Digital Transactions Authoritative, insightful and timely information for payments professionals
With the impending EMV chip card liability shift on Oct. 1 and the recent establishment of the newest version of the Payment Card Industry data-security standard (PCI), independent sales organizations are at a critical juncture, according to a veteran industry executive.
“This is an opportunity for ISOs to gain or lose business,” Mark Dunn, president of Field Guide Enterprises LLC, a Hartland, Wis.-based ISO consultancy, said Wednesday at the annual conference of the MidWest Acquirers Association (MWAA) in Chicago.
Both the new PCI rules and EMV liability shift have big implications for ISOs, which serve millions of small merchants that will be facing changes in their payments operations. The coming of EMV will call for new hardware at the point of sale, even though few small merchants will have upgraded their equipment come October. After that, however, they will bear liability for counterfeit fraud arising from transactions in which their POS terminals could not read the EMV chip in a customer’s credit or debit card.
The peril for ISOs with EMV is that many small merchants remain unaware of the coming liability shift and will be skeptical of out-of-the-blue sales pitches for new terminals. “Honestly, the vast majority of small merchants have no clue that this EMV thing is coming,” said a speaker at a different session, Neil Jones, director of sales at Brighterion Inc. Brighterion is a San Francisco-based risk-analytics firm that employs artificial intelligence to find data breaches.
Still, EMV represents “a sales and consulting opportunity” for ISOs, according to Dunn, a former ISO executive and co-founder of the MWAA. But first, an ISO should “review and refine” its sales process, and gain a thorough understanding of EMV from its processor about the software upgrades and equipment its merchants will need to implement chip card acceptance, he said. An ISO also determine if EMV upgrades might be a good time for a merchant to add other payments services, such as mobile POS capabilities.
ISOs also need to think about how they will implement EMV acceptance for their current merchants versus those they sign in the future, according to Dunn. The two groups could present different problems. Current merchants are likely to need need equipment upgrades or replacements, but newly booked ones may be new to card acceptance altogether or have another processor’s equipment. “If you don’t have a plan…I guarantee your competition [will],” he said.
Meanwhile, the new Version 3.1 of the PCI standards effective this month calls for merchants to take more steps to secure payment card data, and they’ll almost certainly be directing questions to their ISOs on how to comply. Among other things, according to Dunn, merchants need to have complete inventories of their card-acceptance hardware and the software programs therein, provide more details about their vendor relationships, and do more to prevent unauthorized physical access to POS terminals and other card-accepting devices.
An integrated approach to informing merchants about EMV and the new PCI rules could help ISOs “open the door” to talking to merchants about their payments processes, according to Dunn. “Then I think we’re going to be able to have a good sales discussion,” he said.
