The deadline for EMV certification is fast approaching for more than 8 million American merchants. Come October 2015, in excess of 10 million terminals must be made to comply with the new standard. Any merchant left behind will become liable for fraudulent card transactions on chip cards.
The challenge ahead is to complete an unprecedented number of certifications in an incredibly short timescale. Moreover, each merchant needs to repeat the certification process for each payment scheme it accepts, multiplying the scale of an already vast undertaking.
The question for the US payments industry is whether it can find a means to deliver EMV certification more efficiently than anyone has done before. Yet this also marks an unprecedented opportunity to create a paradigm shift in how certification and, indeed, the entire area of test and validation is delivered. Arriving at the right approach will ensure that the US is not only prepared for life in a smart-card landscape, but a world leader in shaping that landscape to the benefit of merchants and consumers alike.
Since its introduction to the global payments market in the late 1990s, the process for EMV certification has been a long and laborious one. Large chain merchants, who typically own their own terminal estates, can take up to six weeks to certify for each payment scheme. For a processor with 10,000 merchants, an unmanageable number of projects must be scheduled through a single helpdesk and certification function. The resulting backlog slows down the process for individual merchants, especially if they need more than one certification attempt. In addition, each merchant will face the prospect of two to three certifications per year for future compliance updates.
Merchants who own their own terminals have a lot to do to meet the 2015 deadline: they need to build up a team and adequate resources to deliver the EMV project; they need access to their acquirer’s support desk; and they need access to a test environment. Even when they are ready to certify, they will have to get in line with thousands of other merchants to book certification slots: availability is limited, helpdesks are busy, and delay and frustration mount all round. What’s worse, having gone through the process, merchants almost always have to do it again, because they cannot validate their EMV development correctly in advance. More time and money is wasted.
Solving the problem would not just help merchants. It would also stand to help ISOs and VARs, who are often delegated the responsibility of delivering their merchant customer conversion to EMV.
It’s clear that merchant acquirers and processors need to find a way to provide a fast, scalable and merchant-friendly certification path. We should also not forget that certification is just the beginning for EMV. The industry needs to look ahead towards ensuring quality EMV implementation to preserve customer confidence in the technology, and to protect merchant revenues as the EMV world expands and diversifies. This means supporting ongoing compliance, and higher-quality testing, efficiently and on an ongoing basis.
Merchants in control: putting certification in the cloud
Meeting such a demanding deadline at a crucial time for the industry means reconsidering the status quo. We need to completely overhaul the way that merchants certify, and we can do it by using modern software-as-a-service methods to deliver self-driven certification on a large scale. By giving merchants the tools to check their own readiness for scheme certification in advance, we can remove the bottlenecks and speed up the process.
Innovations in cloud computing have transformed banking service delivery beyond recognition, but its evolution is ongoing. We can now radically change how EMV solution development, certification, and ongoing compliance is achieved by applying software-as-a-service principles. Merchants will be able to drive the certification process independently, at their own pace, and without having to source and purchase systems to deploy in house: they can access what they need, when they need it.
A cloud-based Testing-as-a-Service (TaaS) model puts merchants in control of a streamlined EMV project process by granting them access to expert test project workflow and test cases, with automated validation of submitted results. Giving merchants their own online access is the key to an efficient and cost-effective migration to EMV. Optimized test and validation services using cloud technologies will dramatically reduce the level of merchant investment in keeping their payment systems compliant.
Testing-as-a-Service offers a twin-track solution for the EMV transition. First, its much-needed, early-stage test and validation capability will help merchants and their suppliers (ISOs, VARs, Third Party Processors) to deliver their EMV projects. A remote test and validation facility with best-practice workflow and pre-prepared test cases can help merchants in every stage of development prior to certification. Secondly, it gives merchants confirmation that they are correctly prepared for final certification. Having this ‘pre-validation’ of the card acceptance environment is hugely beneficial for merchants: it will eliminate the need for multiple certification attempts and the consequent overheads of arranging additional testing slots between merchants and their processors.
The grand prize is that Testing-as-a-Service has the power to deliver the scale and level of automation that the industry needs to be able to meet the mandated liability shift deadline.
Getting back to business: saving time and resources
Cloud-based testing and validation stands to entirely transform an outdated approach to preparing for EMV, but it is even more valuable when you consider that EMV compliance is not a single event. In addition to scheme updates, ongoing certifications are also normally required for changes to the POS EMV kernel, or to new payment device deployments. Global experience suggests that Tier 1 and Tier 2 merchants typically go through as many as three certifications per year for each payment scheme supported.
Clearly, automated self-managed EMV certification projects with easy-to-follow EMV project workflow will free up resources to refocus on the core business of retailing, slashing certification costs and timelines for everyone.
For Processors and Acquirers, cloud-based testing and certification can also impart competitive advantage by bringing merchants on board faster, and keeping them there. A smoother test and validation process opens the way to offering merchants improved EMV processing transaction costs. Merchants who access self-managed certification via the cloud are less likely to move to another processor or acquirer offering a standard EMV Certification process.
A new dawn in payments testing?
As the economics of payment service delivery changes, pressure is rising to find ever-more efficient ways to deliver an increasingly complex array of payment services. Testing and validation, including compliance and certification, are a significant overhead in the delivery process and often delay getting new updates to market.
Payments testing approaches have not changed in 20 years, yet innovations in software-as-a-service and cloud computing are revolutionizing banking and payments. By harnessing these technologies now, we can provide the go-to answer for delivering a streamlined self-managed testing capability directly to your key merchants with minimal capital investment.
Building on years of global payments expertise, the US market can spearhead this break-through approach to provide every merchant with industry best practice for optimizing test and EMV migration strategies. Harnessing this potential to transform EMV certification and compliance for the payments industry now will ensure that we can be in a position drive the exciting commercial opportunities that will come with smart card technology. Far beyond the immediate goal of meeting the October EMV certification deadline, integrating the capability to manage these technologies into how we work now will keep the payments industry on course for meeting new market requirements for years to come.
By Fergal Molloy, Chief Executive Officer at Acquirer Systems
Reprinted from an article originally published by PaymentSource.