We’re all familiar with paper receipts. They’re so ubiquitous that you likely have one in your pocket or in your purse as you read this. For customers, they constitute a proof of purchase in case they want a refund or wish to verify the transaction amount against their credit card statements. For businesses, they provide the only evidence that a credit card payment was authorized, which is why businesses are weighed down by paper receipt copies — sometimes up to seven years’ worth — that are filed, boxed and stored.
Signatures have historically been important because there is an entire underground economy powered by stolen credit cards. Credit card fraud has run rampant since the 1980s, when credit cards first came into prominence and were processed offline via carbon copies. More recently, a fraudster could simply obtain a traditional magnetic swipe card, make copies using a cheap machine and hire people to go shopping. Credit card fraud evolved to the point of sale itself with thieves developing the technology to download credit card information directly from credit card terminals.
The credit card issuers (MasterCard, Discover, American Express and Visa) were liable for these unauthorized transactions, resulting in billions lost annually, according to WalletHub.
The Introduction of EMV
In 1994, EMV (Europay, MasterCard and Visa) cards were first introduced in Europe to improve security and reduce fraudulent losses. EMV cards feature computer chips for transaction authentication. When a chip card is inserted into an EMV terminal, a unique code is created that can only be used once. In contrast, when a traditional magnetic stripe card is swiped, the same data is used each time.
Early adopters of EMV technology experienced a dramatic drop in fraud. Credit card fraud fell by 91 percent in France when the country adopted EMV cards, according to Gemalto. Meanwhile, the United States became a world leader for this practice, with more credit card fraud than the rest of the world combined!
As losses mounted, the United States finally transitioned to EMV in 2015. But the card brands, Merchant Service Providers, businesses and consumers had a lot to adjust to. An EMV-certified terminal is required to process EMV chip cards and reap their anti-fraud benefits. Old-fashioned terminals cannot process the unique code generated to authenticate EMV transactions.
One year later, only 44 percent of U.S. merchants were estimated to have EMV-capable terminals, and fewer still could actually accept these payments: a measly 29 percent, according to an analysis by The Strawhecker Group.
Why the discrepancy?
For one, EMV-capable terminals can cost up to $1,000 on average, according to Bloomberg, and businesses often have several terminals to replace. An estimated 15 million point-of-sale terminals are in need of an upgrade in the U.S., the cost of which could reach $6.75 billion, according to Fortune.
For another, many providers aren’t EMV certified. There are three levels of EMV certification as measured by the card brands:
- Level 1 - Hardware: Tests the physical terminal, logic and transmission of payments.
- Level 2 - Software Kernel: Reviews the software written to facilitate the transmission of payment information.
- Level 3 - Application: Evaluates the entire processing system by card brand.
EMVCo, which is composed of six member organizations (Visa, MasterCard, Discover, Amex, JCB and UnionPay), manages and defines the specifications for these certification levels and validates levels 1 and 2. To earn level 3 certification, the equipment must pass tests with each card brand.
If it sounds like a lot to go through, it is. Some providers wait upwards of a year to get EMV level 3 certified, but in the meantime, they still market their terminals as EMV ready.
The Liability Shift
Now, if the card brands were still liable for fraudulent transactions, long EMV queues and expensive terminals wouldn’t be a business’s problem. However, starting in October 2015, the card issuers declared that businesses would now be responsible for fraudulent losses generated by stolen or counterfeit EMV chip cards. Known as the liability shift, this move was meant to distribute the burden of fraudulent losses and encourage the adoption of EMV technology.
In addition to the burden of buying new equipment, EMV added friction at checkout. As of late 2016, the average EMV terminal took 11 seconds to verify a transaction, with some transactions taking upwards of 22 seconds.
Businesses found themselves in a catch-22: Either they upgrade their technology and face delayed checkout times or they become an increasingly easy target for fraud the longer they wait. With pressure mounting for businesses and consumers alike, the major U.S. card brands (Visa, MasterCard, Discover and Amex) announced their plans to do away with the signature requirement for EMV transactions in 2018, citing improvements in security and the lack of signature verification by businesses. Signatures appeared to be more of a hindrance than a help.
A Change for Some, Not Others
Paper receipts are not cheap for businesses to print, file, box and store and in the event of a chargeback dispute, the time spent digging around for a receipt that is potentially faded or damaged can add up. However, businesses will still need to capture customer signatures for a number of reasons, despite the fall of chip-and-signature authorization. These edge cases include the following:
Accepting Magstripe Cards
Requesting a Tip
U.S. EMV adoption is currently at 52 percent, according to EMVCo. That means about 48 percent of card payments are still made with traditional magstripe cards. Because these cards are less secure, signatures will still be required for all magstripe transactions.
It’s customary for cardholders to leave a tip when paying for a meal, a haircut and numerous other service-industry purchases. Such transactions require customers to receive a printed receipt to add a tip and for businesses to adjust the transaction in their point-of-sale systems and have proof in the event of a dispute.
EMV fallback occurs when an EMV chip card fails and has to be swiped instead of inserted in an EMV reader. Because the EMV reader has failed, a signature is required to authorize the transaction.
Credit card terminals can do more than accept payments. With more businesses going green, there’s been a rise in signature pads and digital authorization over printed waivers, terms and conditions. Items you may wish to obtain authorization for include the following:
- Refund policies
- Shipping policies
Obtaining a signature at the point of sale can reduce friction and touch points with customers.
What’s to Come in Payment Security?
EMV is not the final frontier for payment security. In fact, the fall of chip-and-signature authorization logically leads to what’s forecasted: chip-and-PIN authorization.
As discussed above, the adoption of chip-and-signature payments posed a huge burden for businesses and consumers. When EMV transactions were discussed in the U.S., whether to use chip-and-signature versus chip-and-PIN authorization was quite the debate. Rather than inserting a chip card and providing a signature, chip-and-PIN authorization requires the purchaser to provide a numeric code instead.
Proponents of chip and signature argued that chip and PIN would overly burden cardholders because the average U.S. consumer carries three cards. For the sake of convenience, the less secure method was adopted. But, now that signatures are on their way out, EMV cards will likely get even more secure.
PIN authorization has been widely successful in Europe. The United Kingdom adopted chip-and-PIN cards in 2006. In the 10 years spanning 2004 to 2014, the United Kingdom experienced a drop in annual counterfeit card losses of £81.9 million. And even in the United States, 91 percent of debit card fraud from 2004 to 2010 occurred on signature-based cards as opposed to 9 percent for PIN debit cards.
How to Select the Best EMV Credit Card Reader
With so much in mind from EMV acceptance to chip-and-PIN authorization, here’s a quick list of features to look for if you plan to upgrade your credit card terminals to adapt to these changes in the payments landscape:
- Recognition: You shouldn’t have to trust your customers to properly process their payments or open your business up to unnecessary EMV fallbacks. Select a terminal that can distinguish a chip card from a magstripe card and direct customers to properly insert or swipe accordingly.
- Acceptance: A new terminal should accept all payment types, including magstripe cards, EMV chip cards and even NFC mobile payments. NFC transactions are expected to grow to $240 billion in 2021. Failing to use a terminal that accepts mobile payments will likely set your business back and result in another equipment upgrade sooner than later.
- Signature Capture: Go digital and simplify your credit card receipt protocols by opting for a terminal that can collect digital signatures and store them in the cloud in a Virtual Terminal. Doing so will ensure that you get a signature on the right transactions while making your entire transaction history easy to search through with a simple query.
- Digital Receipts: Make it easy for your customers to search for your receipt by letting them elect for an emailed copy. This is a big one, especially if you use your terminal screen to obtain signatures for terms, warranties or conditions that your customers may want to reference in the future. Digital receipts also help you reduce your paper receipt output.
- Customer Facing: With the anticipated rise of chip-and-PIN transactions, it’ll be vital to provide cardholders with a secure means of providing payments and maintaining their privacy.
What about the change in chip-and-signature authorization did you find interesting? Do you have questions about this change? We'd love to hear from you!