On October 1, 2015, the In-Store Counterfeit Fraud Liability for Credit Card payments shifts to Retailers, if they are not able to accept chip cards.
Most banks have already reissued credit cards to cardholders, but most large retailers are unable to accept these cards. I’ve received my chip cards from Bank of America and have attempted to use the cards at many brick and mortar stores without any luck. Inserting my card into the Payment Terminal (PinPad) does not yield any results. Most merchants have rolled out the new Payment terminals like Ingenico’s ISC 250 and ISC 480 devices or VeriFone’s MX915 and MX925 devices, BUT “dipping” your Chip enabled card, still does not work? Will these large retailers be able to meet the October 1st deadline?
Anxious to use their new cards and to take advantage of the added security, consumers are asking, “What is the delay, why are my chip cards unrecognized at the Payment Terminal?” For most large retailers, the liability shift presents a very costly endeavor for them to undertake. Not only are there hardware changes like the new Payment Terminals, which enable them to read the new Chip enabled cards; but also Hardware Security Modules (HSM’s) are needed to secure the Retailers Public and Private keys, which are used to encrypt sensitive credit card data.
On top of the hardware costs, Retailers must also update their Point of Sale applications. Point of Sale (POS)/Cash Register software is what retailers use to tender payments, ring up items and track inventory. Most large retailers use Enterprise POS applications. Currently, most Enterprise POS systems will no longer have any direct contact with the Payment Terminals. Due to PCI-DSS constraints, these systems now move the control of the Payment Terminals to 3rd Party software companies. Companies like ACI Universal Payments, BlueFin Payment Systems and CreditCall, whose software specializes in EMV, controlling the Payment Terminal, and Security which are built into their applications to protect the sensitive Credit Card information. These companies also provide support for reading chip cards and Point to Point Encryption(P2PE), out of the box.
Enterprise Point of Sale systems like Oracle Retail’s Store Solutions or X-store applications, Tomax JPOS by Retail.NET or Starmount’s Engage application, require specialized consultants or Subject Matter Experts (SME’s) to modify and enhance the POS system. In most cases, Retailers do not have this expertise, in house, and must hire the services of System Integrators, which specialize in enhancements and customization’s for Enterprise POS systems.
As we enter the month of August, Retailers that have NOT started this process are way behind. The list to certify the hardware and software customization’s is growing and companies that provide the applications to control the payment terminals and supply the hardware and SME’s who know how to customize POS systems and test card providers are all feeling the crunch as more retailers rush to meet the October 1st deadline. Retailers, the time is NOW to get your systems ready for EMV.