For many retailers, getting to EMV was a long and arduous task. Delays in certifications, long lead times for new payment terminals, and high competition for valuable software, payment terminal and banking resources meant 6 month projects often turned into 12 and 18 month projects. So if you are a retailer who has successfully implemented EMV, congratulations! But where do you go from here?
The first critical step will be to ensure that you are indeed no longer seeing any higher than usual chargebacks coming from the bank. If you are, then you need to investigate further to validate that your transaction messaging is correctly flagging transactions as being EMV and that the bank isn’t erroneously passing along any charges which should not be shifted to the merchant.
Finishing What you Started
The next step is to shore up additional security gaps from a store systems perspective. Many retailers who chose to focus their priority on EMV did so at the expense of implementing end-to-end encryption (E2EE) or tokenization. Whereas EMV is critical for limiting the use of lost or stolen cards in your stores, it does nothing to protect the card information itself once it gets into your store and back-office systems. E2EE helps to ensure that the card data is encrypted immediately upon swipe and will remain locked down and protected until it is outside of your network at the gateway or processor. And implementing a tokenization solution, which stores a non-sensitive token in lieu of the credit card number in your system, helps to ensure that there is no critical information to be obtained in a breach event. The combination of EMV, E2EE and tokenization is the best defense for securing your store environment.
Improving Online Payment Security
As retailers continue to secure their in-store retail systems, many fraudsters are turning their attention to online systems. An additional recommendation is to extend tokenization solutions to online and mobile systems to ensure payment security while still being able to support advances in cross-channel business processes through the use of an omni-token.
As a result, retailers who have e-commerce solutions need to ensure they are securing these systems as well. From validating the secure transport of card data to processors to the ongoing tweaking and configuration of the rules within an advanced fraud management system, there are additional steps which retailers can take to address the already-present rise in online fraud.
Monitoring EMV Issues and Trends
Finally, it will be important to monitor coming trends and shifts related to EMV. The longer authentication timeframe is causing headaches for many speed-of-service focused retailers, and the card issuers are working to implement “Quick EMV” fixes to speed up the precious seconds which have been incrementally added to a credit card transaction using EMV chip technology. Even though these should not result in additional development or projects for retailers, it will be important to understand how these impact the checkout process before deciding to implement. Additionally, there has been an ongoing debate around the initial implementation of chip-and-signature for EMV vs. the more secure chip-and-PIN implementation. If the momentum continues to shift towards chip-and-PIN, there will be additional steps required to ensure a successful implementation.
EMV compliance is a tremendous step towards avoiding additional liability stemming from fraudulent transactions as well as reducing the ability for customers to use fraudulent cards in your stores. But payment security is an ongoing process, not just a project. And to keep up, following many of the steps above will continue to help secure your customer’s information and your payment processing.
As always, I appreciate your opinions and insights on this topic. Please share your comments below.