Digital Transactions Authoritative, insightful and timely information for payments professionals
The message about EMV and its payment-processing benefits is not sinking in with smaller merchants. That’s the assessment from Heartland Payment Systems Inc.’s chief executive Robert O. Carr, who says Heartland is responding by offering all-in-one security technology that includes but goes beyond EMV.
“Well, resonating would be an overstatement,” Carr told analysts during a conference call Friday to discuss Heartland’s earnings. “[EMV] is not resonating with the small merchants.”
More than 70% of small merchants will not be EMV compliant come Oct. 1, the date the liability for point-of-sale card fraud shifts to the party unprepared to process an EMV transaction.
“While the larger merchants understand the security exposure created by routing cards through the POS, this has been a revelation to the small and mid-size merchants,” Carr said. “That is why one of our strategies is to bring the capability currently enjoyed by only the larger merchants into the small and mid-size merchant community, as they migrate to EMV.”
To that end, Heartland has devised a point-of-sale service that incorporates EMV, tokenization, and encryption.
“We strongly believe that encryption is required in this new marketplace because EMV does not encrypt transactions,” Carr said, meaning criminals can still get to the unencrypted data if it’s not protected.
That could include the card number, expiration date, and the cardholder’s name, he says. It could be enough to go online and commit fraud. It’s happened in other nations that adopted EMV, he said. Heartland, however, is selling EMV with encryption. “Because we are the processor and we handle the full range of the authorization and gateway services most of the time, we can provide and do provide end-to-end encryption along with EMV,” Carr says.
Dubbed Heartland Secure, the service is available on select Ingenico Group, Pax Technology Inc., and VeriFone Systems Inc. POS terminals, as well as Heartland-branded devices. By using EMV, encryption, and tokenization, Heartland Secure can reduce or eliminate a merchant’s data-security compliance requirements, taking it “out-of-scope.”
Restaurants, in particular, face unique EMV issues. For them, Heartland Secure makes sense, Carr said. In 2014, according to Heartland’s annual report, restaurants accounted for 24.7% of its customer base. It works with approximately 42,000 merchants.
With restaurants in mind, Heartland Secure offers a multi-use token that can be used to safely store a consumer’s payment information without exposing the actual card data and without requiring the consumer to repeat their payment card details for subsequent orders.
Still, restaurants are dealing with EMV very slowly, Carr said. “We’ve many restaurants that we want to go to [Heartland Secure], but many more that don’t understand the whole situation and we’re having to educate them,” he said.
Separately, Carr said Heartland is closing its Leaf tablet-based POS product by the end of June.
