EMV and 'chip and pin' support in MyCard
Posted by Jeff Tweddale on 25 Mar 2015 03:21 PM
Does BookingCenter provide an EMV device and service for 'dip/tap/swipe'?
Yes! We have details on how you can enroll and sign up to receive an EMV terminal on this page:
What is EMV "chip and pin" and what does it mean for MyCard?
A regulatory change that occurred in North America where the liability for fraudulent credits cards containing a 'chip' shifted with the advent of the 'EMV' change. EMV is the global standard for smart card payments and acceptance devices, named after the developers: Europay, MasterCard, and Visa. EMV microchip-enabled cards provide stronger security and other capabilities not possible with traditional magnetic stripe cards. Credit card companies are already issuing EMV/chip cards. A special card reader is required to read these EMV chips, but you can still swipe the cards through the same magnetic stripe readers you're using today. However, to encourage businesses to adopt the more secure technology of EMV/chip cards, a liability shift went into effect. Prior to EMV, if you swipe a counterfeit or stolen card, the bank assumed the loss. With the liability shift, if you swipe a counterfeit or stolen EMV/chip card with a magnetic stripe reader, you could be liable for that charge. Liability is with whichever party is the least EMV-compliant in a fraudulent transaction. Thus, depending on how the card was swiped/dipped (pin & chip)/tapped (NFC or 'Apple Pay')/keyed-in, the liability for approving an authorization could be with either the merchant bank or the merchant.
Credit cards processed via MyCard (the payment gateway used within MyPMS - More details) have - and will - continue to work after the 'EMV Liabiity Shift' just like computers did after Y2K - don't get alarmed.
BookingCenter provides details on how you can enroll and sign up to receive en EMV terminal on this page: https://www.bookingcenter.com/interfaces-and-modules/mycard/
What should a MyPMS customer do?
Because there are many thousands of credit-card accepting facilities that do not have EMV-certified hardware and software, the 'liability shift' in North America did not upset the relationship between merchant and merchant provider. Also, few BookingCenter customers see 'pin and chip' credit cards that present fraud. For any manually keyed-in transaction, online booking, or card present transactions with a 'swipe' track and no 'pin & chip' (the vast majority of transactions right now), there is no change required in your use of MyPMS or liability shift. Just keep doing things as traditional.
For card holders who come to your property and present a 'pin & chip' credit card, if you swipe the card and that credit card is found fraudulent, the new 'liability shift' means that the property owner ('merchant') may be liable for fraud costs. Because the card holder possessed a 'pin & chip' credit card, the 'liability shift' governing 'card present' payments (i.e., entered via a swipe or manual entry) will no longer protect the merchant who doesn't use an EMV device to authorize 'pin & chip' cards.
Option 1 : For those concerned with the 'pin & chip' credit card 'liability shift' (i.e., you have exposure to guests who present fraudulent cards), you should visit this page and get an EMV device so you no longer 'swipe' chip cards. This is the best and easiest path to avoid fraud chargebacks, as MyPMS has robust support for EMV devices we support, as we detail here.
Option 2: An alternative is to never worry about the EMV 'liability shift', and continue to run all credit cards as you have done in the past, swiping the 'pin & chip' credit cards for your 'card present' discount rates, which will continue to work. If you process payment prior to arrival, or via online, then this issue doesn't affect your business at all, since all your card transactions are 'offline'/ 'card not present'. The liability to this strategy is that if you were to swipe a 'pin & chip' credit card, and it was later found to be fraudulent, you might find your merchant processor won't protect you for fraud costs. Ask your merchant account rep to know more about that situation.
Option 3: If you don't want an EMV device from BookingCenter, you may also request an EMV reader from your merchant provider in order to process 'pin & chip' card present transactions. This would mean posting an 'offline' credit card 'receipt type' in MyPMS, as explained in the article here, as these 'offline' transactions won't process within our MyPMS system. Such an approach would be a mix of processes for your front desk:
This would be 'best practices' behavior in avoiding any fraudulent 'pin and chip' transactions. But it is a mix of processes, which can cause errors when staff is trained on exceptions. We have a more detailed article on using EMV terminals with MyPMS here.
If you want to order an EMV reader...
Any of the EMV devices listed at: http://www.bookingcenter.com/point-of-sale-hardware-and-forms/ are EMV ready now with BookingCenter. Read the details to make sure the one you choose supports the method for connecting (either ethernet cable or wi-fi) and also whether or not you wish to use NFC (which is what ApplePay, GooglePay, SamsungPay are, for example).
If your merchant banker can provide one of these devices for you to use for your 'EMV' transactions, then we will be able to install our BookingCenter app onto the devices listed on the page at: http://www.bookingcenter.com/point-of-sale-hardware-and-forms/ to make integrated EMV-approved transactions. No additional device will need to be purchased, as the PAX devices listed at the URL above will all work. BookingCenter is giving away basic EMV devices for free if you sign up at this page.
What if my merchant processor doesn't have a certified EMV app with Does BookingCenter, can you build one?
BookingCenter spent years designing and building EMV apps with PAX devices and the TSYS and Global payment processing platforms. We likely won’t create an EMV app with other merchant processors for some time, as the effort is intense. Each EMV certification takes year(s) to gain, and then hundreds of hours per year to re-certify as standards evolve.
At the moment, Global and TSYS are the only large platforms we’re certifying EMV apps with, as there is no down side to our customers (except having to switch accounts).
If you want to stay with your existing processor, I’d recommend avoiding the EMV terminal and stay with the e-commerce and ‘card present’/swipe transactions we offer via the many processor connections. While this does provide a bit of opportunity for illicit users who attempt charge backs when using their ‘chip cards’ in a swiped transaction, in our experience, the risks are either non-existent (most hotels who swipe ‘chip cards’ have no charge backs) or very small (most people are decent and don’t lie).
EMV is a complex subject and there has been much written about it. There is a good overview with common questions and answers presented here: http://www.creditcards.com/credit-card-news/emv-faq-chip-cards-answers-1264.php.