Is EMV DOA in Restaurants?
The global standard for chip enabled payment cards, known as EMV, was implemented in Europe in the late 1980s by Europay, Master Card and Visa. EMV promotes a more secure payment infrastructure with lower risk and lower fraud potential that should benefit the entire payment ecosystem. While Europe has been in the EMV business for twenty-five years, EMV implementation into the U.S. market has created quite a stir as uncertainty and misinformation permeate the marketplace. Sources of confusion are many as the card brands, issuers and equipment manufacturers grapple over the basic EMV standards and protocols necessary to secure and monetize this new form of payment.
Card brands are incentivizing EMV adoption by instituting the EMV liability shift in October 2015 but merchants are struggling to understand and rationalize the impact. The basic concept is simple: if a consumer presents an EMV capable card that cannot be transacted as EMV, then the party not in EMV compliance is held responsible for the liability if the transaction is fraudulent. Complexity and confusion arise as protection can vary based on the card brand being presented, the merchant’s industry vertical, and merchant’s payment terminal capability.
While EMV capable restaurants should benefit from the liability shift and welcome protection from chargebacks from card-present fraud, the reality is that protection from this specific chargeback may not be a major financial incentive for most restaurants. This protection is much more important to retailers selling high-end televisions and computers than it is to restaurants selling burgers and fries. To be fair, card-present fraud chargeback protection may be valuable at certain high ticket fine dining establishments but for the vast majority of restaurants, this protection is simply not a major financial incentive.
Security at the cost of speed of service
Implementing EMV can be a major challenge for restaurants. On a positive note, EMV probably signals the end of dialup, which is a good thing. Unfortunately, EMV will bring back dialup-like transaction times, which will be particularly problematic for QSRs, fast casuals and any concept concerned about speed of service. An EMV transaction is process intensive and more complex than a simple mag swipe. The consumer must insert his/her card into the EMV reader before the transaction is sent to the terminal and the card must remain in the terminal for the duration of the transaction. This is curiously known as dipping. Once the consumer dips his card, a series of encrypted keys and cryptographs are exchanged to validate the card and the transaction is processed. An EMV transaction can take up to a mind numbing thirty seconds to complete.
EMV poses a challenge at drive-thrus: QSRs hesitant to invest in tethered card readers that must be passed through drive thru windows to allow the consumer to dip his/her EMV card and then wait for thirty seconds while the transaction is processed. Table Service has EMV implications as well. EMV could be an incentive for table-service restaurants to embrace pay at the table, which should be greeted enthusiastically by consumers but at what cost and what increased level of security? There are plenty of nice solutions coming to market but, again, EMV alone does not provide the financial incentive to justify to cost. EMV adoption in restaurants will require a relatively large capital investment and will result in significantly slower transaction times, awkward drive thru processing and pay at the table complexity.
EMV without PIN: only a partial solution
The proposed U.S. version of EMV may not be capitalizing on one of the biggest potential consumer benefits of EMV, PIN security, as Chip and Signature seems to be the favored option of the card brands. Retooling the current payment infrastructure to support Chip and PIN would probably delay the rollout by another five years but Chip and PIN just seems like the better option. Payment industry expert Liz Garner, Vice President of the Merchant Advisory Group, agrees and adds that “despite the added investment from multiple system stakeholders that PIN-protecting EMV cards would require, moving the U.S. to EMV without PINs is only a partial solution, and one that will continue to create major international interoperability issues for U.S. cardholders and U.S. businesses with high traffic from international tourists.”
She points out that “in some restaurant environments (i.e. QSRs, fast casual) fraud risk is very low and the business currently does not require a second factor of cardholder authentication on low dollar transactions; however, if U.S. issuers fail to PIN-protect EMV products, those restaurants will not have the opportunity to ask for a PIN on higher risk, higher dollar transactions, such as the two a.m. $100 drive thru purchase.” Garner concludes that “failure to adopt the international standard of enabling PINs on EMV cards is a missed opportunity to deploy the most secure technology available in this space, and should make any restaurateur contemplate the benefit of EMV versus focusing more on their mobile strategy.”
Although the liability shift is less than six months away, EMV penetration in the marketplace is virtually non-existent. This is the classic case of the chicken and the egg – businesses are not investing in EMV as consumers do not yet carry EMV cards and issuers are not yet issuing EMV cards as consumers are unable to use them in the marketplace. The good news is that issuers are beginning to carpet bomb the market place with EMV and 70 million chip cards can be expected in circulation by year end. The low adoption also speaks to the significant payment infrastructure upgrades required. Even though merchants have invested in thousands of EMV ready card readers, timetables and roadmaps to EMV remain clouded.
I believe that extended transaction times alone are enough to sink EMV in most restaurants, particularly QSR and fast casual. Today’s consumers want quick, fast and easy and none of these appear to apply to EMV. A perfectly acceptable strategy may be to remain on the sidelines and gauge consumer acceptance before jumping in with EMV.
That is not to say that EMV is not without merit as EMV should make a measurable impact in card fraud but it remains unclear if our restaurant consumers will accept the service tradeoffs for the better security of a partial EMV evolution. A well-rounded next gen payment strategy should have an EMV component but the focus should be on smartphone payment apps (Starbucks) and NFC (Apple Pay, Google Wallet). Consumers love the convenience and instant gratification of apps so investments here should yield a return. The mag stripe will be around for years so sprinkle in some end to end encryption and tokenization and you will have a secure flexible payment platform to grow on, with or without EMV.
Card brands are incentivizing EMV adoption by instituting the EMV liability shift in October 2015 but merchants are struggling to understand and rationalize the impact. The basic concept is simple: if a consumer presents an EMV capable card that cannot be transacted as EMV, then the party not in EMV compliance is held responsible for the liability if the transaction is fraudulent. Complexity and confusion arise as protection can vary based on the card brand being presented, the merchant’s industry vertical, and merchant’s payment terminal capability.
While EMV capable restaurants should benefit from the liability shift and welcome protection from chargebacks from card-present fraud, the reality is that protection from this specific chargeback may not be a major financial incentive for most restaurants. This protection is much more important to retailers selling high-end televisions and computers than it is to restaurants selling burgers and fries. To be fair, card-present fraud chargeback protection may be valuable at certain high ticket fine dining establishments but for the vast majority of restaurants, this protection is simply not a major financial incentive.
Security at the cost of speed of service
Implementing EMV can be a major challenge for restaurants. On a positive note, EMV probably signals the end of dialup, which is a good thing. Unfortunately, EMV will bring back dialup-like transaction times, which will be particularly problematic for QSRs, fast casuals and any concept concerned about speed of service. An EMV transaction is process intensive and more complex than a simple mag swipe. The consumer must insert his/her card into the EMV reader before the transaction is sent to the terminal and the card must remain in the terminal for the duration of the transaction. This is curiously known as dipping. Once the consumer dips his card, a series of encrypted keys and cryptographs are exchanged to validate the card and the transaction is processed. An EMV transaction can take up to a mind numbing thirty seconds to complete.
EMV poses a challenge at drive-thrus: QSRs hesitant to invest in tethered card readers that must be passed through drive thru windows to allow the consumer to dip his/her EMV card and then wait for thirty seconds while the transaction is processed. Table Service has EMV implications as well. EMV could be an incentive for table-service restaurants to embrace pay at the table, which should be greeted enthusiastically by consumers but at what cost and what increased level of security? There are plenty of nice solutions coming to market but, again, EMV alone does not provide the financial incentive to justify to cost. EMV adoption in restaurants will require a relatively large capital investment and will result in significantly slower transaction times, awkward drive thru processing and pay at the table complexity.
EMV without PIN: only a partial solution
The proposed U.S. version of EMV may not be capitalizing on one of the biggest potential consumer benefits of EMV, PIN security, as Chip and Signature seems to be the favored option of the card brands. Retooling the current payment infrastructure to support Chip and PIN would probably delay the rollout by another five years but Chip and PIN just seems like the better option. Payment industry expert Liz Garner, Vice President of the Merchant Advisory Group, agrees and adds that “despite the added investment from multiple system stakeholders that PIN-protecting EMV cards would require, moving the U.S. to EMV without PINs is only a partial solution, and one that will continue to create major international interoperability issues for U.S. cardholders and U.S. businesses with high traffic from international tourists.”
She points out that “in some restaurant environments (i.e. QSRs, fast casual) fraud risk is very low and the business currently does not require a second factor of cardholder authentication on low dollar transactions; however, if U.S. issuers fail to PIN-protect EMV products, those restaurants will not have the opportunity to ask for a PIN on higher risk, higher dollar transactions, such as the two a.m. $100 drive thru purchase.” Garner concludes that “failure to adopt the international standard of enabling PINs on EMV cards is a missed opportunity to deploy the most secure technology available in this space, and should make any restaurateur contemplate the benefit of EMV versus focusing more on their mobile strategy.”
Although the liability shift is less than six months away, EMV penetration in the marketplace is virtually non-existent. This is the classic case of the chicken and the egg – businesses are not investing in EMV as consumers do not yet carry EMV cards and issuers are not yet issuing EMV cards as consumers are unable to use them in the marketplace. The good news is that issuers are beginning to carpet bomb the market place with EMV and 70 million chip cards can be expected in circulation by year end. The low adoption also speaks to the significant payment infrastructure upgrades required. Even though merchants have invested in thousands of EMV ready card readers, timetables and roadmaps to EMV remain clouded.
I believe that extended transaction times alone are enough to sink EMV in most restaurants, particularly QSR and fast casual. Today’s consumers want quick, fast and easy and none of these appear to apply to EMV. A perfectly acceptable strategy may be to remain on the sidelines and gauge consumer acceptance before jumping in with EMV.
That is not to say that EMV is not without merit as EMV should make a measurable impact in card fraud but it remains unclear if our restaurant consumers will accept the service tradeoffs for the better security of a partial EMV evolution. A well-rounded next gen payment strategy should have an EMV component but the focus should be on smartphone payment apps (Starbucks) and NFC (Apple Pay, Google Wallet). Consumers love the convenience and instant gratification of apps so investments here should yield a return. The mag stripe will be around for years so sprinkle in some end to end encryption and tokenization and you will have a secure flexible payment platform to grow on, with or without EMV.
What was your first job?
I drove the delivery truck for my dad’s restaurant business.
Who inspires you?
My two kids – watching them grow into responsible young adults is awesome.
What are your hobbies?
Playing bad golf, all sports.
What technologies excite you?
Two things: something to help with my memory. I can’t remember the second one.
Sage Advice:
Think before you speak and remember the less you say, the more they will remember.
What is one other job that you would like to try?
Anything in motor sports.
What is one goal that you would like to achieve in your life?
To be as good as Jeff Gengler.
What is your favorite movie?
I enjoy the classics: Animal House, Monty Python and the Holy Grail, Christmas Vacation, Let’s Be Cops.
Favorite vacation spot?
My family condo on Florida Gulf Coast, lots of good times there.
Steve Barrow is the vice president IT for Luby's Fuddruckers.
More Blog Posts in This Series
2/24/2021
Sushi Lab Leans on POS to Power Resilience
The casual dining restaurant added contactless payment and table management to assist with social distancing.
12/22/2020
The Economic Downturn’s Impact on Women: A Shecession
COVID-19 has upended lives around the world, but the economic downturn has disproportionately affected women. One in four women are thinking about reducing their job responsibilities or quitting work altogether.
12/29/2020
Eclipse Hotels Group Deploys Quore to Enhance Customer Service
Without this technology solution, it would have been challenging for this hotel group to consistently execute a service recovery to the standard experienced in the past.
