideas, information and industry news for collegiate retailers



EMV: the Tip of the Credit Card Security Iceberg

Posted by Chris Bovi on 10/28/15 12:00 AM
Topics: college retail, retail technology, data security

Whether you’re a systems provider, merchant services person, banker or an actual retailer, many folks in retail have spent the last 18 months talking about EMV. For those of you who might have spent the last year or two on a mission trip to the Amazon, EMV stands for "Europay, Master Card and Visa." This encompasses what we’ve taken to calling “chip cards.” They replace the mag stripe that has graced our credit cards for almost 40 years, and provide a greater level of security.

EMV

Whether you’re a systems provider, merchant services person, banker or an actual retailer, many folks in retail have spent the last 18 months talking about EMV. For those of you who might have spent the last year or two on a mission trip to the Amazon, EMV stands for "Europay, Master Card and Visa." This encompasses what we’ve taken to calling “chip cards.” They replace the mag stripe that has graced our credit cards for almost 40 years, and provide a greater level of security.

How does this chip do that? First, it makes the cards harder for counterfeiters to "clone." The chip is more difficult for criminals to read the data from, and makes counterfeit cards much harder and more expensive to produce. Secondly, the chip interacts with the payment terminal whenever you use your card. It tells the terminal how to validate you — by PIN or signature — and then creates a unique transaction number for the pin pad to use in place of the credit card number, as what happens now. This is why you must leave your card in the terminal for several seconds during a transaction, instead of just swiping it.

So we’re good, right? Credit card fraud will be banished forever! Not exactly.

EMV helps to protect the consumer’s card, and keeps physical in-person transactions from fraud, but only EMV cards have this benefit. As you might have noticed, mag stripes (even on the new chip cards) are still prevalent, and will be for many years to come. Part of that is the fact is that there are somewhere between 800 million and 1 billion cards in the United States to be converted. The other issue is that ATMs and gas pumps will not need to have EMV readers until 2017. So until we reach those milestones, many (or most) of your transactions will still be of the “less secure” swipe variety.

Plus, there are NFC payments too. What are those? It stands for “Near Field Communications,” which for most is likely better known by Apple Pay or Android Pay. These payment applications allow your customers to pay with their smartphones by placing them near or on the pin pad. Much like EMV, the app creates a unique transaction number for the pin pad to use instead of the credit card data. Many think this is a superior process to EMV and in short order will become as popular, or more, with consumers.

So what are you to do to reduce your risk of fraud and data breeches as a retailer? The best thing you can do is to first eliminate the card data from ever interacting with your Point of Sale System. Secondly, encrypt the payment data as soon as it is presented, no matter what type of payment it is — EMV, NFC or mag stripe.

You do this by implementing what is known as “Point to Point Encryption,” or P2Pe. In the model MBS plans to deploy, the payment data will be encrypted by the pin pad and then passed from the pad to your credit card processor (Authorizer) without interacting with the POS software. It will also provide the payment data with your tokenization service, who in our case in Paymetric, so the data can be safely stored for future use — such as returns, refunds and overdue rentals. The token and the approval come back to the pin pad, which then shares that information with the POS System. At no time did your POS software see, store or have access to your customer’s payment data. The token and approval are what are stored.

Now no matter what the payment type is, you can assure your customers and administration while ensuring you are using the best practices to make sure data is safely handled and in such a way that limits the exposure to fraud to a bare minimum.

The payments industry is evolving and changing rapidly, and each year new technologies and threats emerge. While NFC and EMV will grow in popularity and will likely be around for some time, it’s almost certain that another technology, like biometrics, will come to the marketplace. Your job will be to provide your customers that convenience with the best practices to protect their information. Be assured that MBS will continue to be there adopting these new technologies and bringing them to your store.

About Chris Bovi

Chris joined the wholesale division of MBS in 1993. In 1998, Chris joined Systems Division at MBS as a Systems Sales Consultant for the east coast. His current responsibilities include working with current MBS Systems customers educating them on new products and services, along with upgrade planning and consulting on technology. Chris also works with prospective customers; evaluating their technology needs and putting together solutions from MBS to help them meet and exceed their goals. Chris is based out of Charlotte, North Carolina.

Article comments