The October deadline looms, but decisions to become EMV-compliant should be based on business metrics rather than fear of hackers.
Whispers of an EMV migration have circulated in the industry for years, but come Oct. 1, all restaurants will face new Europay, Mastercard, and Visa (EMV) standards, representing a shift away from the magnetic swipe cards and chip-and-PIN cards that have been the standard in America for decades. The new format will be chip-based cards, generally considered more secure and widely used across Europe.
Those who choose not to upgrade their technologies to comply with EMV will be accountable for fraudulent purchases from Oct. 1 onward—a significant liability shift away from issuers and banks to merchants. Point-of-sale providers are doing their best to prepare their restaurant clients, though some restaurant owners are opting not to make the switch, betting instead on the fact that fraud typically occurs at large merchants such as Target and Home Depot. For those restaurateurs that do want to make the transition, experts suggest they move soon, rather than waiting for October to roll around.
A Necessary Switch?
In a changing marketplace, Jordan Bernstein, a senior associate at legal consultancy Michelman & Robinson, cautions against getting swept up in the marketing blitz of EMV. He says operators should only purchase new payment systems from trusted vendors.
“It’s very simple: Every single operator or merchant out there has some form of terminal point-of-sale system transaction device,” he says. “My advice would be to call that vendor and say, ‘If my machine is not EMV-ready, what are the steps for me?’ I don’t think operators should start messing with somebody who’s soliciting [them]. … Just go back to the people you have.”
But not everyone is convinced that restaurants—particularly small independent operators—should be rushing to become EMV-ready. Many believe restaurants have a relatively low risk of fraudulent card activity. And, experts say, EMV compatibility won’t necessarily guard against all types of fraud.
Laura Knapp Chadwick, the director of commerce and entrepreneurship at the National Restaurant Association, says most hackers are stealing credit card data to create fake cards and purchase high-priced retail goods—not dinner at a restaurant—or to resale for a profit online.
The first thing operators should do is determine how many chargebacks are received in a year for fraudulent purchases. Even if a restaurant is liable for a chargeback after the EMV deadline, Chadwick says that cost is still likely less than the cost of migrating to an EMV payment system. Those chargeback numbers, she says, should drive decisions on whether to make an upgrade. “It shouldn’t be fear-based,” Chadwick says. “It should be business-case based.”