June 2017 was a whirlwind in Nashville, a city buzzing with nonstop excitement. The Country…
EMV Myths Debunked
Heard about EMV, but you’re not sure what’s real and what’s not? Be aware of these common myths surrounding EMV and stay in control of when and how you want to implement EMV in your restaurant.
On October 1, 2015, a liability shift is occurring as it relates to who is responsible for paying for chargebacks for counterfeit cards that are used at a restaurant. Between the bank that issued the credit card, the restaurant and the payment processor, whoever is least prepared to accept EMV-enabled payment cards will now be responsible to pay for the chargebacks.
Myth #1: Implementing EMV in your restaurant is required and will be enforced by a government regulation or security council.
If you are a U.S. restaurant operator, no government agency or industry association is requiring you to implement EMV. You will not be fined if you do not implement EMV by the often referred to “deadline date” of October 1, 2015. This is not a deadline. It is your decision whether or not you want to implement EMV – there is no requirement.
Myth #2: EMV is a requirement for complying with PCI Data Security Standards.
You don’t need to implement EMV in order to be compliant with PCI Data Security Standards. While EMV can be one component of your data security strategy, it is not required nor mandated by PCI Data Security Standards, nor will implementing EMV make you PCI compliant.
Myth #3: Once you implement EMV, you will no longer be able to accept credit cards with magnetic stripes.
Believe it or not, magnetic stripes on credit cards are going to be with us for quite some time. If you’re EMVready, when a customer pays with an older magnetic stripe credit card you’ll simply swipe it through your new payment terminal’s card reader. So regardless of whether or not you have implemented EMV, you’ll be able to take all credit cards in your restaurant.
Myth #4: EMV protects your restaurant from a data security breach.
Remember – implementing EMV alone will not protect your restaurant from being hacked. While EMV helps protect you from counterfeit card use, it’s not the end-all, be-all of restaurant data security. There are measures that you can put into place that are not provided by EMV – such as encrypting credit card data as it passes through your network – that will safeguard your restaurant from a data breach as well as give you greater peace-of-mind.
Myth #5: EMV will rapidly achieve mass adoption by both credit card issuers and other restaurants.
Estimates are that only 20 to 30 percent of cardholders in the United States will have new EMV-ready cards by October 1, 2015. Meanwhile, industry experts are saying that it will take at least 3-5 years in order for EMV to reach full acceptance in the U.S., and in Europe the adoption took much longer. So know that it’s going to take a while for everyone to finally make the transition to EMV.
Myth #6: If you don’t implement EMV, you won’t be able to accept credit cards after October 1, 2015.
Even if you don’t implement EMV-enabled payment devices by October 1, your business will still run the same as it did on September 30, aside from the liability shift. Both older magnetic stripe cards and newer EMV cards can be accepted by non-EMV merchants, as the new chip cards will also have magnetic stripes available for that very reason.
Myth #7: Transitioning to EMV is as simple as plugging in a new payment terminal.
Making your restaurant EMV-ready can involve lots of discussions, questions and planning about many different things: your POS system, your payment processor and the right kind of payment terminal devices. It’s also crucial that you understand the impact that EMV technology will have on your operation; be prepared to train your staff appropriately and assist customers with using their EMV credit cards.
Myth #8: You do not need to worry about PCI Data Security Requirements if you use EMV.
This statement is not true. EMV chip technology improves the security of processing credit card transactions, but does not remove your requirement to comply with the Payment Card Industry Data Security Standard.