Blog | September 25, 2014

If You're Still Dragging Your Feet Concerning EMV, Read This

By The Business Solutions Network

Achieve Invulnerable Payment Data

A lot had been written about EMV. Indeed, earlier this year, Business Solutions published an entire guide on the topic. Still, there’s a lot to learn and consider if you’re a solutions provider.  During a session on the topic at the Fall ONE Ingram Micro conference in Las Vegas Jeff Yelton, executive director and GM DC/POS, spoke to a packed room about the trends leading up to EMV and the importance of compliance to today's solutions providers. In listening to Yelton, a few thoughts came to mind. 

First, is related to a statement I commonly hear from VARs servicing small retailers. “Criminals focus on large retailers, not my customers. The odds of my customers being breached are so low that there’s no hurry to get EMV compliant.” In the coming months, as  large retailers get their act together and become EMV compliant, who do you think criminals will target? Will they beat their heads against the recently bolstered security of large retailers or go after lower hanging fruit? Your customers will quickly turn into the easiest targets and the threat of breach will become very real. Don't assume your customers will be spared.

Second, large retailers who’ve experienced data breaches might take a dip in their stock prices and fire a few people, but continue on business as usual. If one of your small retailer customers has a breach, the chances of them being able to withstand the financial penalties is low. Most likely, a breach will equal financial ruin and a “For Sale” sign on their store front. If that happens to your customer, do you think you’ll escape unaffected? No, you’ll find yourself in a lawsuit at worst or with a destroyed reputation at best. Even if you’re legally in the clear with your clients, EMV is a powder keg and you’d better make sure you’re doing everything possible to help your clients before a breach occurs. You customers probably can’t survive a lawsuit, can you?

In part of his presentation, Yelton listed seven steps for EMV compliance. The road is hard and long. It reminded me of PCI compliance and how one ISV told me how his company had spent hundreds of thousands of dollars and countless hours ensuring he was compliant. The ISV wondered aloud how some of his competition could claim to be compliant but didn’t seem to take the same steps. How could this be? The Payment Card Industry Data Security Standard (PCI DSS), despite its length and thoroughness, unfortunately still leaves room for interpretation and some solutions providers were quick to meet the loosest, cheapest, and easiest interpretation. Right or wrong, no one will know unless there’s a breach.

The same will hold true for EMV. Yelton’s seven steps aren’t easy and I’m sure some will find shortcuts. I urge you to not take the easiest path, but rather the one that truly secures your customer’s data. I urge you to skeptically validate your partners (providers of payment terminals, software, and merchant processing) to ensure they didn’t take shortcuts. Too much is at stake.

The EMV deadline is just about a year away. It isn’t going to be pushed out. It could take you months to get your company and solution set up to speed. Talk to your payments-related partners TODAY.