Point-to-point card data encryption and card tokenization are other measures emerging to also help with data protection throughout the ecosystem.
“To keep pace with increasingly sophisticated attack methods, the security standards will continue to evolve,” Cerovski said. “This will require continued updates to at least the software to stay current with payment network approvals.”
When upgrading to EMV, English advises that the retailer also consider EMV contactless and near field communication in their implementation plans.
“The good news is that the vast majority of payment devices that manufacturers are offering support EMV contact, EMV contactless and NFC,” English said.
NFC opens the door to mobile payment acceptance, including Apple Pay and others. Petro POS and pump providers will need to support the card brand contactless schemes such as PayPass, Paywave and Expresspay in order to accept mobile payments. The other technology petro providers should pay attention to is geo-location, either using GPS or bluetooth low energy. Each technology can help with customer movement and marketing.”
Kleinschnitz said it is important that retailers in all markets take a holistic approach to data protection and security. “EMV alone will not prevent cyber-crime from occurring,” Kleinschnitz said. “But it is an important tool to help protect merchants and their customers.”
Endbar: Key Solution Approaches
Petroleum marketers and retailers need to work closely with their POS provider, pump provider and acquirer on when their systems will support EMV and what the upgrade cost will be. “Marketers and retailers need to evaluate their potential for fraud once the liability shift kicks in Oct. 1,” English said. “Many businesses are approaching the implementation of EMV based on the chance of fraud and the percentage of international cards a site or store is currently seeing. Once EMV is implemented, staff training is key and awareness of consumer reaction to EMV chip cards is very important.”
When implementing the upcoming EMV, petroleum marketers need to:
- Take the time to fully understand their liability and do a risk assessment.
- Ask their brand and acquirers questions such as: how many EMV cards are in circulation and how many will be when the liability shift goes into effect and how much liability risk are my sites exposed to for each fraudulent counterfeit card transaction?
- When the true EMV liability risk is understood, some retailers may elect to perform indoor EMV technology changes at the same time they perform outdoor technology changes to minimize disruption, defer costs, and reduce site down time.
- Potentially build on PCI investments for EMV migration. Pre-deploy EMV dispenser hardware now and enable when site systems are ready.
- Consider implementing contactless readers to support contactless EMV as well as position for NFC-based mobile payment methods. Also, consider implementing sponsored media programs to help with EMV upgrade costs and increase return on investment for EMV migration.
