EMV: Swipe Ahead Gets Left Behind
Update 10/4/16: Shift4 has been around long enough to predict how most things will shake out in the payments industry. With the below article, we knew EMV was going to cause headaches for merchants, consumers, and just about everyone else who deals with payments. Well, it turns out we were right. Most major card brands brought the concept of “swipe ahead” back. Read about its comeback.
As the October 2015 EMV liability shift deadline approaches and more merchants prepare their businesses to accept EMV “chip card” transactions, several major changes will occur with how merchants and consumers interact at the point of sale.
These coming changes not only require behavioral changes on the part of the merchant and consumer, but will also require that independent software vendors, or ISVs, educate merchants about the upcoming changes with this new technology.
Some of the payment device functionalities merchants and customers have grown accustomed to will no longer be available after the U.S. migrates to EMV. One of the more commonly used features is “swipe ahead.” This functionality allows customers to swipe their cards and enter their PIN or sign for the transaction before the merchant finishes ringing up the order. Once the order is complete, customers can approve the amount and get their receipt. In a busy environment, swiping ahead can make the checkout experience quicker and easier.
Why EMV and Swipe Ahead Aren’t Compatible
However, swipe ahead as a feature will become inoperable as merchants transition to EMV. This marks the fact that, in general, EMV cards will introduce more friction to the point-of-sale experience. EMV cards must be inserted, or “dipped”, into the payment terminal to complete the transaction. For customers with an EMV card, swiping may not be an option at some merchant locations. This is because EMV cards require a complex authentication process and interact with the payment terminal in a much more involved way than magnetic stripe cards. Here is what a typical EMV transaction will look like:
- First, the merchant will begin ringing up the order. During this time, the payment device will stay in an idle mode.
- Then, when the transaction is at the appropriate stage and the total amount of the transaction has been determined, a prompt will appear on the payment device informing the customer they may insert their card.
- At this time, the customer will dip their card into the terminal, leaving the card within the terminal as the chip is being read.
- A complex exchange of protocols takes place, involving transaction information both being read from and written to the card.
- Finally, the customer will approve the amount being charged and get their receipt.
What You Can Do
This new process will take some getting used to for all parties involved, and merchants should note that educating their staff will be essential, including briefing staff on the new EMV procedures and how to provide “on-the-spot” education for consumers. ISVs should ensure their merchant customers are aware that this process will require more time during checkout, which can lead to longer lines. ISVs need to make sure their merchant customers understand what functionalities they may no longer be able to use, what the EMV checkout process looks like, and what their merchant customers can do to make the process a little easier.
Overall, EMV will help businesses improve their security posture by preventing instances of card-present counterfeit fraud. But EMV alone is not enough. Having a layered security solution in place will provide much stronger protection against payment card data being stolen in the first place while simplifying PCI compliance efforts. Merchants can bolster security and prevent breaches by getting EMV ready and adding point-to-point encryption (P2PE) to encrypt card data before it enters the merchant environment, and tokenization to replace card data with a globally unique string of numbers and letters that can’t be mathematically reversed.
EMV Is Not Enough
Shift4 supports EMV and offers the layered security of our True P2PE™ and TrueTokenization® solutions so our merchant customers won’t have to worry about storing, processing, or transmitting sensitive cardholder data. With these additional security measures in place, merchants can lower their breach profile by limiting their exposure to being breached in the first place and spend less time and effort obtaining PCI compliance.