If you work in the payments industry or accept credit cards, you probably know that the EMV (Europay/Mastercard/Visa) standard became the standard in the U.S. about a month ago.
Sort of.
OK, let’s back up. The EMV system is, at its most basic, a move away from the “swipe and sign” system used in the U.S. but in few other places around the world. The magnetic stripe at on the back of your credit cards is being replaced by a more secure chip. This makes it much harder for bad guys to steal data.
Here’s a great graphical explanation from the EMV Migration Forum. When you swipe your card at a merchant using our current magnetic stripe technology, here’s what floats through cyberspace:By comparison, here’s a representation of what the chip transmits:Clearly, the chip is harder to crack than the stripe (there’s more to it than this, but this is a easy-to-understand graphic illustration). Moving forward, consumers will also be asked to enter a PIN code to complete purchases rather than simply signing a receipt (and let’s face facts, how many times has the kid at the coffee shop looked at your signature?) However, the U.S. is implementing the PIN portion over the next several years, with Forrester predicting it won’t be widely implemented until 2020.
What Does All This Mean for Customer Communications?
Unfortunately, we’re talking about a great deal of (reasonably boring) technical and financial detail being fed to an audience that, for the most part, doesn’t care. They just want to use their credit cards. So what should you be telling your customers? Here are a few key points:
- Make sure your employees have at least a basic understanding in case there are questions from customers. Research shows most consumers are not yet fully aware of what EMV means, but as more banks send out chip cards and more merchants adopt the technology, more questions will arise. Not every clerk needs to be trained for a deep dive conversation, but a general awareness and key timing (“we expect our new equipment within the next few weeks…”) shows you’re on top of everyone’s best interest.
- If you have EMV equipment, educate your employees how to tell your customers why this is good for them. One of the primary points of the 10/1/15 implementation date is who has to reimburse the consumer for losses if there is a breach. Before Oct. 1, if you fell victim to credit-card fraud, your issuing bank covers the costs. After Oct. 1, the liability shifts to the retailer if they haven’t yet installed chip-enabled readers. On the other hand, if a retailer has chip-enabled equipment, but your issuing bank hasn’t sent you a chip card yet, the liability still falls with the entity not using the latest equipment. Letting your customers know you made this investment to help with overall security for both of you is good for your business. You might even consider making handouts for your curious customers (like me). Your payments provider may have something you can use.
- If you haven’t gotten your equipment yet, be prepared to inform customers who ask. New credit card terminals aren’t cheap, so it may not be in your budget to update immediately (I get it… I own a small business as well). That said, be prepared to let customers who ask know what your plans are. It’s also good to shop around. You might be able to find offers for discounted (or even free) equipment from processors who want to earn or keep your business.
Let’s be direct: this is a big deal for merchants and consumers alike. According to a 2013 National Small Business Association survey, nearly half (44 percent) of small businesses who responded had experienced at least one data breach with an average cost of more than $8,000 each. That’s a little scary for consumers. The big banks (love them or hate them) can cover my costs. The local pub down the street? That’s certainly something to be considered.
If you’d like more information, here are some good online resources: