By Dale Venturini, President and CEO, R.I Hospitality Association
Many of us currently have an EMV credit or debit card – also known as a ‘chip’ card. These safer versions of the traditional magnetic-strip cards were designed to protect consumers against fraud. Long used in Europe, EMV – which stands for Europay, Mastercard and Visa (the three companies to spearhead the effort) – offers advanced levels of technology, including encryption to help prevent against having credit card numbers skimmed, accessed or duplicated into a counterfeit card.
The United States has the dubious title of having the most credit card fraud occurrences. According to Barclays, in 2015, the U.S. was responsible for 47 percent of the world’s credit card fraud.
The new chip cards, the process of which most of us find to be longer and more cumbersome, are prevalently used in the retail industry. However, that could all be changing. In fall of 2015, the major credit card companies pushed an EMV mandate in which most merchants in the U.S. would need to shift to an EMV-compatible transaction system. If not in compliance, businesses could be subject to non-compliance fees and, more worrisome, merchants who don’t comply will also be responsible for the costs associated with accepting fraudulent transactions or ‘chargebacks.’ Previously, the fraud was usually absorbed by the bank that issued the credit card.
The rollout has been moving forward, but not without its challenges. According to a study by the National Retail Federation and Forrester, ‘The State of Retail Payments 2016’ found that 76 percent of retailers surveyed cited EMV as their top payment challenge of 2015. Eighty-six percent of those surveyed have implemented or expect to implement the EMV system by the end of this year. But, while many retailers are working to complete the EMV transition, payment vendors have not been able to keep up with the demand to certify EMV equipment once installed.
While most credit card fraud occurs at retail locations, we are starting to see a rise in the hospitality industry. The instances of consumers using fraudulent or stolen credit cards have resulted locally in thousands of dollars of chargebacks occurring to some restaurant locations that have not installed a chip reader. The hospitality industry has been a slow adapter to EMV, but the National Restaurant Association (NRA) believes that each business needs to evaluate certain criteria before undertaking the expense of an EMV-compliant system.
According to the NRA, many restaurants have difficulty justifying the expense to convert to this new technology and have issued some helpful facts for businesses to consider:
- There’s no legal or regulatory requirement for merchants to install EMV readers. The card brands have simply modified their contracts to penalize those merchants who chose not to implement the technology – and the penalties happen only if a merchant is defrauded through the use of counterfeit or stolen cards.
- EMV may be a fix for a problem you don’t have. Counterfeit cards have primarily been a problem for high-end retailers, electronic stores and other retailers. Typically, carders and other criminals haven’t targeted restaurants. If you haven’t had a big problem, you may not need to make a change
- To evaluate your potential liability, look at how many, if any, of your chargebacks are due to the use of counterfeit or stolen cards. If the numbers are low, it may be hard to justify the cost of EMV-enabled terminals. Even if you experience fraud, the cost of the chargeback may be far less than the cost of installing a new EMV reader, or fleet of readers. As you look at the expense of buying and installing EMV readers, consider whether you’re better off investing in new technology that offers stronger protections, such as encryption and tokenization.
- As you upgrade your POS system, make sure the new system incorporates not only EMV technology, but also encryption and tokenization technologies. The NRA considers these technologies far more important for restaurants than EMV. Encryption technology immediately encrypts card data as it’s entered into the POS system, so it’s unintelligible even if it gets stolen. Tokenization replaces stored card data with “tokens.” These tokens are unusable by hackers and have no value.
As more and more consumers begin using chip cards, this issue will continue to be a hot-button topic for our industry. If you would like to know more about EMV technology and compliance, please visit the NRA’s website at www.restaurant.org. For any local questions, please visit www.rihospitality.org or call us at 401.223.1120.
Dale J. Venturini is the President and CEO of the RI Hospitality Association. A veteran of more than 25 years in the hospitality industry, Venturini is considered by many to be the voice of the industry in the state of Rhode Island. She has been instrumental in improving the industry’s educational and training programs in the state, as well as enhancing the bottom line of the business she represents. Venturini splits her time between the office and the State House, a constant presence for her membership.