Merchants Get Ready for New Chip-and-PIN Terminals
It’s hard to think about autumn during the first blush of summer, but many American merchants have October on their minds as they prepare to add terminals capable of accepting the new chip and pin cards in addition to the traditional swipe-and-sign credit cards.
Beginning this fall, merchants will be required to accept the new Europay, Mastercard and Visa (EMV), or Chip-and-PIN, readers or face fraud liability issues.
This can mean headaches for small businesses, but should result in more security against fraud from stolen credit cards, as long as the pin features are enabled, possibly reducing millions in fraudulent charges.
Sword & Shield Director of PCI Services John Harmon said the costs of new systems can be high since retail organizations need to replace the customer-facing devices where the payment cards are swiped at the checkout.
“What we have currently seen in deployment of the new systems is the ability to read the new chip and pin cards, but the pin functionality has not been enabled making the cards no better or worse than traditional magnetic strip cards,” he said.
The way the new system works is that consumers insert their EMV card into a payment terminal until the transaction is complete rather than swiping the magnetic strip. Magnetic strips are similar to old-fashioned VCR or cassette tapes and the information on them can be overwritten.
Chip-and-PIN cards can and should require a second authentication factor: the customer’s personal identification number (PIN) before completing the transaction. Right now, the customer’s signature is all that is required for a second authentication and this is rarely subjected to much scrutiny.
Europe, Mexico and Canada have used these EMV cards for years, but this is the first year U.S. card holders will be held to the same standards.
“Moving to the new chip and pin capable devices will not reduce the need for PCI compliance,” Harmon said. “However, many of the newer point of purchase devices are capable of employing point to point encryption (P2PE), which can improve your organizations security and reduce the complexity of a PCI assessment. Using the chip and pin cards will reduce the number of fraudulent charges from cards that are physically stolen, once the PIN requirements are enabled.”