Editor's Note: This article, geared for restaurateurs, was published by NCR Corp. in a blog series at www.ncr.com/company/blogs/hospitality/emv-myths-debunked-implementing-emv starting in March 2015. Copyright © NCR; all rights reserved. Adapted with permission.
Heard about EMV, but you're not sure what's real and what's not? Be aware of these common myths surrounding EMV so you can control when and how you implement EMV in your restaurant.
On Oct. 1, 2015, a liability shift will occur regarding who is responsible for chargebacks when a counterfeit card is used at a restaurant. Between the bank that issued the credit card, the restaurant and the payment processor, whoever is least prepared to accept EMV-enabled payment cards will now be responsible to pay for the chargebacks. [For the EMV Migration Forum's perspective on the U.S. EMV migration, see this issue's lead article, "Understanding the 2015 U.S. fraud liability shifts."]
Implementing EMV in your restaurant is required and will be enforced by a government regulation or security council.
If you are a U.S. restaurant operator, no government agency or industry association is requiring you to implement EMV. You won't be fined if you don't implement EMV by the often referred to "deadline" of Oct. 1, 2015. This isn't a government mandated deadline. It's your decision whether you want to implement EMV.
EMV is a requirement for complying with the PCI DSS.
You don't need to implement EMV to be compliant with the Payment Card Industry Data Security Standard (PCI DSS). While EMV can be one component of your data security strategy, it's neither required nor mandated by the PCI DSS, nor will implementing EMV make you PCI compliant.
Once you implement EMV, you will no longer be able to accept credit cards with magnetic stripes.
Magnetic stripes on credit cards are going to be with us for quite some time. If you're EMV-ready, when a customer pays with an older magnetic stripe credit card, you'll simply swipe it through your new payment terminal's card reader. So regardless of whether or not you have implemented EMV, you'll be able to take all credit cards in your restaurant.
EMV protects your restaurant from a data security breach.
Implementing EMV alone will not protect your restaurant from being hacked. While EMV helps protect you from counterfeit card use, it's not the end-all, be-all of data security. You can put into place measures that aren't provided by EMV – such as encrypting credit card data as it passes through your network – that will safeguard your restaurant from a data breach as well as give you greater peace of mind.
EMV will rapidly achieve mass adoption by both credit card issuers and other restaurants.
Estimates are that only 20 to 30 percent of cardholders in the United States will have EMV-ready cards by Oct. 1. Meanwhile, industry experts are saying it will take at least three to five years for EMV to reach full acceptance in the United States; in Europe the adoption took much longer. It's going to take a while for everyone to finally make the transition to EMV.
If you don't implement EMV, you won't be able to accept credit cards after Oct. 1, 2015.
Even if you don't implement EMV-enabled payment devices by Oct. 1, your business will run the same as it did on Sept. 30, aside from the liability shift. Both older magnetic stripe cards and newer EMV cards can be accepted by non-EMV merchants, as the new chip cards will also have magnetic stripes available for that very reason.
Transitioning to EMV is as simple as plugging in a new payment terminal.
Making your restaurant EMV-ready can involve lots of discussions, questions and planning about many things: your POS system, your payment processor and the right kind of payment terminal devices. It's also crucial that you understand the impact EMV technology will have on your operation; be prepared to train your staff appropriately and assist customers with using their EMV credit cards.
You do not need to worry about PCI DSS requirements if you use EMV.
This is not true. EMV chip technology improves the security of processing credit card transactions but does not remove your requirement to comply with the PCI DSS.
For further information, please email email@example.com or call 1-877-794-7237.
The Green Sheet Inc. is now a proud affiliate of Bankcard Life, a premier community that provides industry-leading training and resources for payment professionals. Click here for more information.
Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.Prev Next