Listed below is the initial information that has been circulated by the Payments industry to help you begin to understand the upcoming changes as the United States moves toward new payment types. We will update this information as more becomes available to us regarding the acceptance of Chip-enabled cards and your Aloha POS system.
- EMV stands for Europay. Mastercard. Visa. (Even though American Express and others are also included) and basically refers to payment cards that will have an embedded chip. These are also sometimes referred to as “Chip and Signature” or “Chip and PIN” cards.
- It is a Liability Shift. and NOT a law. On October l”, 2015, the liability for the use of fraudulent payment cards will shift from the issuing card brand or bank to the business in the payment chain that is the least ready for EMV. (The “chain” is card brands [Visa, MC1 AMX, etc], the issuing banks, the payment processor [i.e. Paymentech, World Pay], and the merchant). This means that after 10/1/201S if a merchant accepts a payment card with a magnetic stripe, and that card turns out to be a fraudulent card (stolen, duplicated, or otherwise fraudulent), then the merchant that accepted the card will be responsible to return the amount of the sale. Currently, merchants already receive some 11charge-backs” from card companies, and after 10/1/2015 these will not be refutable for fraudulent cards if the merchant is the least EMV-ready in the payment chain. Today, most fraudulent cards are used in big-box retailers or on-line retailers to buy high-end merchandise that is later sold for cash on the black market. The same is generally not true for merchants of prepared food (restaurants) today. However, we do not yet know how criminals will try to capitalize on the steadily dwindling number of merchants that are not EMV-capable. It is reasonable to assume that consumer demand will drive restaurateurs to accept EMV cards as these cards become widely used.
- EMV Cards Will Require some New Hardware: The payment processors each have choices of what hardware they will interface to, and in what order they will add support for other hardware types. The hardware includes both stationary, tethered pa yment terminals that attach directly to a POS terminal – For QUICK SERVICE or counter-service operations, and also wireless terminals that will be taken to a table
to complete a transaction in TABLE SERVICE operations. There are a few different manufacturers of payment terminals, and different models offered by each manufacturer. Multiplied by the number of processors that each have proprietary communication protocols, and then multiplied by the number of different POS companies times the various software versions that they each have, the number of permutations gets very large very quickly. REGARDLESS of this, Aloha will have options available for its customers that are available by the 10/1/2015 deadline. The exact pieces of hardware and the associated costs are not yet finalized, but we expect to have a clearer picture of all of the immediate options and the associated costs by sometime in June.
- In the Mean Time: It is also reasonable to assume that criminal hackers will divert their criminal attacks to those merchants that are the most vulnerable , those that are not EMV capable and/or those that do not have a quality managed firewall and Network Security Company! It is a good idea for our customers to make sure that they have an Aloha software Membership Plan (software upgrade agreement) in place, since this is a requirement of PCI compliance anyway. Also, it is definitely prudent to invest in a quality Managed Firewall (Network Security Company) that also offers secure WiFi coverage to the entire seated dining area in preparation for wireless mobile Pay-at-the-Table appliances (for Table-Service operations).
We can help with that.
There are Competing Payment Options: Unlike in Europe and Canada when they switched to chip-enabled cards, today there are Apple Pay, Google Wallet, and other Near-Field-Communication (NFC) payment options that are competing for dominance in the payment world. These will also require a specific functionality of hardware payment terminals. Some merchants would like to have payment terminals that are multi-functional so that they can take all of these payment types with a single device. Development of these multi-functional terminals is proceeding at a rapid rate, and we want to make sure that we are bringing all available options to our customers before we present them for sale.
Finally: And perhaps most importantly, Point-To-Point-Encryption (P2PE) is technology that makes it exponentially more difficult for criminal hackers to breach the merchant’s payment environment in the place of business and obtain card-holder data. It is important to all of us that P2PE be present in all new payment devices. NCR and HCS are aware that our restaurant merchants have more potential threat from criminal hacking than from the use of fraudulent cards (obtained from hacking other merchants) in our customers’ businesses. Thus, we’re seeking the payment devices that contain P2PE technology, no matter what new payment type they are designed to accept.