CrossCheck Blog

CrossCheck Blog

Check Processing & Payments Information

Auto Dealers: Will You be EMV Prepared by October 2015?

Posted by Brandes Elitch | Mon, Jan 19, 2015 @ 09:00 AM

EMV Chip and PINCustomers and prospects ask us all the time what exactly is going on with credit cards. 

And no wonder as we approach NADA 2015 this week at the Moscone Center in San Francisco, California.

There is a lot of misinformation out there. For example, here are three breathless quotes from a well-known stock picking subscription service:

            “Due to recent changes in credit card liability, all merchants in America are now required to update their in-store credit card readers to a more secure standard referred to as EMV. Any merchant who does not comply will be liable for credit card fraud.  They have until October 2015.  So, in less than one year’s time, nearly every merchant in the US will have upgraded to these new readers.”

            “Every merchant in America is sure to have legions of shoppers demanding that they accept mobile payments.  Get ready for an all-out NFC frenzy!

            “With Apple getting on-board, mobile payments are now cool!”

What?

Well, let’s start by looking at the facts.

Obviously, most merchants will not meet the October deadline; of the 11 million terminals out there, only about 220,000 are currently NFC enabled. 

Second, Google Wallet has been around since 2011 and widespread demand for it never materialized.

And third, while Apple always has the potential to determine what’s cool, it currently holds a negligible market share and so it will probably take some time for them to become a dominant player in payments. 

The All-Powerful Sauron Plan: “Buy This Card Reader -- Or Else”

Car dealers and auto aftermarket vendors are being told that they need to buy new terminals and printers “right now” to work with the new “EMV chip cards” that banks are issuing. 

Without a doubt, things need to change.  When Visa and MasterCard went to Electronic Ticket Capture the banks that issued credit cards responded by issuing cards with a magnetic strip on the back.  It is pretty easy to make a counterfeit card and put someone else’s magstripe identity on the back.  This was merely an inconvenient truth until hacking started to become big business, funded by nation states and organized crime.

It has become obvious that a new paradigm is called for: encryption, tokenization, and the EMV card.   EMV means “Europay, MasterCard, and Visa,” which are the large card brands in Europe, where the chip card has been around for almost twenty years.

Here in the states, the card issuers and about a dozen very large banks dragged their feet about this conversion for years.  It seems almost like negligence, because there were fraud losses, but they were not so large as to be troubling.  The real reason the transition didn’t happen is that the banks were concerned that it would cost them about $3.50 to issue a new card with a chip on it. 

So now car dealers are being warned that if they don’t get EMV readers by October, they will incur serious liability, because it will shift from the card processor (called the “acquirer”) to the merchant when someone uses a counterfeit card on an older card reader.

If it seems unlikely to you that tens of thousands of dealerships across the country will complete this conversion by then, you’re not alone.  

Javelin Strategy and Research predicts that by December, 2015, card issuing banks will have issued 166 million EMV credit cards and another 105 million EMV debit and prepaid cards, which sounds like a lot but comes to a mere 29% of all cards in circulation. And at that point they will be only about a third of the way through the $4.2 billion it will cost to issue the cards across the U.S.

They estimate that perhaps half of the larger merchant locations might be ready by October, but that only about a quarter of businesses with fewer than 20 employees will be. One main reason is that buying the new terminals alone will cost merchants $2.6 billion, money that most do not have lying around for new payments processing equipment.

A crisis unfolding? Probably not, since they also estimate that it will take until the end of 2018 before the new cards are fully issued anyway.

The Real-World Plan

So what should you do in your dealership? 

Well, protect yourself from credit card fraud as much as possible right now. Many dealerships don’t fully take advantage of network and point-of-sale security systems they already own. Sometimes, a dealership will use the POS system as just another computer, using the same system to browse the web and receive and store credit card information.  In this case, the criminal can target an email to an employee with a malicious link, and when the employee clicks on it, malware is downloaded into the same computer, giving the bad guys access to all the consumer credit card information.

Some stores connect their POS systems to a third-party service provider.  However -- surprise, surprise -- not all third-party providers have optimal security practices. 

As an example, they might use a weak default password to remotely access all of their customer’s credit card terminals.  If the hacker can guess the remote access password, they can make your business a target. 

Whenever you add a new POS system, you should at least have a vulnerability scan conducted.  Make sure your anti-malware, intrusion detection, and firewall software is up to date and running, and restrict network access – especially remote logins. 

It’s a lot to think about, isn’t it?

But it is important.  According to the Identity Theft Resource Center, in 2014 there were 64.4 million payment cards compromised via data breaches.  This is up 38% from the previous year. 

The Next Step

Ultimately you will have to get the new terminals, but there is no need to panic or rush to judgment. 

Which is why it is comforting to know that you won’t have any such worries with the payment guarantee service provided by CrossCheck.

For auto dealers, we provide a loaner imager with our software.  The transactions come directly to us for authorization.  You swipe the checks through the imager, and give the originals back to the consumer, and we do the rest.  The data is SSL encrypted from the website to our back-end systems. 

We clear the checks and we put the money right in your account at any bank, and we provide comprehensive daily reporting of each and every transaction for each of your stores and business units within the store. 

You don’t have to worry about hacking or anybody getting access to your data files. We do not have access to your data, so it is never at risk when you are using CrossCheck. 

And soon, you might  not even need to have an original check, as we will be able to create a digital check file without a paper check to start off with! 

Remember, we are guaranteeing a series of payments to be made in the future, which is what helps you to sell an extra ten or twenty cars a month and not have to worry about whether or not the money is there.  Or worry about data breaches, stolen information, bad publicity, and all those other things! 

And guess what: you don’t have to buy any terminals or printers either, because we loan you the equipment you need at no cost!  You can sleep easier not having to worry about data security or even managing the workflow of doing the banking every day. 

Wouldn’t you really rather have a safe and secure payment service for your store, and one that costs half as much as taking a credit card?  Please click on the link below, or call us for a free consultation

Here’s to a more peaceful, and secure, 2015!

Complimentary Consultation

Topics: National Automobile Dealers Association (NADA), Brandes Elitch, Auto Dealerships

Written by Brandes Elitch

Brandes Elitch is Director of Partner Acquisition for CrossCheck Inc. A certified cash manager and accredited ACH professional, he garnered a Master of Business Administration from New York University and a Juris Doctor from Santa Clara University.