Back to Banyan Hills Insights

The ABC’s of PCI and EMV compliance. What do small businesses need to know?

It’s essential for small businesses to have an end-to-end payment solution in place that allows for PCI and EMV to be addressed.

August 2, 2016 - There are some very basic steps you can take towards making your payment processing solution compliant with PCI and EMV. Payment Card Industry (PCI) and Europay, MasterCard and Visa (EMV) compliance are concerns of any payment processing solution today.

$20,752 is the average cost to a small business due to hacking, up from $8,600 in 2013 (National Small Business Association)

It’s essential for small businesses to have an end-to-end payment solution in place that allows for PCI and EMV to be addressed. Cyberattacks are no longer just a problem for large, global enterprises they are a problem for any company of any size with a payment processing solution. Businesses of all sizes can take steps to protect customer information. This was the case for long-time, Banyan customer Franchise Entertainment Group (FEG).

Franchise Entertainment Group (FEG) is Australia’s premier home entertainment group encompassing such iconic brands as Video Ezy, Blockbuster and EzyDVD. FEG’s DVD rental kiosk solution needed to integrate a new EMV-compliant hardware and gateway for payments and have supporting infrastructure. They also needed their team trained on processes to support ongoing compliance.

Here are some of the steps FEG took towards becoming PCI and EMV compliant. Sometimes it is as easy as ABC. Don’t be intimidated by hackers, be prepared.

‘A’ Always be aware of your vulnerabilities

Your business and the customer experience revolve around the point of transaction. It’s where revenue is made and where you can build trust. Whether your point of transaction is a point-of-sale (POS) system or a vending machine, or DVD rental kiosk like FEG, always be aware of points of vulnerability surrounding your devices. Criminals can steal data in a number of ways like inserting “malware” onto the payment system to steal credit card data. Mag stripe readers are at greater risk for data breaches than chip readers. There are several other points of vulnerably shown in this illustration.

Illustration-HowCriminalsGet your Data

‘B’ Bring on a partner that has expertise in PCI and EMV compliance

As the payments landscape continues to evolve, standards and compliance are insurance to your business and your customers that operations will continue to run smoothly and securely. Whether you’re starting out, or scaling up, it can be hard to keep up with the latest standards. You can vastly simplify any PCI concerns about your payment processing environment by going with EMV. However, it’s not without its challenges, especially if current business processes rely on the availability of data obtained directly from the credit card. So don’t go it alone, work with a partner that has expertise in this area. Here are some key learnings from FEG’s integration of EMV.

How you can identify the customer

For FEG, the situation required the payment system to identify the customer (the human) based on the credit card they presented. In a non-EMV world, that is generally accomplished by reading the card data and matching it against data already stored. Similarly, data obtained via a token for the card can also be matched against previously stored data. Conversely, with an EMV situation it’s unlikely you’ll have access to the card data nor you will not have access to the card number. Further, many providers have yet to implement a tokenization routine for EMV-based transactions. We solved for this by partnering closely with the payment provider to develop their technology to support both a limited card read (name, bin, and last 4) as well as a tokenization solution.

What you can do to support recurring billing

Another challenge is recurring billing with an EMV solution. This mirrors the first problem, because you will not have access to the full card information, and the payment processor must provide some means to effectuate a follow-on payment or refund when the card is not present. In FEG’s case, the payment processor had a secondary API that allowed for those payments to be processed, which we had to implement in parallel with the card reader integration.

Consider the impact of network and infrastructure changes

There may be network and other infrastructure related changes that you’ll need to make in order for the EMV transactions to flow through the environment, depending on the solution that is chosen. For example, some card readers may connect directly from the endpoint to the payment processor without first passing through a central enterprise service. Additionally, if you have a large network of terminals, finding a suitable set of hardware could be a challenge. In most cases the hardware needs to fit in existing devices or mounts, and it can be expensive to replace a large number of hardware units. At this time options are limited, as the hardware is mostly available directly from the payment processor as opposed to being able to choose from a set of generally available hardware.

‘C’ Continuously improve to comply

For FEG, finding the right partner put them on the path to PCI and EMV compliance. Their payment processing solution is fully compliant with PCI standards and the team has been trained on processes that will enable them to support evolving requirements to maintain their certification. Additionally, they have a complete, multichannel strategy that enables customers to reserve movies online or from their mobile device.

The PCI Security Standards Council (SSC) announced a significant advancement in its efforts to foster small-business cybersecurity: A set of payment protection resources that acquirers can use to educate and empower the small merchants they serve to fight cybercrime. It’s all about creating a better understanding of the real risks that go along with the method(s) merchants rely on to process payment transactions. To learn more about how EMV can help reduce fraud check out the Merchant Guide: Stepping Up to EMV Chip with PCI.

Take a look at this case study of FEG’s transformation and how they are enabling their business operations with Canopy IoT platform.

Resources For Learning About the Internet of Things

Stay up-to-date in this fast moving industry

Young sales assistant in store helps customer with matching outfit.
Merchants Under Pressure to Adapt, Evolve and Innovate

Here's a look at how merchants have adapted to changing consumer expectations during the coronavirus pandemic and what's needed to succeed in this new environment.

Read more
What To Look For In A Digital Transformation Partner

Most digital transformation projects fail to achieve their goals. What can be done to increase the number of successful digital transformations and make them less painful for businesses to undertake?

Read more
Embrace These Technologies To Enable Your Digital Transformation

We can think of ‘digital transformation’ in terms of its discrete parts. Each of them builds on one another and progressively yields more value to the business.

Read more
Files listed inside Canopy.
Canopy Update: See The Useful New 'Files' Feature

A few months back, we took feedback from customers and created a new feature called … you guessed it: Files. While the name may sound simple, this new functionality is extremely useful and helps you get even more out of Canopy.

Read more
Woman looking at a mobile device
Why is Mobile Device Management Important?

Mobile devices can represent a unique type of cyber threat for companies operating in today’s global economy. An MDM program can help alleviate the associated risk.

Read more
Canopy screenshot
No Longer Beta: New Version of Canopy Ready For All Users

The redesigned Canopy is now in general release and available to all customers. The new version includes lots of new features.

Read more

Awards and Recognition

A few of the places where Banyan has received recognition

Inc. 500 logo
IoT Innovations logo
Industry Today logo
Business Radio X logo
RFID Journal logo
VxChange logo
COVID-19 Update: Our commitment to our customers. Learn more