NATIONAL REPORT—The EMV liability shift is here. Have hotels adequately prepared for this milestone?
On October 1, major U.S. credit card companies such as MasterCard, Visa and American Express will officially migrate over to EMV (Europay MasterCard Visa) standards, in which a microprocessor chip has been added to the card to reduce vulnerability to fraudulent in-person transactions. There are significant implications for merchants—most notably, a liability shift from the credit card company to businesses if a chip card is presented and the merchant does not have an EMV-capable point-of-sale (POS) system.
As hotels assess the risks and prepare to adopt the new paradigm, moving ahead has been intricate and slow going. “The hotel industry is trending in terms of their migration to EMV slower than retail and restaurants. This can be attributed to a few factors,” said Michael English, executive director, product development, Heartland. “There’s the complexity of adding EMV transaction acceptance to property management systems; acquirers and processor EMV certification queues are full; and there’s lower than average chargebacks due to fraud (lost, stolen and counterfeit).”
Hotel brands taking on the daunting task of updating the technology remain aware of the potential threat to their hard-earned reputation if they’re not in compliance. “The bigger chains recognize that their brand could be at risk and want to make sure they are compliant,” said Gregory Burch, VP, mobile, business development and ISV partnerships at Ingenico Group North America, adding that it’s a branding issue as well. “What ends up happening is the cardholders, as they learn about what the chip card is and why it’s on there, start associating it with protecting their identity. Once that link happens, the brands want to be associated with protecting consumer identity. We saw that both in Canada and the U.K.” English added, “A global chain wants to be seen as accommodating its customers and making them feel comfortable. Adding chip-card support is a small, but impactful way of doing so.”
One brand in particular, Red Roof, prepared to adopt new procedures ahead of the deadline. “Red Roof has rolled out an all-new EMV capable credit card readers as our new brand standard. We have selected the ISC480 terminal with a 7-in. screen for viewability to capture a signature where applicable and a data entry mechanism for accepting our new Red Roof Visa card offering,” shared Red Roof CIO Jeff Linden. “In addition, our company has worked hard to inform everyone about the upcoming changes through a variety of internal communications. The main focus has been getting the proper technology in place, integrated with our property system, so that that compliance is just a natural extension of existing procedures.”
For hotels that are not yet ready, the road to implementation is lengthy and fraught with challenges. “EMV is a rather complex transaction set, as compared to magstripe support. POS and PMS companies are learning EMV just like the majority of acquirers and processors did. Those POS and PMS systems also had to wait until their acquirers and processors were ready to hand them EMV specifications, answer questions and be ready for EMV testing and certification,” said English.
It’s not too late for hoteliers not in compliance. English advises hotels to take the following steps: understand the risks, determine costs of an upgrade; communicate with providers to ensure preparedness and, if possible, seek out alternatives that may provide a cost savings. “In some cases, it will be less expensive to install a stand-beside solution, such as an attended terminal rather than upgrade the POS and PMS. These steps will lay the groundwork for need and readiness,” he said.
Once under compliance, the next step is ensuring the proper education of hotel staff to handle the new operational processes of the technology. “On the outset, it’s going to take a little bit longer because every time the card is inserted, it sends data up, there’s a negotiation and the card could be reprogrammed. There’s the operational impact to consider. What they should be doing is monitoring and training their staff to prepare for that,” urged Burch.
—Corris Little