EMV chip and pin liability shift hidden merchant risk

EMV terminal and EMV technology selection can impact merchant liability depending on chip and pin capabilities and management of them. Use this information to ask key questions before selecting an EMV solution.

Liability shift for stolen cards for MasterCard, American Express, and Discover

  • If the card is chip & sign, and the terminal is EMV only, the card issuer is liable
  • If the card is chip & pin, and the terminal is EMV only, the merchant is liable
  • If the card is chip & pin, and the terminal is EMV with pin, the issuer is liable

What if the terminal supports EMV & pin, but the customer does chip & sign? The merchant is liable.  Acquirers generally support chip and pin bypass to chip and signature. The only way to effectively manage liability is to steer customers to the action protecting the merchant.

emv fraud liabilityTerminals may be able to be programmed to disable pin bypass; First Data ships terminals with PIN bypass disabled.

  • Integrated payment gateways and and standalone virtual terminals can also drive terminals; because the terminals have no programming, the payment technology must have the capability to dynamically determine the best way to process, and prompt the consumer to the actions allowed. This is a tall order for most gateways, as they do not have that type of dynamic capability, and or, the gateway may not have the needed EMV certification. CenPOS disables the consumers ability to select signature over pin at the POS.

The entire EMV transaction process is certified. If an EMV certified terminal, including integrated or non-integrated payment gateway with terminal, doesn’t support the option to require chip and pin when the card issuer supports it, merchants need to weigh the associated financial risks.

 

Credit Card Processing and EMV For Business to Business

Are business to business merchants being steered to expensive EMV credit card processing solutions? Yes. Too many banks, acquirers and software companies have limited EMV terminal solutions, and none of them are the best solution for business to business (b2b) companies that have a retail component.

Critical Credit Card Processing Needs for Business to Business

  1. Level 3 processing to reduce merchant fees. level 3 interchange rates
  2. Card not present risk mitigation for key entered and online payments, including securing card data collection, and preventing fraud.
  3. Token billing to securely store card data for variable recurring billing.
  4. Flexibility to collect payments from multiple sources and multiple payment types.

Common B2B EMV terminal solutions

There are two types of terminals. The most common type has software loaded on the terminal. For example, the Verifone VX520 with Vx820 EMV & NFC pinpad.

Verifone VX520 VX805 EMV terminal

Verifone VX520 with VX805 EMV terminal

The second type requires an internet connection to a payment gateway. The gateway  manages the terminal, which is essentially a slave to the gateway.

ingenico isc250 signature capture terminal

ingenico isc250 touch signature capture terminal with EMV and NFC.

The first option above doesn’t meet any of the critical B2B needs, yet is the most common solution offered to every company, without regard to business type. The second option is capable of meeting critical B2B needs, but only if the payment gateway supports them.  The only payment gateway with EMV certified terminal and level III processing retail certification is CenPOS. CenPOS is a merchant-centric, end-to-end payments engine that drives enterprise-class solutions for businesses, saving them time and money, while improving their customer engagement. CenPOS’s secure, cloud-based solution optimizes acceptance for all payment types across multiple channels without disrupting the merchant’s banking relationships. 3D Merchant Services is an authorized CenPOS reseller.

Business to business merchants with a retail business element are advised to consult with a payments expert who offers level III processing for retail. The rest doesn’t matter if this need cannot be met, so it’s an easy way to differentiate those who are selling whatever they have to offer and those who are solving problems to make your business more profitable.

EMV payment systems – payment gateway certification list

Which payment gateways have an EMV certified terminal solution today? Not many. Our lists include gateways with an EMV chip card acceptance solution that can be enabled today, those that are working on it, and those that are not going to integrate.
POS software can integrate a payment gateway to segregate payments from applications, and reduce PCI Compliance scope. The payment gateway is responsible for EMV equipment certifications to each acquirer, in addition to P2PE and other features that may be available.

Agnostic Payment Gateways with US EMV certified terminal solutions today

  • CenPOS – standalone or integrated ** . The Verifone MX915 and Ingenico ISC250 are both certified today, with additional pending. Certifications include First Data, Tsys with chip and pin. Click here to see CenPOS EMV chip card transaction.

    verifone MX915 EMV terminal

    Verifone MX915 multilane signature capture terminal.

Acquirer or Software Dependent Payment Gateways with integrated gateway US EMV certified terminals today

Payment Gateways planning to certify US EMV terminals

Payment Gateways and Software Vendors not planning to certify US EMV terminals:

These First Data Independent Software Vendors (ISV’s) are not planning to do EMV certification *. Since First Data is one of the largest acquirers, it may be reasonable to assume the gateways will not certify to any acquirer. The ISV’s may have a replacement product, thus that’s the reason for not planning to certify.

• Delta Systems
• Forte Payments
• Skip Jack
• Future POS
• Payment Processing, Inc.
• PayTrace
• Pronto Software
• onePOS
• Rocketgate

* Source: First Data EMV update handout

** CenPOS Sales & Integrations:  Contact Christine Speedy 954-942-0483, authorized reseller.

EMV chip card transaction video – Verifone MX915 with CenPOS Virtual Terminal

Merchants will improve their customer experience accepting chip cards by training all users and cashiers. The transaction process is different for EMV than standard swipe transaction, in order to support the different flow for processing chip cards.

In 60 seconds, CenPOS users can view the new screen prompts for the cashier and the consumer to process a chip and signature and a chip and pin transaction.

TIP:  Having an EMV capable terminal does not mean a merchant is ready to accept chip cards. In the CenPOS environment, if a merchant installed a future proof, EMV capable terminal to get ready for EMV, the next step is to convert to EMV enabled. This always requires turning on EMV at the merchant account level, in addition to other steps. CenPOS has completed certifications for multiple terminals and acquirers to enable merchants to become EMV Compliant today. Contact your relationship manager for assistance.

If you’re not a current CenPOS customer, contact Christine Speedy for sales and integrations at 954-942-0483. Don’t just get ready, get EMV Compliant.

Level 3 Gateway

Level 3 payment processing requires a level 3 gateway, but most merchants don’t realize how big an impact gateway selection has on merchant fees paid.

Merchants selling to other businesses or the government benefit from Level 3 processing and the savings this provides on commercial, purchasing and government transactions by processing level 3 Data. What gateway companies won’t tell you, is that not only do you need to send special data, but there are a bunch of rules to qualify for Data Rate III interchange rates as shown in the image below. Don’t follow the rules, and you’ll pay Data Rate I or Standard.

level 3 interchange ratesWhat are the rules? For starters, there are additional fields that must be submitted with the transaction. All the level 3 gateways support submitting the data, though they may do it in different ways. There are other rules such as the authorization and settlement amount must match. It’s unrealistic to expect any user to know all the rules for any transaction to qualify at the lowest interchange rate, so a payment gateway that automates that process is critical. This is where most payment gateways fail. They can submit data, but have no intelligence to help merchants comply with qualification rules.

What gateway supports level 3 for retail, kiosk, mobile or any swiped transaction? CenPOS.

Gateways must certify level 3 to each acquirer, also known as payment processor, or credit card processor. The certifications can include for retail, retail EMV, MOTO (Mail Order Telephone Order), and ecommerce. Very few gateways certify level 3 for all sales channels. The only one I’m aware of that’s certified retail and retail EMV is CenPOS.

Gateways supporting level 3 for MOTO:

What level 3 gateway is compatible with First Data? CenPOS, First Data Global Gateway e4 – now called Payeezy. While CenPOS automates level III processing, First Data has multiple optional steps after the sale, leaving compliance up to the individual user; additionally, their method does not guarantee that all rules will be met to qualify for level III interchange rates. Authorize.net and Payflow Pro offer level III with certain API’s only.

What level 3 gateway is compatible with Vantiv or NPC? CenPOS

What level 3 gateway is compatible with Chase Paymentech? CenPOS, Paymentech Orbital, PayTrace. Paymentech and Paytrace have optional extra steps, leaving compliance up to the individual user; additionally, their methods do not guarantee that all rules will be met to qualify for level III interchange rates. Authorize.net and Payflow Pro offer level III with certain API’s only.

What level 3 gateway is compatible with Tsys? CenPOS, eProcessing Network, Authorize.net and Payflow Pro offer level III with certain API’s only

What level 3 gateway is compatible with Moneris? CenPOS

What about Revolution Payments, Vantage Card Services and other gateways not listed here? In most cases, the company is a reseller of a gateway listed above, not a gateway manufacturer. Network Merchants, LLC (NMI) distributes a white label solution that supports level 3 data, but there’s no public information about acquirer certification; BluePay and 3DSI also offer level 3, but it’s unclear what acquirers. Please add your suggestions in comments.

As of September 15, 2015, of the brands listed in this post, only CenPOS has both certified EMV terminals to accept chip cards with their gateway, and has also certified level 3 processing for all sales channels via any method, including API, virtual terminal, and online payments.