EMV: The Risks and Rewards of Doing Nothing
As the EMV deadline quickly approaches, card issuers are scrambling to get chip-enabled cards into the hands of consumers, and many retailers are rushing to install EMV card readers and overhaul their point-of-sale (POS) systems. But is it the right time to do so?
Despite all this urgency, retailers need to remember that EMV compliance doesn’t provide total security protection, and it isn’t a regulatory mandate. While EMV will help to identify fraudulently cloned cards and provide additional risk coverage, it won't protect you against malware or the man-in-the-middle eavesdropping software that's infamously plagued some of the industry’s largest retailers. A recent report from Forrester Research recommends tokenization as the preferred solution to secure retailers’ payment chains because it forecasts that EMV chip card payments won’t reach “broad” adoption until 2020. While tokenization is a whole different ballgame, it’s worth noting that without it, EMV cannot encrypt or protect card numbers during transactions. It’s definitely something for retailers to think about.
Once the EMV deadline passes, retailers that aren’t compliant will not be reimbursed for fraudulent transactions, but they also aren’t under any legal obligation to comply with this upgrade in the first place. Like any business decision, EMV compliance is a question of the tradeoff between the costs and benefits to your organization.
If you’re a retailer struggling to decide whether to invest in an EMV upgrade now or later, ask yourself these questions:
1. What’s my current exposure to fraud? For some retailers, fraudulent transactions are a major concern. For others, they’re less of a problem. Retailers that sell high-price items that are easy to resell (e.g., electronics) have a higher potential for fraudulent purchases. Others see far less fraudulent card use each month and may conclude that fraud isn't an active threat to their organization.
2. What’s my cost of EMV compliance? The cost of EMV compliance can vary widely from retailer to retailer. It depends on the number of stores; the number of card readers needed at each store; the complexity of patching, upgrading or replacing existing POS systems; and a host of other factors such as disruption to the business, potential downtime at stores, and training and support. Determining these costs will help you gauge the true value of an upgrade to your EMV installation.
How Soon Will I Be Replacing My In-Store Systems Anyway?
Many retailers are long overdue on their plans to replace outdated POS and store systems, and the EMV deadline is just one more reason to make a change. However, retailers that are several years out from a POS upgrade may decide to wait until then to implement EMV. Once you’ve answered the questions above, you’ll have some options:
- Do nothing. If the costs of becoming EMV compliant (including the costs for hardware, systems, support and training) are greater than the amount you would lose to fraudulent transactions over a given period, then doing nothing may be an acceptable option.
- Retrofit/patch existing systems. If the cost of overhauling your existing systems for EMV compliance is lower than the cost of fraud that you could possibly incur, then it may make sense to retrofit or patch existing systems prior to the EMV deadline.
- Replace existing in-store systems with new solutions. If your POS and in-store systems are showing their age and you’re eager to gain omnichannel capabilities such as endless aisle, clienteling and mobile, then a more strategic investment — one that includes PCI and EMV compliance — may be the right choice. In other words, it may be better to use the money you would spend on retrofitting existing systems for EMV compliance on new systems that provide EMV compliance and the omnichannel capabilities that can help drive more sales.
One final thought: Unlike EMV, there’s no deadline for adopting omnichannel capabilities. However, that’s not to say that there isn’t a cost for procrastinating on omnichannel solutions. While protecting yourself from fraud can help you control costs, omnichannel solutions can help you save more sales, attract more customers and close more transactions across all channels. With the right choice of omnichannel solution providers, EMV compliance can be part of the package.
Greg Davis is the vice president of product strategy of Starmount, a provider of a data-rich commerce platform that supports omnichannel retailers.
Related story: How Retailers Can Avoid Credit Card Fraud