If your company is like plenty of retailers, you might just be settling in after spending plenty of time, effort and cost implementing EMV. Or perhaps”settling in” is somewhat strong of a term, because lots of the procedures surrounding EMV […]
If your company is like plenty of retailers, you might just be settling in after spending plenty of time, effort and cost implementing EMV. Or perhaps”settling in” is somewhat strong of a term, because lots of the procedures surrounding EMV have not been fully sorted out and companies are still trying to ascertain the criteria and strategies for software upgrades, patches and such.
Then comes the recent statement of EMV 2.0 and, understandably, some firms got a bit nervous about this new release. What does EMV 2.0 mean for their EMV 1.0 implementation? What’s changed? Do they must go through yet another all-consuming job?
What EMV 2.0 is and is not
EMVCo — the consortium of credit card companies that oversees the criteria around EMV — published the newest edition of its EMV Payment Tokenization Specification — Technical Framework this autumn. Dubbed EMV 2.0, the most recent version”addresses the adoption of payment token use cases in e-commerce beyond present card-on-file, and provides improvements to how payment tokens could be manipulated within one payments station” based on the EMVCo press release.
EMV 2.0 also revises the functions of this token service provider and token requestor; introduces new concepts like the token program and token user; and outlines how all these functions play out within the international payments environment.
These new standards aren’t a significant overhaul of what is currently in place. Rather, it is a matter of refining particular roles and procedures which are related to contactless payment systems like Apple Pay or Android Pay, and, to a lesser extent, mobile and browser-based payments.
Do you will need to act now?
The brief answer is that it is dependent upon your business case. EMV 2.0 is guaranteed to be another resource-intensive job, therefore it’s important to have a good look at your company to work out whether it is necessary and worth the effort.
Evaluate your fraud risk
EMV 2.0 includes a new messaging protocol which enables customers to authenticate themselves when using a contactless payment option. It’s another security layer which prevents unauthorized transactions from mobile, contactless, and conventional browser-based payments, and it further protects the merchant from fraud exposure.
Taking inventory of your fraud risk is a fantastic first step when figuring out if prompt action is necessary. In case you’ve implemented EMV 1.0 and are continuing to confront fraud threats or openings, the improved security protections of an EMV 2.0 implementation may make sense for your enterprise. But if you are among most small and midsize retailers for which fraud isn’t a significant concern, you might be adequately protected with your EMV 1.0 steps.
How common are mobile or contactless payments?
EMV 2.0 is mostly about an improved technical framework that produces a common baseline for mobile or contactless payments; as well as defining how EMV payment tokens are created, managed and deployed. In plain English, this means that EMV 2.0 facilitates more secure transactions when a customer pays with a contactless or mobile system.
Here in the U.S., contactless payments are not yet widespread. If you’re a small or midsize merchant, then you probably don’t have a huge proportion of your customer base using these kinds of payments. Instead, they probably shop in-store and pay by cash or credit card, or they shop online using the classic browser-based method and pay by credit card.
If the above scenarios are true for you, then EMV 2.0’s enhancements are not immediately relevant to your operations and there is probably no need to take immediate actions. But, EMV 2.0 changes are particularly pertinent to those big Tier 1 merchants that process millions of transactions each day and might have a larger number of consumers using more cutting edge payment methods.
It is ok to wait and watch
The biggest retailers will no doubt begin planning for EMV 2.0 changes since they’re immediately related to the safety and profitability of their business, in addition to the security and convenience of their clients. But few small and midsize businesses will have the stomach or the tools to experience another substantial implementation — and that is ok.
If you are like most retailers, you can breathe easy for now. But keep your eye on the experiences and lessons from the Tier 1 retailers as they implement EMV 2.0. What benefits are they truly getting from it? What hurdles are they running into? What do their timelines look like? It’s very likely that EMV 2.0 will make sense for your company sooner or later down the road, so keeping tabs on the largest players today can help you think through your own procedures and demands when the time comes.
►►► ConnectPOS is a cloud-based POS software compatible with multiple platforms including Magento, Shopify & Shopify Plus, and BigCommerce.