By Debbie Carson, Associate Editor
For many restaurant operators, EMV compliance for processing chip card (chip-and-signature and chip-and-PIN) transactions, and the imminent liability shift, has been the main impetus to upgrade their technology capabilities. Unless restaurants are EMV compliant, they can now be held liable for fraudulent charges.
Compliancy protects against merchant liability, provides better fraud detection, and accommodates guest preferences as they increasingly shift to EMV-enabled payment options. Of course, transaction data collected by a POS system needs to be well-protected at all times. This means securely encrypting cardholder data the very instant a guest’s magnetic strip is swiped or chip is read. And it means keeping that data encrypted until the transaction is actually processed.
Some systems store data on cloud-based servers, others on on-premise servers. Either way, the systems must be equipped to safeguard against risks of data breaches by complying with Payment Application Data Security Standards (PA-DSS) and Payment Card Industry Data Security Standards (PCI-DSS). Some systems monitor transmittal activity and send an alert if there is even the slightest suspicion of rogue access points.
In addition to safeguarding cardholder data against the possibility of outside theft, the systems need to also protect against the possibility of employee theft. One way is to automatically track all the cash that servers collect. Some systems offer “blind closeout” capabilities; servers reconcile all cash across all drawers at the end of each shift without them knowing the precise amount they are expected to collectively turn over, ensuring employee accountability.
Mobile payment processing
In addition to upgrading their systems to accept EMV payment processing capabilities and meet new compliancy requirements, many restaurant operators are also purchasing hardware that can accommodate cashless payments.
Increasingly, guests want to be able to use their own smartphones with the restaurant’s POS system. They want to be able to pay their bills with an e-wallet app like Apple Pay, Google Wallet or Android Pay rather than with a debit or credit card. EMV payment processing tends to result in a suboptimal guest experience because it not only requires greater effort but it also has a significantly longer wait time than mobile payment processing (given the need for the technology to rewrite the security transaction of the card).
In fact, EMV transactions where the guest inserts a credit or debit card into the POS device typically take upwards of 15 seconds to complete. In some restaurant categories (e.g., drive-thru windows in fast-food chains, where the key performance metrics are tied to number of cars per hour and customer service times), that latency can be hard to stomach.
In contrast, mobile payments typically require only a few seconds to complete. While mobile payment processing and EMV are taking off at the same time (and operators can generally now accept mobile payments at the same terminal as EMV processing), mobile will likely become the preferred payment method over time. Solution providers are investing in contactless payments and support for the popular NFC mobile technologies that provide EMV processing at a much faster speed.
Until recently, it could be a challenge to make a bulletproof business case for the need to accept mobile payments. That, however, is no longer the case.