With the next phase of the looming EMV standard merely months away, retailers are grappling with some difficult decisions as they look for a secure, future-proof mobile point-of-sale (POS) solution. Mobility is clearly changing the pace of retail, especially as smart devices become key components across retailers’ POS arsenals. But solutions that send non-encrypted credit card data are vulnerable targets for hackers. Forward-looking retailers are using the EMV deadline as an opportunity to get a head-start on the competition by deploying smart, secure tablet-based POS solutions.
The Cost of Data Breaches
Data breaches have become so prevalent across the retail industry that businesses call cyberattacks their highest security concern, according to a 2014 survey conducted by Deloitte and the National Retail Federation (NRF). Over the past 18 months, some of the industry’s biggest names have fallen victim to breaches. The fallout is devastating. The average data breach is costing retailers approximately $3.8 million, according to a 2015 report from Ponemon Institute. To avoid becoming the next statistic, retailers need to take steps to protect their data and their supporting systems, especially their POS solutions. Adopting the EMV standard is a great first step.
The Looming EMV Standard
In an effort to ward off malicious cyberthieves, the major international credit card companies Europay, MasterCard and Visa (EMV) joined forces to create a global standard. This is being enforced in stages to ensure the interoperability and security of smartcards and chipcards designed to authenticate and protect credit and debit transactions at POS devices.
The EMV standard, which requires companies to adopt solutions that accept and process chip-enabled payment cards, is being enforced by EMVCo LLC, an organization of credit card companies comprised of American Express, Discover, JCB, MasterCard, UnionPay and Visa. The group has spent the past few years working in tandem to define specifications that support worldwide interoperability and acceptance of secure payment transactions. The standard is currently supported internationally by various banks, merchants, processors, vendors and other industry stakeholders.
While the implementation of EMV technology is expected to be a five-year process, retailers are preparing for the next phase in the EMV adoption process called the Liability Shift Mandate, which requires companies to become compliant with EMV guidelines by October 1, 2015. Non-compliant companies failing to meet these benchmarks will responsible for any credit card fraud committed in their stores, according to a 2014 report from RIS News.
The First Steps Toward Information Security
Considering that most hackers use the network infrastructure surrounding POS systems as their gateway to seize access to a retailer’s data, industry observers suggest POS remediations, whether they are technology upgrades, revisions or swap-outs, as the easiest way to adopt EMV compliance. While no one wants to embark on a time-consuming, costly rip-and-replace project in which retailers remove current platforms and replace them with brand-new infrastructure from the ground up, payment terminal upgrades, network encryption and cloud-based network security solutions are preferred steps in EMV adoption.
Another potential way to ward off cybercriminals is to consider a secure POS bundle, or an all-inclusive turnkey package that features hardware, software and supporting components that enable retailers to begin processing transactions right out of the box.
Advancing mPOS to Uphold the Standard
Verifone and Samsung are partnering to bring advanced mobile point of sale (mPOS) solutions to enterprise and smaller retailers alike. These solutions include hardware, software and services backed by both of the trusted global brands.
The enterprise mPOS solution includes an 8-inch Samsung Galaxy Tab Active tablet integrated with Verifone’s latest mPOS terminal, enabling retailers to use the tablet to securely accept all forms of payment—including EMV, near-field communications (NFC), traditional magnetic stripe cards and magnetic secure transmission (MST)—as used with Samsung Pay—and beacons, from anywhere inside or outside the store. The terminal also supports Verifone’s commerce enablement and security software, allowing retailers to deliver targeted digital marketing and advertising content, such as special product offers and loyalty incentives, during checkout while also protecting cardholder data with point-to-point encryption and mobile device security. Additional security is provided by the terminal’s ability to directly connect with the retailer’s processor, which not only prevents cardholder data from being exposed to POS malware, but also reduces the retailer’s scope of EMV certification and PCI management.
The solution for small and medium-sized merchants includes Samsung Galaxy tablets and smartphones supported by Verifone Cloud POS — a turnkey Android-based cloud POS offering. The tablets’ integration with Verifone Cloud POS provides smaller merchants with enterprise-level capabilities, such as powerful reporting functionality that delivers enhanced insight into their business, and the ability to easily deploy digital offers, loyalty incentives and coupons. This processor-agnostic solution also features cloud-based storage that merchants can use to securely access their data anywhere, anytime. Likewise, it protects cardholder data from POS malware and greatly reduces merchants’ EMV certification and PCI management scope.
This strategic partnership between Samsung and Verifone is an important step toward helping retail partners achieve the flexibility and seamless integration with back-end systems that are prerequisites for EMV standards.
With about two months to go, retailers continue to count down the days until the Liability Shift is enforced. Yet, momentum to adopt the EMV mandate remains sluggish, at best, with more than half of U.S. merchants expected to miss the October cutoff according to advisory firm Crone Consulting. Rather than consider data breaches “an unavoidable cost of doing business” across the retail industry, retailers need to fight back. By doing due diligence and opting for all-inclusive POS packages that include securely integrated smart tablets, retailers will gain EMV-compliant solutions that continue to support customer engagement and drive sales while protecting against cyberthreats.
Want to learn more about Samsung’s secure mobile devices for POS deployments? Visit our retail solutions page.