The transition to EMV in the U.S. has not been without its speed bumps. Something that everyone in the payments ecosystem sort of knew was going to be the reality, but until reality hits, no one knows how bumpy the ride is really going to be.
Creditcall doesn’t really want to say, “I told you so” but it might be tempting. They’ve seen this EMV movie before having guided a bunch of companies thru the process outside of the U.S. They understand that the root of all these problems is, well, the migration to EMV is hard. And that often, it’s the POS developers who alone face many of these challenges as they struggle to integrate EMV within the business applications that actually run their business.
“Staying relevant to customers, finding new ways to deliver value, and remaining competitive takes time and energy. It is no surprise that issues outside of the core features and functions of the software — such as payment security and EMV — are regarded with such an aversion,” writes Creditcall in a new report titled “Why EMV Payment Integrations Aren’t Easy,” which offers three tips on how to make the speedbumps a little easier to navigate.
“Most developers are in business to solve unique needs of a market or business segment; they’re not experts in payments. Unfortunately, today the ability to process cards comes at a significant cost and effort.”
Securing card data at rest and in transit, and adhering to the EMV standard, are now the way of the world. And, like it or not, payment processing and its related security must be addressed by those lonely POS developers who just want to focus on the things that are core to the business.
And to help POS developers stay afloat of these challenges, here’s a few of the tips Creditcall has.
Three Things POS Developers Must Consider
- EMV Certifications Can Be Misleading.
“Many IsVs are happy to see that their existing payment gateway is “EMV certified.” With the promise of a fast and easy integration, they walk into the project with high hopes. Unfortunately, much of the information pertaining to EMV certifications is misleading.” Developers must understand the certifications that are in place and if those support the devices they want to use,” Creditcall writes in its report.
- Know Customers’ Needs.
“With each passing day of the boarding process, merchants run the risk of fraud occurrences and costly penalties,” Creditcall writes as a reminder — pointing to the fact that while integration isn’t always as fast (or easy) as expected, it also requires front-end work on the developer’s side.
- Avoid The Stall?
This can be a common issue, and can be addressed by developers taking time to study the boarding process for the various acquirers/processors. “It is essential that any EMV solution has access to a TMS platform for efficient and timely deployment of updates,” Creditcall writes.
Remaining EMV Compliant
What’s also important during the EMV migration process is that merchants ensure they are not only EMV certified, but that they have the practices in place to upgrade those elements, including the firmware on their new PIN pads.
“EMV-enabled solutions will require frequent data updates to cover updated data elements such as CA Public Keys and Data Object Lists which can change periodically. Having the correct CA Public Keys is critical to the cryptographic operation of EMV. This is often an overlooked part of a successful migration, even in countries where EMV is well-established,” Creditcall writes.
Challenges To Overcome
Creditcall points out that some developers have “thousands of merchants split across multiple processors, each with different key types unique to those processors.” That’s why when a developer onboards a new customer, they take on the risk of being on the hook for any inventory challenges of the terminal manufacturers.
“Long wait times are common. In response, some ISVs tie up their own precious money by carrying an inventory for new customers of different devices,” the report stated.
- Time and cost challenges: Due to the level of security required, the injection process has to take place in a secure Key Injection Facility or KIF.
- Processor challenges: Before a terminal can be used or even shipped into the field, it must already be married with the intended processor via the key.
- Inventory challenges: Managing stock keeping units (SKUs) for all these key and device combinations can become a challenge for any organization.
As a solution, what Creditcall recommends is a remote key injection in order to speed up the migration process. Of course, as the report points out, getting the certification necessary to be part of the remote key injection process can still be expensive, which is one service Creditcall offers.
And, according to Creditcall: “Terminals that support RKI allow a developer to easily deploy devices to merchants while skipping a key injection facility and its related costs and challenges.”
Complicated? Indeed. The challenge is, the report suggests, for POS developers to be equipped with the right questions during the process to ensure the right partner is picked.