Businesses are turning to bill payment kiosks to enhance customer experience through self-service payment. Bill payment kiosks offer customers a secure transactional solution and provide businesses with a new way to improve customer service. Interactive self service kiosks are mostly unattended devices, providing self-service solutions across a wide range of industries and use cases. With the rolling implementation of EMV “chip and signature” and “chip and pin” cards in the U.S., improved security for consumers and decreased fraud for merchants are compelling benefits of a bill payment kiosk.
Beginning on October 1, 2015, the U.S. took the first of several meaningful steps in joining the rest of the world in fighting credit card fraud as the EMV system took effect. With this step comes a shift in liability related to counterfeit transactions. EMV is the acronym for Europay / MasterCard / Visa, the three organizations that developed the specs, and is the global standard for cards with computer chips and the technology used to authenticate chip card transactions.
Think of EMV as a “front-line of defense” that protects against the use of stolen or counterfeit cards at retail point of sale (POS). Under the new system, if a retailer accepts a chip card but doesn’t have a chip reader, the card issuer will no longer bear responsibility for fraud if the card is counterfeit, shifting the burden to the retailer. If both the card issuer and retailer have adopted EMV chip card technology, the liability remains with the issuer.
Questions to Ask Before Investing in a Bill Payment Kiosk
There are exceptions to the October 2015 shift: ATMs and automated fuel dispensers will not completely participate in this liability shift until October 2017. The new EMV liability shift also does not apply to “card not present” transactions (mail/internet/phone orders).
However, EMV does not prevent data breaches and hacks into back-end POS systems. The goal of EMV is to make it impossible for someone to use a stolen or cloned card. Security breaches and hacks seem to be in the news all the time, raising consumer awareness of the need for improved security and protecting their information. To merchants, EMV is about managing the high cost of fraud and maintaining consumer trust.
The liability shift is a compelling event for large retailers, who have significant revenues and customer bases and can afford the high costs of the new POS terminals and integration processes. They have a better chance of a ROI from EMV than small retailers. The implications for retailers are significant in terms of costs and managing fraud. New POS terminals are required to accept chip cards, and the costs are significant in terms of the terminals and integration into retail POS systems.
Cost estimates from the NRF and other retail industry groups range up to $35 billion. But fraud is a huge problem and costs $8.6 billion in the U.S. annually according to the NRF, and the new EMV chip cards have the potential to drive that way down based on experience in the UK and Canada. In Canada, fraud due to debit card skimming has dropped by almost 80% since 2009 according to Interac, Canada’s leading payment system.
What does this all mean to self service kiosk manufacturers and buyers?
The first issue is that these interactive kiosks are usually unattended devices, delivering self-service solutions. This means that the kiosks can’t use a basic POS terminal – an OEM approved for unattended use is needed. They have a higher degree of security in them that prevents people from getting in and accessing the keys to the data.
A major point about EMV is there are three pillars to become a solution that is certified. If any one of the devices changes, it’s required to be recertified with the EMV managing and certifying organization called EMVCo.
The three pillars are:
- Certified hardware/payment terminal: lots of these exist
- In combination with #1 is certified software
- In combination with #1 and #2 is a certified merchant bank
Level 1 EMV compliance relates to the hardware (the self service kiosks), and Level 2 relates to the kiosk software driving the hardware. There are tradeoffs. Transactions happen between the POS device directly with the bank. Current kiosk vendors will have to adjust to that because they are accustomed to handling a customer’s personally identifiable information (PII). But the problem with handling PII is a significant PCI compliance issue with security and liability risks.
For kiosk vendors the EMV system means a limited set of hardware options. For example, a Level 2 certified solution, can include the following highlights:
- Certified unattended hardware including indoor and outdoor
- Certified commercial off the shelf (COTS) software with an EMV/PCI certified stack
- Deliver additional certified technology and offer a single point of integration with the COTS software as well as other devices like cash and check and scanners.
EMV compliance can be complicated and costly, and marks a milestone with the Liability Shift in the U.S. But card issuers need to complete chip card distribution, and more merchants need to participate, before the U.S. can see the positive impact on fraud that the rest of the world has seen.