Swiping a chip card is like giving away comp rooms – lots of comp rooms!

February 21st, 2019 Kent Howard Data Management, Hospitality Trends, Payment Processing

Liability Shiftas a lodging merchant, you’ve likely heard this term before. It’s frustrating and infuriating at times, because we all want to believe that our guests have everyone’s best interest at heart. However, the fact remains that credit card fraud is on the rise and hoteliers are not immune to fraud and the dreaded charge-back. In fact, the EMV liability shift of 2015 states that merchants are responsible for certain kinds of fraud if they’re not using EMV devices for card present transactions on chip-enabled cards. Sure, it’s true that not all hoteliers have jumped on the EMV bandwagon; but that’s not to say you haven’t heard about it. Today, only 38.5% of all hoteliers are EMV compliant, and hoteliers that are still holding out are wondering why EMV is necessary and is it worth the initial investment. I would say, you simply cannot afford not implement EMV.

Why is EMV Necessary?

The easiest way to explain this is EMV provides some level of protection from fraudulent credit card charges when the card is present in the transaction. However, EMV does not protect your property from seeing any credit card fraud. Stolen cards and fraud from non-chip enabled cards is still possible. However, implementing EMV helps prevent fraud on chip enabled cards when the card is processed as a dipped/EMV transaction instead of the traditional swipe. But don’t just protect the front desk. You’re not out of the woods if you have restaurants, spas, bars, or retail outlets inside your property. Those outlets are much higher in terms of fraudulent activity, so be sure to protect all areas of your property and obtain EMV devices that work wherever you are processing guest credit cards. Request an appointment with your Merchant Service Provider to review your monthly statements in detail to see just how much not implementing EMV could be costing you.

What Else Happens When I Have EMV?

Just changing from a swipe to a dip, this isn’t the only thing that happens when processing a EMV chip enabled card.  Without getting too technical, here’s the key point to know. While the data in a card’s magnetic strip stays the same over time, the chip in the card generates a unique code for each transaction that can only be used once. Technology advancements in the past decade or so made it very easy to replicate the magnetic stripe data. The chip now prevents potential fraudsters from “duplicating” a chip enabled card. While EMV ensures that guest credit cards when presented are not fraudulent, there is also a series of behind-the-scene actions taking place to ensure that the guest credit card data remains secure. The behind-the-scene actions start with tokenization. Tokenization replaces original card data with a unique, generated placeholder, or “token.” Because tokens are randomly generated and there is no algorithm to regain original information, they have no meaning by themselves. Thus, fraudsters can’t reverse-engineer credit card information, even if they were to grab tokens off of your server or the hosting environment. Tokenization increases security because tokens are worthless to criminals should a system be breached in any way.

There is yet another threat to deal with as well. We all know the story of the now infamous Target breach of 2013 where some 40 million cards were compromised. If you recall, in this breach actual card data was not compromised by hacking the point of sale system, but rather the cards were just recorded every time they were entered on the payment terminal. Malicious malware was placed on the point of sale terminals to capture the card data before it was sent to the payment processor and before it was stored in the database.  To combat this, the industry adopted point-to-point encryption or P2PE. This process uses a unique cipher or key to encrypt the card data at the entry point. The card data then can only be read by the payment processor and at no time is the actual card data stored on merchant’s or point of sale systems. This helps protect you the merchant during card present and non-present transactions. EMV, Tokenization and P2PE are the tools at hand to combat credit card fraud. Any point of sale system worth investing in, must utilize all 3 to offer the protection that today’s lodging merchant needs and should demand.

Summing It Up

As hoteliers, it is important to keep your property safe and protected against credit card fraud to save you money. But this is not the only benefit. The traveling public appreciates merchants that take the credit card security of their paying customers seriously. Enough so, to invest in the right tech to make that happen. It has been just a little over 3 years since the EMV liability shift, but ask yourself, how do you feel when you hand your credit card to any store clerk, server, or front desk attendant and you watch them swipe instead of dip your card? I know it makes me nervous!

While it isn’t possible to prevent credit card fraud completely, the implementation of EMV will significantly cut down on the amount of credit card fraud you experience. If you’re still on the fence about the necessity of EMV and would like to discuss it further, please contact our Sales Team to schedule your risk free evaluation.