2015 payment trends: What changed in payments this year
With 2015 now behind us, merchants from a variety of industries are taking a look back at what the year meant for their business. It's important for companies to learn from the past to prepare for the future. One area to focus on is payments, as this organizational essential underwent many alterations in 2015.
Oct. 1 EMV deadline
2015 was a big one for credit card companies. The EMV chargeback liability shift of October 1, 2015, made merchants not using EMV chip card technology potentially liable for certain fraud-related chargebacks that could have been prevented by EMV. After sending consumers credit cards embedded with EMV chips, credit card companies advised businesses to adopt a chipped card reader by Oct. 1, or face costly penalties for counterfeit transactions. Enterprises that didn't implement new or updated equipment could be held responsible for the fees associated with a disputed interaction.
As the Oct. 1 deadline loomed, only 27 percent of business owners were prepared for the payment change and able to accept EMV credit cards. Companies across the U.S. are still in the process of making the transition. Many merchants are weighing the risks associated with keeping their old hardware against the additional cost of introducing new equipment. In the long run, as consumers use chipped cards and an increasing number of organizations make the switch, merchants could potentially spend more money on the fees they'll receive from utilizing out-of-date hardware. Furthermore, lack of compliance could result in a poor reputation within a company's industry, resulting in clients looking elsewhere to do business.
PCI releases updated DSS
The Payment Card Industry's Data Security Standards are an actionable framework for merchants to follow to safely store, process and transmit credit card information. The most recent DSS went into effect on Jan. 1, 2015, and required businesses to eliminate both Secure Sockets Layer and Transport Layer Security. These programs were used for encryption purposes and have been found vulnerable to external attacks. Entrepreneurs have until June 30, 2016 to remove these tools from their overall systems or face costly noncompliance penalties.
The updated PCI DSS - version 3.1, to be exact - also addressed issues organizations face in the current mobile age. Guidelines on sending credit card information via text message, email and instant message were discussed and essentially forbidden. Other statutes found in the newest DSS include:
- Inactive user accounts should be removed within 90 days, instead of every 90 days.
- A vulnerability scan can utilize manual tools, in addition to automated services, instead of just automated tools.
- Reports on compliance (ROC), self-assessment questionnaires (SAQ) and attestation of compliance (AOC) can be submitted without all requirements "in place."
- Passwords must be changed once every 90 days, instead of at least every 90 days.
- Updated language for service providers that clarifies the agreement they have with clients is proof of commitment to maintain the best security of cardholder data.
Merchants should be sure to follow these standards to avoid expensive penalties from the credit card industry. Although both EMV and PCI guidelines are not mandatory under any federal regulations, it is in merchant's best interest to implement these rules.
Contactless payments are king
Consumers are interested in methods that will make it easier to pay for the goods and services they want. In 2015, that tactic was contactless payments, which allow consumers to simply wave or tap their smartphone over a reader to complete transactions. More companies have been jumping on the bandwagon, too, creating their own versions of this payment type. From Apple Pay to Google Wallet, contactless versions are on the rise. In fact, the number of mobile wallets utilizing this kind of technology is expected to reach 200 million by the end of 2016. That's a 100 percent rise from the end of 2014.
While many consumers and merchants may worry about security when it comes to contactless methods, this payment type actually uses the same security measures as regular credit cards, including encryption and message authentication. In addition to increasing customer satisfaction, contactless payments can also improve sales, lower company expenses, and reduce the number of necessary staff members. In short, contactless payments can make transactions easier for both organizations and their clients.
The year of 2015 was a big one in terms of payment trends. While contactless methods continue to gain popularity around the world, merchants also need to pay attention to certain standards to avoid expensive penalties. Becoming EMV- and PCI-compliant will help companies retain their reputation and attract more consumers to their brand. When customers know they can trust a company to guard their sensitive information, as well as provide them with the most updated payment methods, they are more likely to become loyal to those businesses.