8 March 2010

 EMV and PCIDSS Certification Service

EMV Certification and PCI DSS certification are mandatory as laid out by the Card Associations. Non-certified retailers can be subject to fines, charge-backs as well as poor customer service at the checkouts.

The risk of fines and charge-backs remains a substantial risk to large Retailers that have a growing number of card based transactions. The problem is further exacerbated by the increased threat coming from criminal syndicates that are targeting retailers

But both of these certifications don't come cheap. A Retailer implementing integrated EFTPOS certified with both EMV and PCI DSS can expect to pay up to R5000 per lane including new equipment purchase and project costs.

And it doesn't stop there. EMV re-certification is required every time the Retailer makes a system change (new POS system or Pinpad) or changes his acquiring bank. This re-certification typically takes 6 months and will cost the Retailer in the region of R100,000.

An initial PCIDSS certification process can take two years and will typically cost the Retailer in the order of R2m in project costs, excluding any new hardware required to store or secure data. Then every year thereafter, the Retailer's network will need to be recertified which will cost about R200,000 per year.

Both EMV and PCIDSS certifications are onerous tasks. Understandably, the Retailer doesn't have staff with the experience to implement these certifications so specialised professional services need to be contracted.

So what options does the Retailer have?

  1. He can do nothing and ignore the acquirers instructions. This may expose himself in the form of charge-backs and poor customer service as well as increased business risk from the threat of hackers.
  2. He can do a once off certifications and then rely on this to give him protection in the longer term, though over time this protection will become weaker and weaker.
  3. He can religiously complete all re-certifications as mandated.
Even if the Retailer remains certified, he still needs to be on his guard to ensure that any charge-backs are justified, that he is receiving accurate settlement and paying the correct fees, that all declined transactions are valid and kept to an absolute minimum and that his card-holder data is secured.

So who does the Retailer turn to? Typically he will look to his Switching supplier to work closely with the acquiring bank and his own technical team on EMV certification and to a certification authority for the PCIDSS Certification.

eCentric Switch has come to the party and has done the following.
  1. Established a set price per initial EMV certification and subsequent re-certification, guaranteed to result in certification;
  2. Ensured that our switching environment is PCIDSS certified;
  3. Built PCIDSS into our product offering, ensuring that as much PCIDSS project work as possible is completed as part of the initial EMV project;
  4. Established a PCIDSS consulting service offered at time and materials to work hand in hand with the retailers selected Certification Authority to help facilitate end to end PCIDSS certification;
  5. Built ReconAssist to ensure that settlement is performed accurately and that charge-backs are kept to an absolute minimum;
  6. Implemented software downloads to minimise time and cost of distributing any application changes;
  7. Considering how velocity checks can provide early identification of criminal and fraudulent behaviour;
  8. Implemented monitoring tools to identify any problems that may creep into the card processing system;
  9. Implemented monthly reporting to ensure that the Retailer understands the success of his card processing systems.
In conclusion, eCentric Switch has recognised that EMV and PCIDSS certification requires Retailers to make big initial investments and substantial ongoing commitments to ensure certification remains current and his switching service delivers what it promises; fast and reliable payment service for the customers. eCentric Switch has structured its service to take the pain out of the certification process and allow the retailer to get on with moving his products and services. eCentric Switch has the track record to back this up, having over the past 3 years obtained many EMV certification certificates for our customers and recently extending our PCI DSS consulting service to our customers. eCentric Switch will get you compliant and give you the service you require, you can bank on that.

Back to News