|Patricia Moore looks into the impending Eftpos Version 6 upgrade, and some of the security issues surrounding card-based electronic transactions.
It can be something of a surprise to be told ‘we don’t do Eftpos’. Since its introduction back in 1985 consumers have taken for granted the availability of electronic funds transfer at point of sale; it’s how we shop.
“People expect it, a bit like electricity and water,” says Paul Whiston, head of sales and marketing at Paymark, which, with EFTPOS New Zealand, make up New Zealand’s two processor networks. And we like the ease of those card transactions; Kiwis have the highest Eftpos usage, per capita, in the world. (In early January, Paymark, which processes 75 percent of all transactions, celebrated its nine billionth transaction in a little over 20 years of operation.) As consumers, we also enjoy the luxury of paying no fees on transactions – elsewhere in the world that’s not the case, but the banks are committed to maintaining a low-cost model, says Whiston.
But come June 1, there could be a whole lot of businesses apologising for the non-availability of electronic payment facilities – and maybe a whole lot of customers looking elsewhere to use their cards.
In line with new global security requirements, all terminals in New Zealand must be upgraded (to Version 6) by that date. This will enable EMV (chip-and-PIN) migration where magnetic stripes on credit cards are phased out in favour of small computer chips – a standard pioneered by Eurocard, MasterCard and Visa. Hence, EMV. No-one can avoid the upgrading and banks will begin disconnecting merchants with non-compliant terminals as of June 1.
While this may be news to consumers, it hasn’t exactly happened overnight. The process has been underway for some time now with the Rugby World Cup as the milestone event used to highlight the necessity for change.
“The driver is actually the international mandates around security with which we have to comply as a country,” says Whiston. “The date coincided with the RWC and, as an industry, it was decided to tie the two together.”
And they are absolutely related, says Whitson; visitors to New Zealand for the event will be using the new chip cards the banks are issuing and previous technology simply won’t work. “How good is that for New Zealand? How good is that for a retailer?”
Merchants also need to be aware that the Rugby World Cup is expected to bring with it a massive increase in card fraud. “Every large sporting event sees the host nation’s credit card fraud rate soar – the World Cup in South Africa was a perfect example,” says Simon Gamble business development director at Mako Networks.
“Since there are a large number of foreign cards in the country the banks’ fraud detection systems struggle to do their job as the baseline of ‘normal’ activity has changed so much.” For similar reasons criminals find it easier to get into the country, he warns.
“Banks, merchants and cardholders will need to be extra vigilant and employ the latest security measures to ensure New Zealand’s safe image is upheld.”
The industry has put considerable efforts into co-ordinated communications to ensure that merchants who need to upgrade their terminals are aware of the need, understand it is compulsory and know what the deadline is, says Alan Sharpe, product and marketing manager at EFTPOS New Zealand. “Merchants have also been advised that non-compliant terminals will be disconnected from the network if they don’t meet the deadline and any lenience received in the past will not be extended this time.”
(www.areyouready.co.nz has been set up to enable merchants to check whether a terminal is compliant with the latest standards.)
Slow to react
Merchants have been slow to accept the clock is ticking. By November last year Paymark figures indicated 45,000 terminals throughout the country still required upgrading. By mid-January that was down only a fraction to 40,800. Time’s running out and the danger is that there may be neither the terminals nor the manpower to actually handle the installations and upgrades.
Taking security seriously
But how seriously do we take the business of card security?
Consumers are usually protected from paying for card fraud but Gamble says a business can be held responsible by the acquiring banks and card companies, potentially footing the bill for an investigation into the card fraud (in addition to any fees and penalties) if it is found they could have done more to protect against such a situation. “It’s a little known but important clause in the agreements they sign with banks, that can place the blame, and expenses, right at their feet.”
Tap and pay
Contactless payment solutions are also becoming more widespread. Just tap a card on a pad and the payment goes through without swiping or PIN entry. These are ideally suited to businesses operating in the hospitality and events sectors where speed of payment is essential, says Alan Sharpe.
January 18, 2011