|Patricia Moore looks into the impending Eftpos Version 6 upgrade, and some of the security issues surrounding card-based electronic transactions. |
It can be something of a surprise to be told ‘we don’t do Eftpos’. Since its introduction back in 1985 consumers have taken for granted the availability of electronic funds transfer at point of sale; it’s how we shop.
“People expect it, a bit like electricity and water,” says Paul Whiston, head of sales and marketing at Paymark, which, with EFTPOS New Zealand, make up New Zealand’s two processor networks. And we like the ease of those card transactions; Kiwis have the highest Eftpos usage, per capita, in the world. (In early January, Paymark, which processes 75 percent of all transactions, celebrated its nine billionth transaction in a little over 20 years of operation.) As consumers, we also enjoy the luxury of paying no fees on transactions – elsewhere in the world that’s not the case, but the banks are committed to maintaining a low-cost model, says Whiston.
But come June 1, there could be a whole lot of businesses apologising for the non-availability of electronic payment facilities – and maybe a whole lot of customers looking elsewhere to use their cards.
In line with new global security requirements, all terminals in New Zealand must be upgraded (to Version 6) by that date. This will enable EMV (chip-and-PIN) migration where magnetic stripes on credit cards are phased out in favour of small computer chips – a standard pioneered by Eurocard, MasterCard and Visa. Hence, EMV. No-one can avoid the upgrading and banks will begin disconnecting merchants with non-compliant terminals as of June 1.
While this may be news to consumers, it hasn’t exactly happened overnight. The process has been underway for some time now with the Rugby World Cup as the milestone event used to highlight the necessity for change.
“The driver is actually the international mandates around security with which we have to comply as a country,” says Whiston. “The date coincided with the RWC and, as an industry, it was decided to tie the two together.”
And they are absolutely related, says Whitson; visitors to New Zealand for the event will be using the new chip cards the banks are issuing and previous technology simply won’t work. “How good is that for New Zealand? How good is that for a retailer?”
Merchants also need to be aware that the Rugby World Cup is expected to bring with it a massive increase in card fraud. “Every large sporting event sees the host nation’s credit card fraud rate soar – the World Cup in South Africa was a perfect example,” says Simon Gamble business development director at Mako Networks.
“Since there are a large number of foreign cards in the country the banks’ fraud detection systems struggle to do their job as the baseline of ‘normal’ activity has changed so much.” For similar reasons criminals find it easier to get into the country, he warns.
“Banks, merchants and cardholders will need to be extra vigilant and employ the latest security measures to ensure New Zealand’s safe image is upheld.”
The industry has put considerable efforts into co-ordinated communications to ensure that merchants who need to upgrade their terminals are aware of the need, understand it is compulsory and know what the deadline is, says Alan Sharpe, product and marketing manager at EFTPOS New Zealand. “Merchants have also been advised that non-compliant terminals will be disconnected from the network if they don’t meet the deadline and any lenience received in the past will not be extended this time.”
(www.areyouready.co.nz has been set up to enable merchants to check whether a terminal is compliant with the latest standards.)
Slow to react
Merchants have been slow to accept the clock is ticking. By November last year Paymark figures indicated 45,000 terminals throughout the country still required upgrading. By mid-January that was down only a fraction to 40,800. Time’s running out and the danger is that there may be neither the terminals nor the manpower to actually handle the installations and upgrades.
Brendan Eager, at resellers Eftpos2Go, talks about being in a store and asking the business owner if he realised his 5.1 terminal needed replacing. “He said, ‘Yeah, I’ll get to it’. There’s a guy who will wait ‘til May. The scary thing is that back in 2008 at the last upgrade path, nothing actually happened to those who didn’t upgrade.”
So why the reluctance?
“Cost can be a factor for merchants that choose to own their own terminal, rather than lease,” says Sharpe. “These merchants may be leaving the upgrade to the last minute. This is a risky strategy with the volume of terminals still to be upgraded.” (Sharpe reports that, in fact, all EFTPOS NZ terminal customers connected to the ENZ network have been upgraded and that the majority of their customers who connect to Paymark are also compliant.)
Sharpe’s advice to merchants is to lease the technology. “Gone are the days of purchasing a terminal and expecting it to last five to ten years. In an uncertain and changeable market, characterised by rapid technological development and payment security standards, leasing protects against future changes and the associated costs.”
But, he says, merchants need to be wary of locking themselves into a 48-month contract. “While the price might be more attractive, you need to ask does it include free 24/7 after sales service and support? And will the terminal be upgraded at no cost if new standards are introduced or the current technology becomes obsolete?”
Eager says they also advise leasing and notes that while initially the trend was towards purchasing the equipment, today leasing is by far the more popular option.
“Although the South Island still tends to buy, while the North Island leases.”
Merchants are price driven and the opportunity to buy a cheap device can be tempting, says Eager. “But eighty percent of their business goes through Eftpos and until it breaks down they don’t realise how important it is.”
He says that’s when the crunch comes. “Service and support off the back of Eftpos is crucial. Our clients know we’ve got kit on the ground and a man in a van who is going to fix stuff when it breaks. Not next week, but now.” (Eager is a prime mover in the establishment of an accredited reseller programme.)
Taking security seriously
But how seriously do we take the business of card security?
“There’s an assumption among business owners that the technology will take care of it,” says Whiston. “Which makes it even more important that they get on with the upgrade.”
A recent study from the Ministry of Justice found more Kiwis are fearful of credit card fraud than burglary, says Gamble. “However, until they experience a card breach, most business owners are more focused on making their business successful than on payment card security. Most merchants and consumers are unaware of how card fraud works and how they play a key part in securing card payments and preventing fraud.
“For most people the concept of card security begins and ends with the signature or PIN. It doesn’t take into account the computer network environment or the storage of card data. What’s more, there’s little awareness of the penalties businesses face.”
Consumers are usually protected from paying for card fraud but Gamble says a business can be held responsible by the acquiring banks and card companies, potentially footing the bill for an investigation into the card fraud (in addition to any fees and penalties) if it is found they could have done more to protect against such a situation. “It’s a little known but important clause in the agreements they sign with banks, that can place the blame, and expenses, right at their feet.”
Tuesday, 15 February 2011