As EMV deluges the US over the next year, it will add new technology-laden measures to make transactions and data safe and secure. While the infrastructure contains many intricate elements, the basics boil down to cards with embedded chip microprocessors that ramp up security way beyond magnetic stripe cards.
Promotional EMV literature makes a clear case for its security enhancements, interoperability with other systems in other countries, and compatibility with payment terminals—including mobile options. EMV-enabled cards store substantially more data than magnetic stripe cards and support a variety of enhanced cardholder verification methods.
All this said, what does the typical self-storage owner do to evaluate and elevate current credit card processing protection levels, and prepare for coming technologies?
- Go all in now; go all in later. Within reasonable economic parameters, make sure current systems are compliant with PCI DSS standards, contain encryption schemes and use tokenization.Some may argue the wisdom of doing this, given advancing standards and technologies, but think about this analogy: If a revolutionary gate locking system was planned for 2013 rollout, would you sacrifice today’s state-of-the-art protection to save up for something available at least a year from now? How many breaches would have to occur to justify staying state-of-the-art? In the world of credit card data protection, even one breach can doom a company—both from fines levied because of the breach and loss of consumer confidence.
- Consult with credible, objective credit card processing specialist(s) and resources who don’t have a motive to sell you particular hardware or software. Become a good investigative reporter, and find out everything you can from a variety of sources. Then, evaluate the big picture and determine how to proceed. As part of this process, make sure to look at both the coming standards (e.g., EMV) and card accepting technologies. Mobile, for example, is gaining traction in the marketplace; but, as with all new bells and whistles, make sure that your swiping of a credit card isn’t exposing customers to someone wanting to swipe their information—or their identity.
- Create a budget based on findings, being sure to allow for ways expenditures in one area can save money elsewhere. For example, Visa’s version of EMV, called TIP, will eliminate annual validation costs associated with the PCI Data Security Standard if 75% or more of the merchant’s transactions come from chip-enabled terminals. As PCI DSS compliance costs can be substantial, this may tip the scales strongly in favor of deploying a chip-enabled processing system as soon as possible.