If you are processing credit cards through Authorize.net in Imonggo, then you may be aware that Authorize.net still does not have support for EMV. In fact, a Q&A on their website announces that it will only be available by the first quarter of 2016.
Due to this, Imonggo’s integrations team has been looking for other credit card gateways that may support EMV. It is an arduous task, since it seems like only a small number of gateways are certified to handle EMV processing.
This is not an isolated situation. In fact, about 75% of merchants in the United States will miss the October 1 deadline for EMV, according to Javelin Strategy & Research.
But it is not as catastrophic as you think.
Andrew Avanessian, VP at security firm Avecto told FierceRetailIT, said that businesses can survive even without transitioning to EMV. Retailers can continue processing credit card payments by swiping them into a magnetic stripe reader, instead of using a chip card reader to do so.
“Even after the Oct. 1 deadline, magnetic stripes will continue to exist within new EMV cards for some time before they are completely phased out,” said Avanessian.
The lack of options for certified processors is not the only reason why U.S. merchants will miss the deadline. Some of the other reasons are the high cost of the EMV processors, and the time constraint for the transition.
The following are several tips for merchants who will not be EMV-ready by October 1.
First, customers will be slow to adapt to modern payment methods.
“There are millions of people who are not tech-savvy enough to use modern payment methods and will continue to rely heavily on their cards,” Avanessian said.
According to Aite Group, an independent research and advisory firm, only about 70 percent of credit cards and 41 percent of debit cards in the U.S. will support EMV by the end of 2015.
Second, EMV is not a 100% solution to fraud.
Avanessian explained, “EMV has been hyped up to be an all-powerful protective solution, but retailers must understand that it is not a silver bullet to security. While it will certainly be effective in preventing counterfeit fraud, it cannot stop retailers from being breached through other means.”
“We all must recognize that EMV does not protect payments data in transit from the acceptance point to the card networks. The sensitive cardholder data contained on the card remains vulnerable to theft once it leaves the payment acceptance device.”
One must know that EMV does not fully protect the cardholder’s data. George Rice, HP Security’s Senior Director of Payments, outlined why.
“With its advanced cryptographic features, EMV makes the creation of fraudulent payment cards very difficult. In some markets, card-present use of an EMV must be accompanied by consumer PIN entry, making fraud even less probable. As a result, EMV transactions give retailers the assurance that they are accepting card payments from their rightful owner.
“Unfortunately, EMV transaction security ends there. We all must recognize that EMV does not protect payments data in transit from the acceptance point to the card networks. The sensitive cardholder data contained on the card remains vulnerable to theft once it leaves the payment acceptance device,” Rice said in an article for PointofSale.com.
Besides, EMV only protects merchants on card-present transactions. Card payments done online or over the phone will still be open to fraud.
Even with these setbacks, Avanessian advises that merchants should still pursue the transition to EMV, even if they miss the deadline.
“Despite the costs, they should start the migration as soon as possible. Consumers will very quickly start to prefer shopping with retailers who have adopted EMV payment systems over those that don’t, especially as breaches at big name retailers like Target and Home Depot have made the general public more security conscious,” he said. (MC)