EMV is no stranger to the news cycle, with the card network 2015 liability shift approaching for many U.S. businesses.
So why arent we all walking around with EMV chip cards in our wallets? The answer is most organizations in the U.S. are still mystified by the technology and process and continue to compress the issue to a lesser evil rather than dealing with it head on.
EMV migration is a fairly complex and time consuming undertaking and to support it, in addition to the issuance of EMV chip cards, a whole software ecosystem must be developed. This ecosystem is instrumental in driving the PINpad or card reader hardware in addition to Terminal Management and support for Point to Point Encryption.
On top of that is the software and hardware support that EMV migration requires, as well as the time-consuming and rigid certification process. This being said, you might see why its often easier to turn a blind eye than set out to complete this rigorous task.
Facing these challenges, processors, integrators and other companies can execute EMV migrations in a few steps.
Companies should select an appropriate PINpad or card reader and create a robust and reliable driver for it; then update all existing processor interfaces to support the new requirements of EMV. With the October 2015 deadline approaching quickly, you must consider the demand for processor support requests in the run-up. The next steps are completing the M-TIP/ADVT/AEIPS/DPAS certifications with each PINpad and processor combination, creating a Terminal Management System to keep PINpads up to date with the latest EMV configuration such as CA Public Keys and DOLs.; and ensuring support for P2PE (Point to Point Encryption) technology and the future PCI P2PE standard.
The importance of selecting and implementing the right hardware, combined with the support needed around the software, can take up to 12 months not including the onerous EMV certification process which can add another six months or more. The time and cost impact of developing this type of infrastructure can feel like a major obstacle that could impact the day-to-day operations of a business.
Other things to consider include security. When it comes to security, EMV is only the first layer of the payments security cake. For an even higher level of security, EMV can be paired with additional solutions, such as Point-to-Point Encryption and Tokenization. However, its crucial that the U.S. takes the proper steps to upgrade its current system first to uphold EMV standards before tokenization and P2PE can be considered.
Also, the cost of EMV migration and the complexity of migration are widely acknowledged as major barriers to the adoption of the new standard as a whole. Purchasing new or upgrading existing terminals and POS systems is an expensive undertaking and a considering factor as to why the U.S. is several years behind the rest of the world in adoption of the technology.
What most businesses may not know is that EMV certification is a continuous process that must be completed every three years. The knowledge and capacity needed to manage and maintain this process is something most businesses are not able to support for the long term.
As businesses become more cognizant of the role of EMV in the payments infrastructure, many can expect to see new systems future-proofed with this type of support. While the benefits of EMV might not be seen as immediate, countries like Canada are already seeing a reduction in fraud issues having implemented the technology in the past year.
With the number of security breaches that have continued to cause major concerns in the U.S., we can be confident that higher penalties will occur particularly as the October 2015 deadline creeps closer and closer.
Jeremy Gumbley is CTO and technical director at the Bristol, U.K.-based CreditCall.