Security Leads Drive to EMV, Mobile Wallet Payments

The way consumers pay for goods continues to evolve as EMV-enabled cards and mobile wallets move closer to the forefront.

Adoption of the two technologies is mixed, but both are said to provide better security and ease of payment and are the next step forward in protecting consumers and sellers. Any business should be aware of the new technologies: how they work, why they work and whether they should be adopted and implemented at your register.

Perhaps the greatest change in payment methods in the last five years has been the spread of EMV-enabled, or more colloquially known as “chip,” cards. It’s now the global standard on any new credit card issued by Visa, MasterCard, American Express, Discover, China UnionPay, JCB and others. U.S. Payments Forum estimates that 855 million chip cards have been issued to U.S. consumers, about 85 percent of all debit cards, according to CPI Card Group. Large retailers, like Target and Home Depot, were some of the early adopters of EMV readers, a result of widespread security breaches and identity theft at their point-of-sale terminals.

Credit card and data fraud are the drivers of this new technology. The Nilson Report statistics show that global credit and debit card fraud generated losses of more than $22 billion in 2016. ACI Worldwide and Aite Group report that one in three consumers have suffered credit card fraud within the last five years.

What is EMV?

EMV cards are also known as “smart cards” because of the methods by which they store their data: on integrated circuits that use radio-frequency identification (RFID) technology to be read. EMV stands for Europay, MasterCard and Visa—the three companies that created the technology. Nearly 59 percent of all card-present transactions conducted globally between July 2016 and June 2017 were EMV-enabled. EMVCo data reports a 7.2 percent increase in the use of EMV cards in the United States last year, for a total of 31.4 percent of transactions.

The largest difference between EMV cards and magnetic strip cards is the data. On a magnetic strip, the data is stagnant and it never changes, which allows any person who can access that sensitive card information free rein to make as many purchases as he/she likes or sell the data to other interested parties for cash.

With an EMV card, the chip creates a unique transaction code every time a purchase is made. When the card is inserted (a process known as “dipping”) into a terminal, it connects with the issuing bank, looking for card legitimacy and creating a unique transaction code. If, during this process, a thief or hacker were able to skim the chip information from a transaction, say, a swipe at the gas pump, the only information they would be able to steal is the transaction number for that specific fill-up. The number cannot be duplicated and used again to make another purchase.

Measures like this will not put an end to data breaches, but do deter potential thieves and hackers, and experts believe that fraud rates will be reduced.

Perhaps the most frequently heard complaint about this payment method is that it takes longer to process than a magnetic strip. Processing times vary greatly by merchant, equipment (such as the point-of-sale system) and/or any third-party payment processor. As the payment method becomes more widespread, it’s also expected that any lag time will decrease. Some providers, like Square, have been able to bring processing times down to a noticeably brief period—as quick as a magnetic strip.

The majority of credit card issuers have moved toward this standard and are putting pressure on merchants to accept EMV: a liability shift occurred on Oct. 1, 2015, spurred by Accel, American Express, China UnionPay, Discover, MasterCard, NYCE Payments Network, SHAZAM Network, STAR Network and Visa, to help spread the cost of fraud more equally. If an in-store fraud or counterfeit occurred, the party (either the card-issuing financial institution or the vendor) that had not adopted the EMV chip technology platform would be held responsible and pay for the damages.

NFC Payments and Mobile Wallets

As another measure to make transactions more secure, several providers have come up with mobile wallets, which store credit card information on a consumer’s phone. To make a payment, the user hovers his/her phone over a payment terminal, chooses which credit/debit card to pay with and then uses a thumbprint or PIN to authorize the transaction. The mobile wallet’s prominence has risen, but perhaps not necessarily to the levels experts and suppliers would have hoped for. Using near-field communication technology, providers like Google and Apple are attempting to make check-out faster and more secure with their Android Pay and Apple Pay products.

NFC is a protocol that allows two electronic devices—in this case, a smartphone and a payment terminal—to communicate with each other when placed no more than 4 centimeters apart and process a transaction. NFC is also used in social situations—sharing contacts, photos or files via Bluetooth, for example. Apple released its NFC-backed Apple Pay system in fall 2014; and though it is the most tried and used mobile wallet, adoption of the method has been slow to take.

There are four main mobile wallets: Apple Pay, Android Pay, Samsung Pay and Walmart Pay. Not one of the methods has, so far, seen much usage, according to a survey conducted by PYMNTS.com and InfoScout, a consumer research company. Through June 2017, Apple Pay had the highest usage, 5.5 percent. Walmart Pay was next with 5.1 percent usage among those who have used it for transactions, followed by Samsung Pay at 3.3 percent and Android Pay at 1.8 percent.

The reasons people have not tried or used mobile wallets have less to do with security than one might think. Often, according to the PYMNTS.com/InfoScout study, consumers either forget they have the option or are happy with their current payment methods, the store does not accept the payment type, or the consumer wants to pay with cash.

Online Payments Made Easy

Google recently came out with a solution for online shopping as well: Google Wallet. Similar to Android Pay in that you can select any credit card on file to use, it also expands payment options to those specific to online accounts, i.e., PayPal and others. In May, Google announced the technology that made it possible: Google Payment API. It ties together all the payment options linked to any Google-owned platform into one interface so that users in mobile apps and on the Chrome browser need only press a “Pay with Google” button and select the card they want to use. The goal is to make mobile check-outs faster and more secure for consumers and increase conversion rates for vendors.

Mobile shopping carts have been a topic among winery DTC professionals for years. Concerns over check-out times and easy interfaces have been the predominant focus. Google claims that this new technology will allow consumers to use the same account to pay for goods across platforms, devices and interfaces.

Winery Adoption

Across the United States, U.S. Payments Forum estimates that 50 to 52 percent of merchant locations have the ability to process EMV payments. For this reason, the EMV cards issued to consumers also contain a magnetic strip so that consumers will still be able to swipe their cards at merchants that cannot process the technology; however, the added security EMV provides will be lost.

According to the results of Wine Business Monthly’s 2018 Technology Survey, the wine industry seems to be keeping up with other consumer goods industries in terms of adoption. In a rather unexpected trend reversal, more small wineries (those defined as producing fewer than 50,000 cases of wine) have moved to accept EMV payments than large wineries. The difference is small, however; 52 percent of small wineries accept it, and 48 percent of mid-sized and large wineries offer it.

That the adoption rate is so high is a great sign that the wine industry is moving to more secure transaction methods to lessen the risk of loss via fraud.

NFC payments, however, are not nearly as popular: 89 percent of winery respondents said that they do not allow these types of payments.

Implementation/Integration

When it comes to implementation, the good news is that a majority of point-of-sale software providers are able to accommodate all the aforementioned forms of payment, and many will even provide the necessary hardware. Check with your solutions provider to see what its capabilities are. Most importantly, you need to ensure that the third-party payment processing company either you or your POS provider utilizes will also process these new forms of payment. Most will, but it is always important to check. Installation, according to most accounts, is simple as well.

This article originally ran in the February 2018 issue of Wine Business Monthly