EMV transforms payment security: What this means for colleges and universities
From tuition payments at the bursar’s office to book purchases at the campus store, there is frequent credit card and debit card activity at higher ed institutions. And a big change in the world of card-based payments has come about in the form of EMV. New to the United States, this technology introduces a dynamic element to purchasing transactions, making it extremely difficult for fraudsters to use a counterfeit card during a card-present transaction. Smart chips are embedded in new credit cards that contain a piece of data that is unique to an individual transaction and helps in authentication. This makes production of a counterfeit card nearly impossible.
The issuing bank will decide which additional means of authentication to include with the EMV card to fight against any unauthorized use of it. The banks can decide that the consumer must enter a PIN like with a debit card (“chip and PIN”) or sign a receipt (“chip and signature”) in order to complete the transaction. Chip and PIN is universally acknowledged to be the more secure method of authentication, but in the U.S., chip and signature will likely reign supreme.
Increased card security can only be good, but questions for college and university administrators remain: How will this impact my campus? What do I need to prepare or update? The key is to prepare your campus’s EMV strategy.
The cost of implementing EMV in the U.S. will be more than $8 billion. A large part of this burden will fall on the shoulders of merchants to upgrade point-of-sale hardware. With the understanding that this process will be a significant expense for organizations, installing EMVcertified peripherals has not been mandated. However, as of October 1, if a merchant does not have the ability to process an EMV card and that transaction happens to be fraudulent, the merchant, not the issuing bank, is on the hook for damages.
As you’ve likely already figured out, your non-EMV peripherals can still process credit cards, but in doing so, your institution is assuming the liability risk associated with card-present fraud. However, traditionally there is a low risk of this type of fraud on college and university campuses.
Therefore it is up to you to determine your campus’s EMV strategy. Questions to consider include:
• How many places on campus do in-person payments occur?
• How many machines do we need to purchase?
• Do our students use smartphones to make purchases, such as by using Android Pay or Apple Pay?
• What is the total cost of replacing current devices?
• How much card-present fraud has the campus seen in the past?
• How does the volume of card-present fraud compare to the cost to replace the devices?
Because most campuses see a low amount of cardpresent fraud, administrators may be in a position to choose the most advantageous time to implement new EMV peripherals. Maybe there is a time when there’s extra room in the budget, or a slow time on campus, when cashiers are available for training.
While you are defining your EMV strategy, there are ways to mitigate fraud even without EMV. For example, you can ask your cashiers to ask for the payer’s ID. In addition, transactions may be structured so that they require the manual input of information from the card. For example, CASHNet® Cashiering Solution requires entering the last four digits of the card number.
The bottom line is that if campus leaders are ready to adopt EMV, they have the processor and software provider support. If they are not ready, there’s still time.
For more information visit higherone.com/blog