Posted by DRS Help Desk on 13 May 2015 12:18 PM
WARNING: We have received four reported cases of chargebacks to date due to fraudulent cards. Two of the chargebacks resulted in retailer losses over $1000. If you are not processing credit cards with an EMV capable device, you are susceptible to thieves targeting small businesses. This situation will either be a fraudulent card that looks legit but cashier swipes it instead of a chip read, or a manually entered card that is not checked against AVS (zip code) and CCV (security code). The solution we offer below handles these type of transactions with no liability assumed by the retailer. DON'T WAIT FOR A CHARGEBACK TO HAPPEN TO YOU!
See UPDATED section below for latest options.
Here's some points to keep in mind regarding your credit card processing options for Microsoft RMS.
1. There was no mandate to shift to EMV capable processing by October 1, 2015. It is a liability issue for retailers. If a fraudulent card is presented and swiped at a store when the card issuer provided a chip, the retailer assumes the loss not the card issuer. If you carry high ticket items and have been swindled by thieves using a stolen card or a "won't swipe" card that was manually keyed in, you can avoid fraud and liability by installing an EMV capable system.
2. Integrated EMV solutions for RMS include several options. There are limited advantages to switching to an external EMV terminal that offers no integration with RMS. However, that may be your only option for EMV protection (see Solution 3 below).
3. Don't be duped by a quick-fix sales pitch from a merchant procesor sales rep banging on your door. A number of processors have targeted small businesses in an attempt to cash in on the "ApplePay" craze. Our advice is to evaluate all options and offers. Only selected hardware devices will be certified to work with your POS system.
Bottom line: There is no compliance rule to force you to upgrade your card processing devices, but after Oct 1, 2015 you assume the liability for in-store fraudulent chip enabled cards swiped on a non-EMV terminal. You need to weigh costs of upgrading your system against risk of chargebacks. For small ticket, low chargeback environments, the benefits may not be worth the cost. High ticket retailers have less choice as a single chargeback could be an expensive loss. Your best solution is one that fully integrates with RMS to streamline processing and includes a certified self-swipe, PIN pad device or signature capture hydra device. Additional protection by tokenization, P2P encryption, and CCV/AVS for mailorder/telephone transactions will also be available if you follow our recommendations.
PCI compliance: You can ONLY comply with the latest PCI standards for P2P encryption with tokenization by using a plug-in for RMS or running standalone PCI compliant terminals (see solutions below). A plug-in or terminal also handles changes such as SHA-2 compatibility. Please note running XP stations on your network means your system is NOT PCI compliant. EMV plug-ins require a secure OS (Windows 7/8/10). Contact our help desk if you have any questions.
Stay tuned. We will update this post as new information becomes available including a list of certified devices, supported plug-ins, and special offers.
UPDATED: Solutions available as of 8/17/2016
Solution 1: For RMS users currently processing with Vantiv/Mercury with optional Verifone 1000se PIN pads for debit cards*.
Verifone vx805 PIN pad unit replaces your 1000se and supports self-swipe credit card, is EMV ready** (chip & PIN), and accepts NFC (ex., ApplePay, Google Wallet). This solution also provides you with CVV/AVS (security code/address) protection on manually entered cards.
The required EMV/NFC plug-in for Microsoft RMS is FREE including installation and support from DRS Help Desk.
When you receive the replacement PIN pads, contact our help desk for assistance with your installation. Once installed consumers will self-swipe their cards (including Vantiv/Mercury gift cards) instead of handing a card to the cashier. Other changes include auto-batch settlement plus EDC reporting via the cloud (EDC reports in RMS are disabled). Tendering procedures remain the same including debit*. Signature is still required since most card providers in the US are issuing chip cards without a PIN. Full Chip & PIN support is months away from being fully implemented by the US industry at large.
*This solution adds self-swipe with the capability to handle EMV (chip&PIN) and NFC (tap) transactions. Debit card processing with PIN is supported as of 3/16/2016 dependent on issuing bank for the card, whether a supported gateway, and which EMV device(s) you have (check with Worldpay for current status). Debit network usage fees apply or debit as credit at a lower rate (check with Worldpay for current rates and fees).
**EMV servers were activated on September 16, 2015. Consumers can now insert their chip encrypted card into the front of the device rather than swipe it. A signature is still required until the card industry fully supports PIN entry for identification. Self-swipe is provided on the right side of the device for standard card processing or swiping a Vantiv/Mercury gift card.
Solution 2: For RMS users currently processing with Mercury/Vantiv and using Magtek IPAD devices with signature capture.
Ingenico iCS250 unit replaces your Magtek and supports self-swipe credit card, EMV (chip & PIN), and accepts NFC (ex., ApplePay, Google Wallet). This solution also provides you with CVV/AVS (security code/address) protection on manually entered cards.
The required EMV/NFC plug-in for Microsoft RMS is FREE including installation and support from DRS Help Desk. Tendering procedures and online EDC reporting will remain the same.
To begin the migration process you'll need to purchase your replacement devices(s) at the following link (one unit for each POS lane that processes credit/debit/gift cards).
Please note a more expensive signature-capture device may not be in your best interest long term. As US processors move to PIN as the primary method of fraud prevention, signature capture will fall by the wayside. A handheld unit is also preferred so cashiers can manually enter card info when required such as a MOTO (mailorder/telephone) transaction with CCV/AVS protection (security code/address).
EMV stands for the new EuroPay/MasterCard/VISA standard. In Europe the default method for processing cards is PIN entry for identification, not a signature. The standard EU terminal is a handheld unit without signature capture that prints a signature line on a receipt to support consumers without chip cards (ex. American tourists). If you prefer a lower cost alternative consider our Solution 1 option above.
US banks are issuing chip cards with magswipe to ensure "backward compatibility" for US markets. Some card issuers do not support PIN yet, but PIN based protection is the goal of the industry.
Solution 3: For RMS users relying on native RMS integration and processing with other merchant providers (Heartland, Chase Paymentech, Elavon, Simplêfy, Bank of America, First Data, etc.).
All retailers who wish to run RMS with an EMV compatible setup will need an integrated payment solution comprised of a RMS software plug-in and specific hardware as provided by their merchant processor or a 3rd party gateway product that works with a compatible network. Additional charges will apply for the plug-in, gateway, and/or hardware. Typical costs run $2000-3000 (if available for the processor).
Option A: Contact your merchant processing provider to ask what certified middleware plug-in and hardware they offer for Microsoft RMS users. If an integrated option is not available, you will need to disable integrated card processing in RMS and switch to external EMV capable terminals supplied by your mechant processor. When you receive the terminals, contact DRS Help Desk for instructions on disabling integrated card processing or login to our help desk and search our knowedgebase for "disable EDC". An external terminal means the cashier must enter the total for each sale manually on the terminal then return to POS to complete the tender once approved.
IMPORTANT: DRS does not install or support EMV/NFC solutions for any merchant processor other than Mercury/Vantiv. Your processor will need to directly support RMS users and provide a total solution if you wish to deploy integrated EMV/NFC processing with RMS.
Option B: Now is a good time to consider a switch to Vantiv for a fully integrated solution (Solution 1 or 2 above). There are numerous benefits and value-adds including low cost, self-swipe EMV/NFC hardware along with a free plug-in, free gift card processing, auto-settlement and online reporting. For a competitive rate quote click here.
You need to weigh the benefits of a integrated credit card/debit/MOTO/gift solution with a non-integrated solution (external terminal, manual entry). If a lower rate non-integrated solution meets your needs by all means go with it. If you appreciate and understand the value-adds and benefits of our integrated solution consider a quote from Vantiv.