The same theme emerges at nearly any conference, roundtable or web seminar about the EMV chip-card transition in the U.S. Experts agree that ISOs and agents and should become well-educated about smart-card technology.
The acquiring industry can then pass that knowledge along to merchant clients and financial institutions.
In collaboration with the Electronic Transactions Association, the SCIL-EMV Academy has initiated a series of traveling seminars. The academy calls it the Solutions Seminar Road Show, which will supplement the current online and physical curriculum, says Stewart Chalmers, the academys executive director.
We were getting a ton of feedback about the training, and the biggest challenge was the time and travel costs for those interested, Chalmers says. We felt it would make sense to take the EMV training mobile and go on the road with it.
So the SCIL-EMV Academy will make stops in cities across the country for one-on-one or group training, Chalmers says.
The academy is hoping companies will become site sponsors and allow employees from other companies to attend.
Its about two-to-four hours of training, so it could be at a sponsored site, or just one-on-one with one company, he notes. Its just a way to tackle specific migration questions.
In some cases, academy trainer Mansour Karimzedah and others can help ISOs take on specific projects as part of the training, Chalmers says.
The training road show started this month and will continue as needed.
In the meantime, the academy continues to help ISOs and acquirers grasp the complexities of EMV through web seminars featuring Karimzedah, the chief technology officer for the SCIL-EMV Academy and co-chair of the EMV Migration Forum Debit Network Committee.
A recent web seminar, offered in collaboration with the ETA, handled questions ISOs have regarding the October 2015 network liability shift timeline for merchants, acquirers and issuers.
Questions from ISOs and Karimzedahs answers were as follows:
Question: Will I need to replace the terminals that I am selling today with terminals that have smart-card readers?
Answer: There are over approximately 12 million POS terminals and about 500,000 ATMs in the US. Regarding the terminals, those that have been replaced in recent years will probably have the smart-card reader installed as standard but would not have the software to be able to accept a chip card. The remaining terminals in the market will need to be upgraded both hardware (the card reader) and the software to be able to recognize and read EMV chip cards. In many cases, it may be less expensive to completely replace older terminals with the newer models.
Question: What are the costs associated with additional hardware and software?
Answer: The cost of the upgrade varies from approximately $100 to $400. This depends on the type of the terminal, the numbers being upgraded and the ease with which the upgrade can be done.
Question: What certification is required?
Answer: Any new terminals that are developed will need to be certified by an EMVco approved lab. The certification is good for all terminals with the same components and the same software. However, if there is a major change in the hardware or software, new certification is required.
Question: How are mobile contactless payments affected by EMV?
Answer: The current mobile payments schemes by a consortium of mobile network operators and card brands (Amex, Discover, VISA and MasterCard) are based on the EMV standards. The contactless cards being rolled out in many countries are also based on the EMV standards. Therefore, in the future we see EMV as the framework for both mobile and contactless payments.
Question: How are Payment Card Industry Data Security Standards affected by the shift to EMV?
Answer: The reason for developing and using PCI-DSS was originally to stop third parties from stealing cardholder information from any part of the transaction chain. This is different from the reasons for developing and using EMV, which is to stop card counterfeit and lost and stolen fraud. Therefore the need for PCI-DSS, even in the EMV environment, remains. The card brands, however, are providing relief for the need to do PCI-DSS compliance testing every year if 75% of the terminals are EMV compliant.
Question: Should I wait until the market picks up?
Answer: This depends on many factors including how many terminals you manage;
what type they are (i.e. older without chip card readers installed, or newer with chip card reader installed); and if the merchant is willing to pay for any fraud past the liability shift dates. Also, how much advance notice do suppliers need to deliver the terminals in time for liability shift dates?
Question: What are the costs associated with EMV, and how do I pass them to the merchant?
Answer: Passing on the cost to merchants depends on the way the contracts are set up. It may be an easier sell if the cost is spread over a number of months or nyears.
Question: Are interchange costs staying the same?
Answer: Currently all interchange costs are staying the same.
Question: What are the rules for debit transactions under the Durbin amendment?
Answer: According to the Durbin amendment, there should be at least two competing debit networks available for selection at the acquirer. There are two main committees working on this the Secure Remote Payment Council and the EMV Migration Forum Debit Committee. To date, a number of proposals have been received and are being studied.
Besides the questions addressed at the web seminar, Karimzedah has often been asked which is the best authorization approach for an EMV card chip-and-signature or chip-and-PIN?
The choice has been the center of debate in the U.S., where MasterCard supports PIN because of the stronger security it provides, while Visa has recommended signature to its issuers as a way to cut expense and move the transition along.
In a previous interview with ISO&Agent Weekly, Karimzedah said he couldnt fathom why such a debate is even taking place. The reason for EMV is security, and there is more security in the PIN, he contends.