By now, most restaurant operators have heard of EMV. (If you haven’t, search for “EMV” on RestaurantBusinessOnline.com for the nitty-gritty on what this technology is and how it works.) The reason attention has picked up is that the shift in liability associated with it goes into effect Oct. 1.
Some might not have believed that deadline to upgrade credit-card readers from swipe-card-only to EMV-compatible would stick. But starting next month, those operators that don’t update their equipment may be held liable for data breaches, an onus that now falls on the banks. Despite the rapid approach of this shift, there’s still much confusion around EMV. Here are three points to clear up:
There is no mandate to switch
Adoption is voluntary; there are no rules forcing operators to get on board. In fact, the National Restaurant Association suggests that operators don’t rush into upgrading their equipment by Oct. 1, unless they’ve had a prior problem with fraud.
Not all fraud falls to the operator
If an operator still is using a swipe-card reader, and the customer has an EMV-enabled card, the operator is liable. However, if the customer doesn’t have a chip card or fraud occurs while using EMV readers, liability is not with the operator.
EMV alone isn’t the answer
EMV technology is only a piece of the data-security puzzle: EMV reduces counterfeiting through authentication; cardholder data is encrypted as part of PCI Compliance; and tokenization protects data when it comes back to the POS system.