pcAmerica & EMV Frequently Asked Questions
pcAmerica & EMV
Frequently Asked Questions
Updated: September 30, 2015
What is EMV? The quick answer: the “chip card” that is replacing your standard credit cards. These chip cards were introduced several years ago in Europe (Euro Mastercard and Visa) and are used in many countries around the world. EMV cards are more secure than traditional credit cards. In Europe, they most frequently are used in conjunction with a PIN number - called Chip-and-Pin. In the US, most credit card companies are allowing consumers to sign the terminal or receipt, instead of using a PIN number - this is called chip-and-signature.
How are credit cards and EMV cards different? The old credit cards have a magnetic stripe on the back that contains your name, credit card number and some other data. These cards are swiped through a magnetic stripe reader (commonly called a credit card reader.) The new EMV cards have an embedded computer “chip” that generates unique data for every transaction. EMV cards are ‘dipped’ into terminals, and must remain there for the entire payment transaction.
What is a fraudulent credit card? As you’ve likely seen in the news, hackers have penetrated the security of many large retailers and stolen millions of credit card numbers. These hackers sell off the credit card numbers, which are ultimately used to create duplicate credit cards that look, feel and act legitimate. The fraudulent credit cards can then be taken into a store to make purchases (usually high-ticket items) in what is referred to as a ‘fraudulent charge’.
Why are EMV cards better? One of the strategies to defeat fraud is to make the process too expensive and too time-consuming for criminals to bother with. EMV cards are more secure, and use sophisticated algorithms that are powered by the chip. With current technology, it is nearly impossible to create fraudulent versions - and if it could be done, it would be very expensive and time-intensive. Criminals will look for lower-hanging fruit elsewhere.
What is the “liability shift”? Currently if a fraudulent credit card is used at your business, the card issuing bank owns some (or all) of the liability for that fraudulent charge - meaning they will eat the cost. On October 1, 2015, the major card brands are instituting a policy where liability may now be owned by the business, instead of the banks - depending on which party has the “weaker” or less secure technology (which party is less “EMV compliant”). If your business does NOT accept EMV cards, it may have to own the liability to cover the cost of fraudulent charges. If your business DOES accept EMV cards, the card brands will own the liability. There are further rules around this regarding if a PIN number is used, but chip-and-PIN cards won’t be widely used in the initial US rollout.
Does my business need to upgrade to EMV technology? The short answer is - you don’t have to but you definitely should. There is no mandate in place that a business must upgrade to EMV technology. Your store or restaurant can continue to accept credit cards “the old-fashioned way” for the foreseeable future. However, EMV technology IS more secure and without upgrading, your business will have increased liability for fraudulent transactions. Some businesses see high rates of fraudulent card usage and will want to make sure they have upgraded immediately. Other businesses see low or no fraud - they should still update, however they will have a lower sense of urgency. Generally, restaurants see low amounts of fraud - if any at all.
How many fraudulent transactions are processed at businesses? The answer greatly varies on the type of business. Restaurants typically have low levels of fraud for two reasons: they are relatively low-ticket transactions, and customers generally spend over an hour dining in most table service restaurants. Retail stores with more moderately priced items don’t experience a large amount of fraud; stores with higher-ticket items, however, see higher levels of fraud. For example, jewelers and electronics stores would see substantially higher levels of fraud than a dollar store. Criminals need to justify the cost of a fraudulent credit card. They are not purchasing a fraudulent card for $ 100 to purchase a $ 30 steak dinner or $ 50 in groceries - instead they would look to make a fast purchase of a $ 2000 diamond necklace or three expensive LED televisions.
If my business sees low amount of fraud, is it really that urgent to upgrade to EMV? The business owner should do their best to determine the costs to upgrade to EMV, the potential dollar amount of fraudulent transactions. A restaurant operator that sees $ 100 of fraud per year may not find it especially urgent, whereas a jewelry store owner would want to upgrade immediately. pcAmerica suggests upgrading their point of sale terminal to be EMV-ready as soon as it is reasonably possible for them - and further recommends using equipment that is encrypted and out-of-scope, which substantially enhances the security of the credit cards processed in their store.
Is my credit card processor ready for EMV? It depends on the credit card processor, however at this point most of them are now ready for EMV. Some credit card processors were ready well in advance, while others did not complete their EMV work until recently.
Is my pcAmerica point of sale system ready for EMV? This largely depends on the credit card processor being used with your pcAmerica point of sale system. Depending on how they design their interface, POS developers must go through arduous, expensive certifications for each processor in order to be able to accept EMV. Many processors were not ready until very recently. Most are still backed up with lengthy certification queues. The below list offers some general guidance, however you should confirm all details with your pcAmerica Authorized Reseller or your pcAmerica Account Manager.
Heartland Payment Systems pcAmerica currently supports Heartland Payments with the PAX S300 EMV enabled PIN pad for retail stores and quick-service restaurants (that do not accept tips). The interface for full-service restaurants is expected before the end of the year. This PAX S300 is both encrypted and out-of-scope. This approach is so secure that Heartland offers a ‘Breach Warranty’ that they will cover the costs if your payment data is compromised.
About Heartland Secure (encryption)
Mercury Payment Systems pcAmerica currently supports Mercury with DataCap on the Verifone VX 805 EMV enabled PIN pad.
First Data (Retail). pcAmerica has been collaborating with First Data on the First Data Nashville interface for the past year. The development work is complete, and pcAmerica is currently awaiting the certification from First Data, and the completion of its PCI Compliance audit for this interface. This is expected to be released by the end of the year. The North and BuyPass interfaces will likely not be migrated, so businesses should contact their pcAmerica dealer or First Data to ensure they can use the Nashville platform. This will work for retail stores.
Cayan (previously Merchant Warehouse). pcAmerica will be working on the interface to Cayan’s Genius platform, which is their path to EMV. The estimated completion timeframe for this interface is Q1 of 2016.
The direct interfaces for First Data (Restaurant), Chase PaymentTech, Vantiv and TSYS will not be migrated to EMV, however pcAmerica will likely support some or all of these through a “middleware” approach. Users will not notice a functional difference between a ‘direct interface’ and a ‘middleware interface’. This will still be a seamless EMV payment experience, however additional fees may be incurred from the above processors, the middleware provider or pcAmerica. Approval and explanation of most of these interfaces will be released throughout Q4 2015.
The CoCard interface will not be migrated to EMV, however CoCard can configure any CoCard merchant accounts to work on the above First Data or middleware interfaces. Businesses should contact their pcAmerica dealer or CoCard in order to change over.
The SecureNet interface will not be migrated to EMV. Any businesses currently using SecureNet should migrate to Heartland Payment Systems or one of the other above card processors.
PC Charge, a middleware software package developed by Verifone, has been discontinued by Verifone and therefore will not support EMV. This was a decision by Verifone - not pcAmerica.
Do I need to purchase new payment terminals or pin pads? Yes. If you do not currently have a payment terminal (where you could enter pin numbers, etc), you will need one for EMV. Businesses that do have existing pin pads will need to purchase new ones, as the legacy pin pads are either not capable or not certified to properly accept EMV. If you are using Heartland Payment Systems, pcAmerica offers these terminals with a 6-month, no-interest financing plan. If you are using a different processor, please contact your point of sale dealer or your payment processor in order to purchase your pin pads.
Which pin pad should I purchase? Different processors have certified different pin pads to be compatible with EMV transactions on their processing network. It is best to ask your pcAmerica Dealer or Account Manager, as well as your credit card processor, which pin pad you should use. pcAmerica recommends that you do NOT purchase a pin pad until the EMV interface for your processor is up and running - some processors have changed their pin pad recommendation several times before certification is complete.
Where do I purchase my pin pad from? If you are processing with Heartland Payment Systems, you can purchase your pin pads from your Authorized pcAmerica Reseller or directly from pcAmerica. If you are using a different processor, you should contact our Authorized pcAmerica Reseller or your payment processor. EMV Pin pads must be encrypted and configured before they are installed in your business, and that is typically handled by the processor and their partners.
Do I need to purchase an update to my pcAmerica software? Your point of sale systems should be on the latest EMV-ready version of Cash Register Express or Restaurant Pro Express. This requires an active technical support and upgrades contract either through your Authorized pcAmerica Reseller or directly with pcAmerica. pcAmerica now has a monthly subscription model available - this makes it easier and more affordable to stay on the support and upgrades plan, and also includes free cloud-based dashboard reporting with the subscription.
Does my POS system need other upgrades? It depends on the age of your point of sale system and its associated operating system. The latest versions of pcAmerica point of sale software, which will be EMV-ready, only work on Windows 7 or above. Older version of Windows, such as Windows XP, are no longer being supported by Microsoft and are not considered PCI Compliant. Businesses should update their equipment to a more modern version of Windows and ensure their hardware has sufficient power to run these more modern operating systems. In addition, depending on the pin pad selected, your computer or network may need additional connectivity.
Why does my business have to incur the costs of migrating to EMV? The migration to EMV is being driven by the card brands, the issuing banks and some larger retailers. The United States is the last large, developed country in the world to make this migration. Most companies involved in the payment chain - including point of sale developers, such as pcAmerica - have had to invest significant amounts of time and money in order to accommodate the migration to EMV. By introducing the liability shift, the card brands have introduced a “carrot and stick” approach - the “stick” is retailers investing in payment terminals that support EMV, which will give them the “carrot” of not being liable for fraudulent charges.