EMV Continues to Concern Restaurants
Hospitality Technology’s Restaurant Executive Summit, offers restaurant leaders ample opportunities for invaluable peer-to-peer networking and idea-sharing. During an informal roundtable discussion at the 2016 summit on Nov. 8, industry colleagues discussed the current state of EMV adoption in the restaurant industry. Foregoing prior history, the mandated liability shift for EMV for non-fuel U.S. retailers and hospitality providers occurred in October 2015, more than a year before this discussion.
While the deadline had long since passed, these restaurant operators revealed that that prior to EMV becoming buzz-worthy, they were already doing their homework on how best to deal with the mandated liability shift. Operators at the table represented chains ranging from less than a dozen restaurants to nationwide outfits of more than 1,000 locations. These restaurateurs had performed cost analyses and expected value calculations on likely scenarios that were representative of what they might face.
In some cases, the rational decision was to deploy the hardware, software and services necessary to fully meet the deadline and thereby avoid any fees or penalties. Two companies at the table did just that. In other cases, the decision was made to do something other than a full technology deployment. That ranged from doing nothing at all (and happily paying whatever fees/fines/chargebacks were levied) to deploying sufficient technology to mitigate (but not eliminate) the full potential risk. One restaurateur stated the entire level of chargebacks the previous year was considerably less than the tens (if not hundreds) of thousands of dollars necessary to fully meet the liability shift’s requirements.
When discussing the chargeback issue, the restaurant industry professionals mentioned that they were being affected in different ways. For instance, in the case of chains that had yet to be certified as being EMV compliant, some had noticed a spike in chargeback activity, including for lost and stolen cards. This was concerning because retailers and restaurateurs are not supposed to be liable for this type of activity under guidelines. To that point, one restaurateur indicated that even after providing time-stamped video footage of a charged-back transaction that clearly showed the perpetrator, the bank refused to reverse the chargeback.
According to some restaurateurs, this increased chargeback activity wasn’t limited to those who were not yet EMV compliant. Lost and stolen cards are being targeted at restaurants where Chip & Signature is employed, since the card is (typically) still a valid card even though the user isn’t a valid user. Less-than-honest consumers are getting in on the act, as well. If the consumer claims a charge on a valid card by a valid user is invalid, the path of least resistance for the financial institution is a chargeback to the restaurant. Transactions involving large gift card purchases and large dining parties were cited by some of those at the table as being the cause of many chargebacks.
In a move that sounds like it came right out of Joseph Heller’s Catch 22, some retailers and restaurateurs have responded to the fraudulent chargeback activity of the financial institutions in a unique but entirely foreseeable manner. Simply, in clear violation of PCIDSS standards, some retailers and restaurateurs are storing the very Track 2 card data that PCI and EMV was supposed to protect. They are doing this in order to maintain an audit trail in an effort to contest the increasingly fraudulent chargeback activity.
How have the banks responded? This particular discussion occurred within six months of a handful of lawsuits filed on behalf of merchants of all shapes and sizes. Some of the lawsuits are progressing. Restaurants are hoping the outcomes of the lawsuits might provide some relief down the road. At this particular table, the restaurateurs were almost unanimous in feeling that banks and financial institutions did not show much concern about the plights faced by restaurants. This seems to be particularly evident from the bank's willingness to issue chargebacks and their lack of responsiveness to requests for EMV certification. Some operators commented that the banks and card issuers didn’t really show much interest until after lawsuits started getting filed.
Lee Holman also co-authored the IHL Group study titled EMV: Retail’s $35Billion “Money Pit,” published in May 2015.
While the deadline had long since passed, these restaurant operators revealed that that prior to EMV becoming buzz-worthy, they were already doing their homework on how best to deal with the mandated liability shift. Operators at the table represented chains ranging from less than a dozen restaurants to nationwide outfits of more than 1,000 locations. These restaurateurs had performed cost analyses and expected value calculations on likely scenarios that were representative of what they might face.
In some cases, the rational decision was to deploy the hardware, software and services necessary to fully meet the deadline and thereby avoid any fees or penalties. Two companies at the table did just that. In other cases, the decision was made to do something other than a full technology deployment. That ranged from doing nothing at all (and happily paying whatever fees/fines/chargebacks were levied) to deploying sufficient technology to mitigate (but not eliminate) the full potential risk. One restaurateur stated the entire level of chargebacks the previous year was considerably less than the tens (if not hundreds) of thousands of dollars necessary to fully meet the liability shift’s requirements.
When discussing the chargeback issue, the restaurant industry professionals mentioned that they were being affected in different ways. For instance, in the case of chains that had yet to be certified as being EMV compliant, some had noticed a spike in chargeback activity, including for lost and stolen cards. This was concerning because retailers and restaurateurs are not supposed to be liable for this type of activity under guidelines. To that point, one restaurateur indicated that even after providing time-stamped video footage of a charged-back transaction that clearly showed the perpetrator, the bank refused to reverse the chargeback.
According to some restaurateurs, this increased chargeback activity wasn’t limited to those who were not yet EMV compliant. Lost and stolen cards are being targeted at restaurants where Chip & Signature is employed, since the card is (typically) still a valid card even though the user isn’t a valid user. Less-than-honest consumers are getting in on the act, as well. If the consumer claims a charge on a valid card by a valid user is invalid, the path of least resistance for the financial institution is a chargeback to the restaurant. Transactions involving large gift card purchases and large dining parties were cited by some of those at the table as being the cause of many chargebacks.
In a move that sounds like it came right out of Joseph Heller’s Catch 22, some retailers and restaurateurs have responded to the fraudulent chargeback activity of the financial institutions in a unique but entirely foreseeable manner. Simply, in clear violation of PCIDSS standards, some retailers and restaurateurs are storing the very Track 2 card data that PCI and EMV was supposed to protect. They are doing this in order to maintain an audit trail in an effort to contest the increasingly fraudulent chargeback activity.
How have the banks responded? This particular discussion occurred within six months of a handful of lawsuits filed on behalf of merchants of all shapes and sizes. Some of the lawsuits are progressing. Restaurants are hoping the outcomes of the lawsuits might provide some relief down the road. At this particular table, the restaurateurs were almost unanimous in feeling that banks and financial institutions did not show much concern about the plights faced by restaurants. This seems to be particularly evident from the bank's willingness to issue chargebacks and their lack of responsiveness to requests for EMV certification. Some operators commented that the banks and card issuers didn’t really show much interest until after lawsuits started getting filed.
Lee Holman also co-authored the IHL Group study titled EMV: Retail’s $35Billion “Money Pit,” published in May 2015.