EMV in Hotels Observations and Considerations



Similar documents
How To Comply With The New Credit Card Chip And Pin Card Standards

EMV and Small Merchants:

What is EMV? What is different?

EMV FAQs. Contact us at: Visit us online: VancoPayments.com

EMV and Restaurants: What you need to know. Mike English. October Executive Director, Product Development Heartland Payment Systems

What Merchants Need to Know About EMV

Payments Transformation - EMV comes to the US

Understand the Business Impact of EMV Chip Cards

Card Network Update Chip (EMV) Acceptance in the United States At-A-Glance

EMV Frequently Asked Questions for Merchants May, 2014

EMV : Frequently Asked Questions for Merchants

EMV and Chip Cards Key Information On What This Is, How It Works and What It Means

Credit Card Processing, Point of Sale, ecommerce

welcome to liber8:payment

A Brand New Checkout Experience

A Brand New Checkout Experience

EMV and Restaurants What you need to know! November 19, 2014

U.S. Smart Card Migration: Stripe to EMV Claudia Swendseid, Federal Reserve Bank of Minneapolis Terry Dooley, SHAZAM Kristine Oberg, Elavon

THE FIVE Ws OF EMV BY DAVE EWALD GLOBAL EMV CONSULTANT AND MANAGER DATACARD GROUP

OpenEdge Research & Development Group April 2015

Heartland Secure. By: Michael English. A Heartland Payment Systems White Paper Executive Director, Product Development

toast EMV in 2015: How Restaurants Can Prepare for the New Chip-and-Pin Standard

Secure Payments Framework Workgroup

Chip Card (EMV ) CAL-Card FAQs

EMV EMV TABLE OF CONTENTS

Fall Conference November 19 21, 2013 Merchant Card Processing Overview

Dates VISA MasterCard Discover American Express. support EMV. International ATM liability shift 2

Preparing for EMV chip card acceptance

FUTURE PROOF TERMINAL QUICK REFERENCE GUIDE. Review this Quick Reference Guide to. learn how to run a sale, settle your batch

U.S. Bank. U.S. Bank Chip Card FAQs for Program Administrators. In this guide you will find: Explaining Chip Card Technology (EMV)

EMV FOR U.S. ACQUIRERS: SEVEN GUIDING PRINCIPLES FOR EMV READINESS

NEWS BULLETIN

Cash 257 Merchant Services and Revenue Collection

American Express Contactless Payments

The Comprehensive, Yet Concise Guide to Credit Card Processing

Implication of EMV Migration for the U.S. Transportation Industry. May 1, Implication of EMV Migration for the U.S. Transportation Industry

EMV's Role in reducing Payment Risks: a Multi-Layered Approach

Visa Recommended Practices for EMV Chip Implementation in the U.S.

CPIM Academy. Cash 257 Merchant Services and Revenue Collection

OpenEdge Research & Development Group April 2015

PREPARING FOR THE MIGRATION TO EMV IN

THE ROAD TO U.S. EMV MIGRATION Information and Strategies to Help Your Institution Make the Change

Mobile Near-Field Communications (NFC) Payments

We believe First Data is well positioned to take advantage of all of these trends given the breadth of our solutions and our global operating

Practically Thinking: What Small Merchants Should Know about EMV

EMV FAQs for developers

PCI DSS 101 FOR CTOs AND BUSINESS EXECUTIVES

What Issuers Need to Know Top 25 Questions on EMV Chip Cards and Personalization

The Canadian Migration to EMV. Prepared By:

U.S. House Small Business Committee. On Behalf of the National Grocers Association. October 6, 2015

EMV Overview. Get Familiar with EMV & Our Plans to Support it

Payment Methods. The cost of doing business. Michelle Powell - BASYS Processing, Inc.

Visa U.S. Merchant EMV Chip Acceptance Readiness Guide. 10 Steps to Planning Chip Implementation for Contact and Contactless Transactions

How To Protect Your Restaurant From A Data Security Breach

A Guide to EMV. Version 1.0 May Copyright 2011 EMVCo, LLC. All rights reserved.

Visa U.S. Merchant EMV Chip Acceptance Readiness Guide. 10 Steps to Planning Chip Implementation for Contact and Contactless Transactions

Frequently asked questions - Visa paywave

Introductions 1 min 4

A RE T HE U.S. CHIP RULES ENOUGH?

Planning For EMV Technology. Your Guide to Making the Transition

Flexible and secure. acceo tender retail. payment solution. tender-retail.acceo.com

The Merchant and EMV: What You Need to Know to Prepare for the Magstripe to EMV Transition

How To Control Credit Card And Debit Card Payments In Wisconsin

The Adoption of EMV Technology in the U.S. By Dave Ewald Global Industry Sales Consultant Datacard Group

EMV ADOPTION AND ITS IMPACT ON FRAUD MANAGEMENT WORLDWIDE

Emerging Trends in the Payment Ecosystem: The Good, the Bad and the Ugly DAN KRAMER

How to Prepare. Point of sale requirements are changing. Get ready now.

Visa U.S. Merchant EMV Chip Acceptance Readiness Guide. 10 Steps to Planning Chip Implementation for Contact and Contactless Transactions

Plotting a Course for EMV Compliance

EMV Acquiring at the ATM: Early Planning for Credit Unions

Your Reference Guide to EMV Integration: Understanding the Liability Shift

Table of Contents. Overview. What is payment processing? Who s Who. Types of Payment Solutions. Online Transactions. Interchange Process

Card Technology Choices for U.S. Issuers An EMV White Paper

Data Security Basics for Small Merchants

MasterCard Contactless Reader v3.0. INTRODUCTION TO MASTERCARD CONTACTLESS READER v3.0

PCI DSS FAQ. The twelve requirements of the PCI DSS are defined as follows:

Travel Card. Cardholder Frequently Asked Questions. June 2014 T.FQ.S E

FOR A BARRIER-FREE PAYMENT PROCESSING SOLUTION

ICS Presents: The October 1st 2015 Credit Card Liability Shift: This Impacts Everyone!

Failure to follow the following procedures may subject the state to significant losses, including:

PCI and EMV Compliance Checkup

Information about this New Guide

Target Security Breach

Newtek, The Small Business Authority 855-2thesba thesba.com 855-2thesba

American Bankers Association

Guideline on Debit or Credit Cards Usage

EFTPOS Merchant Facilities Quick Reference Guide

E M V I M P L E M E N TAT I O N T O O L S F O R S U C C E S S, P C I & S E C U R I T Y. February 2014

Office of Finance and Treasury

PayPass M/Chip Requirements. 10 April 2014

Credit card: permits consumers to purchase items while deferring payment

PCI 3.1 Changes. Jon Bonham, CISA Coalfire System, Inc.

Fiscal Service EMV Education Series EMV-Compliant Point-of-Sale Card Acceptance for Federal Agencies. Fiscal Service / Vantiv July 27, 2015

NCR Secure Pay FAQ Updated June 12, 2014

Credit Card Processing Overview

A Guide to EMV Version 1.0 May 2011

EMV Chip and PIN. Improving the Security of Federal Financial Transactions. Ian W. Macoy, AAP August 17, 2015

FAQ on EMV Chip Debit Card and Online Usage

ACQUIRER OR ACQUIRING BANK A financial institution (often a bank) where a merchant has an account to process transactions and card payments

Protecting Cardholder Data Throughout Your Enterprise While Reducing the Costs of PCI Compliance

Transcription:

EMV in Hotels Observations and Considerations Just in: EMV in the Mail Customer Education: Credit Card companies have already started customer training for the new smart cards. 1

Questions to be Answered What is EMV? What does the October Mandate mean? What will EMV look like? How does EMV help? Will EMV cost me more? How does EMV help with security and with my PCI Audit? Should I implement EMV sooner than later? Glossary of Terms EMV = Europay, MasterCard and Visa EMV Dip = the insertion of the chip card into the new card readers CVM = card verification method Chip and PIN = dipping the EMV card and entering your PIN Chip and Signature = dipping your EMV card and sampling signing the receipt Smart cards = EMV cards Card Present = credit card transactions when the credit card is physically in hand Card Not Present = any other transaction where the credit card is physically not present P2PE = Point to Point Encryption prevents both manual and swiped credit card data from being stolen Tokenization = replaces credit card numbers in databases with values that only the hotel system can understand and use 2

What is EMV? EMV started in France in about 1992, when 3 organization came together to create a standard for credit card payments designed to: combat fraud process offline EMV was legally mandated and adopted in Europe in 2005. EMV utilizes an embedded chip on the card rather than the magnetic stripe on the back of the credit card. EMV transactions involve inserting the payment card into a slot on the payment terminal and allowing the applications on the card s chip to interact with the applications on the payment terminal in some cases, communication to the outside world is not needed. EMV transaction involves verifying not only that the card is valid, but the cardholder is valid as well. What is the U.S. October 2015 Mandate? The U.S. mandate is not a legal mandate rather it is a set of merchant incentives that encourage merchants to adopt the chip technology There are no fines or penalties associated with EMV deployment yet There are some real benefits for hoteliers for implementing EMV Chargeback liability relief Limited credit card breach protection Opportunity to upgrade to newer terminals that can do more 3

October 2015 and Liability Benefits Visa MasterCard American Express Discover October 2015 October 2015 The party that is the cause of a contact chip transaction not occurring will be financially liable for any resulting card present counterfeit fraud losses. Does not include automated fuel dispensers (AFD). MC ADC relief takes effect (100%). If at least 95% of MasterCard transactions originate from EMV compliant POS terminals, the merchant is relieved of 100% of ADC penalties. MC liability hierarchy takes effect (excluding AFD). October 2015 American Express will institute a fraud liability shift (FLS) policy that will transfer liability for certain types of fraudulent transactions away from the party that has the most secure form of EMV technology. October 2015 Discover will institute a FLS. This FLS policy will be a risk based payments hierarchy that benefits the party that leverages the highest level of available payments security. What does EMV do? The Chip Technology accomplishes several basic things: Better authenticates the card and the cardholder (especially if PINs are used) Better Supports Offline Processing Prevents Fraudulent Card Duplication Forces upgrades to old technology 4

EMV Fraud Behavior Shifts 2012 2005 2015 Credit fraudsters will always look for the weakest link to try to ply their trade. 2010 Chip and PIN vs Chip and Signature Chip and PIN: card insertion + PIN input (more secure) Chip and Signature: card insertion receipt signature (either electronic or paper signature) [less secure] Most of the world s EMV implementations operate in Chip and PIN mode. The US will implement both, but most card brands are expected to be primarily Chip and Signature, so Chip and Choice. The decision whether a consumer is to use Chip and PIN or Signature is made by a number of factors: A. The Issuing Bank Decides the CVM embedded in the card s chip B. The merchant who deploys the terminals that can take a PIN C. The Gateway (if applicable) who is the liaison between the merchant and the banking networks 5

Why Chip and Choice? The Durbin Amendment to the Dodd Frank Financial Reform Act requires that a choice be given to merchants on how they wish to process debit transactions. Debit transactions are very close to EMV transactions, therefore, Chip and Choice. Resetting of the PIN In most of the rest of the world, Chip and PIN started with the ATM infrastructure. This allowed cardholders to reset their PIN numbers easily at the ATM if and when they needed to do it for a myriad of reasons. Payment experience in many locations. Customer familiarity and convenience vs EMV security. EMV Devices choices 6

EMV Players What s Taking So Long? EMV Certifications are lengthy there are approximately 2500 individual tests that need to be run and passed to become validated As the deadline approaches and the technology players finish their sprints to meet customer demand, the certifications queues are filling up and many companies are in line waiting for certification resources Each EMV certification requires each card type to be certified with each device with each processor (and gateway if applicable). Any changes to hardware or software in the EMV transaction path require full recertification. Many industry experts assumed that the U.S. would mimic Europe and Canada and defer the EMV mandate for several years, apparently that is not happening so the is on. EMV Integrated vs Stand Alone Stand Alone Many banks offer stand alone or stand beside terminals to process EMV. These devices are sold by the credit processor and the EMV transaction would connect directly Devices and direct processing is typically cheaper (fees and hardware) Terminals are not integrated so a manual porting over of data into the PMS would need to occur Stand alone terminals tend to lock in a merchant with their credit processor since moving to another process might be more difficult Credit processors may typically only offer limited device choice Credit processors tend to treat everyone like retail and do not typically offer Hotel grade security products Integrated Integrated solutions tend to require a gateway in between the PMS and the credit processor Gateways tend to make function and reporting more seamless to the users Gateways also tend to offer more choice of credit processors, better and more tailored security, better and more tailored support, and a variety of devices choices Disadvantages of gateways are that they tend to increase costs and dictate when choices are available 7

Will EMV Cost More? Yes. Costs will definitely increase. Fact: everyone s costs are expected to increase. Banks chip cards cost more to produce Credit processors the processing infrastructure needs to accommodate the new data and support Gateways processing infrastructure, equipment deployment, configuration, support, and training Device manufacturers new terminals are more powerful and can do more. Example, NFC, scrolling advertisements, and offline. Property management system manufacturers supporting EMV might require a version upgrade, installation and configuration costs, network configuration and maintenance, and training No one is expected to eat the increased costs which will likely result in an increase of fees and service charges Hidden costs? New Security Measures keeping a safe at the front desk? EMV in Hotels What does it look like? EMV will require new credit card devices on the front desk. Affixed to the front desk or tethered behind counter? EMV and Mobile. Networking, Bluetooth vs Wi Fi, device addressing will require significant thought and configuration EMV and Speed. The EMV authorization process is slower than today s magstripe authorization due to conversation or prompting between the device and the customer Hotel and Fraud. Hotels generally do not have a card present fraud problem (someone checking in with a counterfeit plastic credit card). Recent published hotel fraud rates are less than a basis point. Front Desk Future? EMV is technology to enhance a process the hotel industry has been trying to get rid of for decades the front desk check in process 8

Hotels Are Generally NOT Card Present Card Not Present CRS Reservations Card on File authorizations Batching/Settlements Call Center reservations Hotel Website reservations Incremental authorizations Authorization reversals Advance Deposits Back office accounting Refunds Loyalty/Membership signups Card Present Check in swiped or EMV dipped Check in manual card entry EMV Eligible Card Not Present 9% 67% Magstripe or manual entry 24% EMV s Effect on PCI Both Visa and MasterCard have offered programs to promote early adoption of EMV. These programs, while not eliminating any of the requirements of PCI, do provide merchants with latitude on validating their requirements. In order to qualify a hotelier must have: o an EMV solution fully implemented for both contact and contactless cards o the bulk of the merchant s card present transactions must originate through dual interface chip enabled terminals. The exact percentage of transactions is available on the Visa and MasterCard websites. While the merchant can gain some relief in the validation process, these programs in no way affect the base merchant requirement to maintain a fully PCI compliant payment card environment. 9

The Role of Current PCI Technologies Tokenization replaces card numbers in databases with tokens Point to Point Encryption from the point of contact with the card reading device, the card data is wrapped in encrypted technology Hosted Payment Pages Direct posting of credit card on websites for tokenization Reservation Tokenization Tokenizing directly with reservation systems Call Center and Accounting Encryption deploying cheap encrypting keyboard pads to encrypt manual input of credit cards for call centers, reconciliation centers, accounting, etc Email and Paper Fax Tokenization scrubbing emails and faxes of credit card numbers (sales and catering bookings, room bookings from third parties, etc ) Corporate Card Reporting Tokenization tokenizing the corporate card files that are transmitted to companies that specialize in processing those files + EMV? (why not?) EMV will add to the security mix, but is not by itself the security magic bullet Where Are Breaches Happening? RESTAURANTS OTHER RETAIL QSR'S B2B SUPERMARKETS LODGING 2011 2012 2013 Jun 14 * Courtesy of Visa 10

The Hotel Omni Channel Security Challenge PRE TOKENIZATION AND OTHER SECURITY TECHNOLOGIES Call Center Reservations Sales & Catering Spa Loyalty and Membership GDS/ADS Golf Hotel PMS Hotel Website Ecommerce Corporate Card Reporting Back Office Retail Restaurant Direct Reservations The Hotel Omni Channel Security Challenge AND WHAT CURRENT SECURITY TECHNOLOGIES + EMV SOLVE Call Center Reservations Sales & Catering Spa Loyalty and Membership GDS/ADS Golf Hotel PMS Hotel Website Ecommerce Corporate Card Reporting Back Office Retail Restaurant Direct Reservations 11

EMV Is it too late? EMV is being mandated by October of 2015, but is it too late? There are a myriad of competing technologies emerging. How much technology are merchants, especially hoteliers willing to support and spend for? Why you should deploy EMV NOW? EMV will help reduce your card present fraud You will play your part in preventing others from being victims of card fraud You will get chargeback relief and in some cases breach protection (MasterCard if PIN is supported) The credit industry and government may someday force you to. Currently, there are incentives to implement EMV. However, if Europe is an example, retailers did not truly invest into the technology until fines and penalties were involved. Are we any different? Brand reputation there is so much misinformation out there about what EMV does that not implementing it may lead your guests to think you don t care about security There might be residual PCI benefits 12

Hoteliers why you should wait on EMV? The October Liability shift doesn t do much for hotels since they don t have a fraud problem in the first place The longer hotels wait to deploy EMV, the: greater device choice hotels will have greater credit processor choices hotels will have greater competition will be among gateways and processors which in turn is expected to drive costs down Adoption will consumers embrace the new process? The 2015 usage of EMV chip cards is expected to be pathetically low. 2016 will increase exponentially, but will the usage outweigh the costs of deploying the new technology? In the scramble to get EMV out will the industry get it right? EMV in the hotel world is still relatively new especially in an integrated fashion and especially in a market as big as the U.S. What YOU should do? Fact: you are going to have to support this technology someday Some may have no choice but to implement EMV (corporate mandates are an example) Find trusted advisors and ask tough questions Perform cost/benefit analysis of implementing or not Inform yourself read security blogs, opinion articles, ask vendors serious questions on implementation timing, device availability, costs, support, and training Understand what happens if you decide to delay or defer Don t panic 13

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information