EMV: Frequently Asked Questions
Within the last 30 days Retail Pro product releases have been updated to include EMV support. Current releases of 9.3 and 8.7 for Retail Pro 9 and Retail Pro 8 product families are EMV-capable now.
In addition, Retail Pro 9.3 release brings with it many operational advantages, which will help you mitigate risk and future-proof your operations. Retail Pro 9.3 supports Windows 8, Windows Server 2012 and abstracts all sensitive payment data from the retail management software. This provides you with tools to limit your PCI audit scope, protect customers’ payment data, and mitigate your risk while ensuring compliance with EMV standards.
Please review the corresponding EMV-acceptance FAQ from your payment partner Cayan, and contact your Retail Pro Business Partner to discuss implementation of Retail Pro 9.3 or 8.7.
FAQ: EMV, Europay, MasterCard, Visa
1. Why is EMV being introduced?
In the wake of numerous large-scale data breaches and increasing rates of counterfeit card fraud, U.S. card issuers are migrating to this new technology to protect consumers and reduce the costs of fraud.
2. How do I explain this to my customers?
EMV cards are newer and include a small, metallic square. That’s a computer chip, and it’s what sets apart the new generation of cards.
The magnetic stripes on traditional credit and debit cards store unchanging data. Whoever accesses that data gains the sensitive card and cardholder information necessary to make purchases. That makes traditional cards prime targets for counterfeiters, who convert stolen card data to cash.
Unlike magnetic-stripe cards, every time an EMV card is used for payment, the card chip creates a unique transaction code that cannot be used again. If a hacker stole the chip information from one specific point of sale, typical card duplication would never work because the stolen transaction number created in that instance wouldn’t be usable again and the card would just get denied.
3. How is an EMV transaction different from a traditional swipe transaction?
Instead of going to a register and swiping your card, you are going to do what is called ‘card dipping’ instead, which means inserting your card into a terminal slot and waiting for it to process.
When an EMV card is dipped, the customer must leave the card in until the transaction is complete. Data flows between the card chip and the issuing financial institution to verify the card’s legitimacy and create the unique transaction data. This process isn’t as quick as a magnetic-stripe swipe. So if a person just sticks the card in and pulls it out, the transaction will likely be denied. A little bit of patience will be involved.
4. Do all my terminals need to be EMV capable. If so, why?
Although EMV is not a mandate, it is highly recommended for all merchants because the liability shift means the cost of fraud will fall back on the merchant. Consider the example of a financial institution that issues a chip card used at a merchant that has not changed all terminals to accept chip technology. This still allows a counterfeit card to be successfully used on the non-EMV terminals. The change is intended to help bring the entire payment industry on board with EMV by encouraging compliance to avoid liability costs.
5. How does EMV work with mobile payments?
Mobile card readers will support EMV by offering some variety of chip, pin, signature, Bluetooth, NFC capability, etc. and work the same way as a terminal.
6. What is the real risk to my business if I am not EMV compatible by the October deadline?
Prior to Oct. 1, 2015, if an in-store transaction is conducted using a counterfeit, stolen or otherwise compromised card, consumer losses from that transaction fall back on the payment processor or issuing bank, depending on the card’s terms and conditions.
After Oct. 1, the liability for card-present fraud will shift to whichever party is the least EMV-compliant in a fraudulent transaction. So if a merchant is not EMV compatible, the consumer loss from the transaction will fall back on the merchant, not the payment processor or issuing bank.
7. Is there any special “at checkout process,” either at the POS or terminal, that will need to be handled?
The card must remain in the reader slot until the transaction completes. The customer may have to select a specific credit/debit application as there could be multiple options per card. The customer will also provide their signature or PIN as prompted by the terminal.
8. Are there any configuration changes to my existing POS installations that will be needed?
Genius customers will need to update their Genius application to 5.x (currently in development) and Retail Pro 8.7.400.18 and Retail Pro 9.30.3.216.
9. Do I need to train my staff on any of this?
Cayan advises taking time to train employees so that they are familiar with EMV transactions and to make the transition seamless. Cayan is providing a step by step guide to assist with training. There are also many online resources for learning more about EMV, for example Visa has posted a series of webcasts at http://usa.visa.com/merchants/grow-your-business/payment-technologies/credit-card-chip/webinar/resources.jsp
10. I am a Cayan-acquiring customer. When will I be ready to accept EMV?
Cayan will have the updates available in September. Merchants can request updates upon general availability.
11. I am a Cayan PGS customer. When will I be ready to accept EMV?
We are working to certify our other processors. Release dates depend on each processor’s availability and certification queue.
12. Will non-US EMV cards work with Genius?
Yes.
13. I am a Cayan PGS customer. What happens if Cayan is not ready to handle EMV with my processor by the October deadline?
We are working to get all processors certified as quickly as possible. If EMV compliance is important to you, consider switching your processing to Cayan to be ready by October.