Download SiteLink Software to Your Computer Download Now

Protect your Self-Storage Business with EMV and PCI

Written by Sheryl Scott on December 03, 2015 under Payment Processing & PCI

Protect your Self-Storage Business with EMV and PCI

EMV (the global security standard for accepting chip credit cards), combined with PCI (Payment Card Industry) compliance, help protect your business. Many storage owners are questioning whether or not they need to use EMV compliant terminals, and how and why their businesses need to be PCI compliant. Understanding EMV and PCI is the first step in protecting your business from fraud, liability and fines.

EMV is a global security standard named for the three companies that created it, Europay, Mastercard, Visa. EMV is a chip embedded in payment cards that makes it virtually impossible to counterfeit. This chip offers stronger security than the magnetic stripe. As of October 1, 2015, the liability for fraudulent transactions has shifted to the merchant if an EMV compliant terminal was not used to accept a card-present transaction.

The benefits of EMV are too significant to be overlooked. EMV represents a more secure way to accept card payments and promises to reduce card fraud and counterfeiting. EMV chip cards transmit a unique identification with each transaction, making it more secure than the static data contained in the magnetic stripe currently used on non chip cards. This technology makes it virtually impossible for thieves to duplicate cards; thus, it reduces card fraud at the point of sale device. Special EMV terminals are required to read these chip cards. Most of these EMV devices will also allow for accepting contactless payments like Apple Pay, Samsung Pay, and Google Wallet (also known as Google Pay).

Merchants Do Have A Choice To Make When It Comes To EMV

They can eliminate exposure or losses to credit card fraud due to counterfeit cards or do nothing and simply accept the shift of liability for these counterfeit cards when it happens. Essentially, businesses still using a magnetic stripe only terminal after October 1 are responsible for the cost of stolen, lost and counterfeit cards if presented at their business. Keep in mind, transactions in the U.S. account for more than half of the world's fraudulent transactions, and these transactions have significantly increased in recent years. The main reasons for not upgrading are a lack of knowledge and a misunderstanding of the impact.

As more of these EMV chip cards are issued, more consumers will rely on using chip cards. Ensuring your business is ready for this new technology not only protects your business from this potential liability but will also show your customers that you care about the security of their card and payment information.

As for self-storage operators, it is now more important than ever to work with your software provider to find what is the best path to ensure you have an integrated payment solution for EMV with your management software. An integrated solution is key to avoid entering off-line transactions to your management software. EMV will be a key decision for many self-storage operators as we end 2015 and start 2016.

Why PCI

To make certain your facility is secure against fraud, you must also become PCI compliant. The PCI DSS (Payment Card Industry Data Security Standards) mandate applies to both software providers and merchants, yet PCI DSS is often ignored by many operators. From a security perspective, PCI DSS means your business meets the requirements for security awareness, policies and procedures, risk, and scans. In simpler terms, it means you are doing your part to ensure your customers' payment data is being protected for every transaction where you use their card information. It also means you are making a reasonable effort to protect against a data breach.

For more information on PCI requirements:

Each merchant is required to complete PCI-DSS for each merchant account. Ultimately, the merchant has the responsibility to accurately complete the PCI-DSS survey. If a merchant needs help completing this survey, the merchant can solicit the help of a QSA, Qualified Security Assessor. Be careful letting a non-QSA complete the compliance forms, because if it is filled-out incorrectly or falsely to get it to pass compliance, you will still hold the responsibility for the PCI non-compliance fines. The fines for non-compliance are significant and higher if there is a breach. In Robert Halsey article, "The Real Cost of Data Breach," he mentions just how significant those fines can be: "The bottom line? The cost of a data breach for a Level 4 merchant averages $36,000 and can be as high as $50,000 (or more). In other words, more than enough to cripple-or even destroy-a small business."

All merchants should check to ensure their software and merchant provider has the highest level of PCI-DSS compliance. As an example, Sitelink has achieved PCI-DSS Level 1. This means SiteLink undergoes on a quarterly basis the most rigid penetration test to ensure its customers' tenant payment information is protected to the fullest extent. You can rest easy knowing your customers' payment information is protected within SiteLink Web Edition, and SiteLink has done their part by verifying PCI-DSS Level 1 with a QSA. After you have verified your software management system meets the necessary requirements, the next step is to complete the PCI assessment for each of your merchant accounts. For multi-site operations, SiteLink can help merchants simplify this effort. Just contact SiteLink Merchant Services, and a representative will help you with the process.

Both PCI and EMV play very important roles in protecting your business. PCI documents the required standards that each business is required to follow to protect customers' payment transactions to avoid a potential breach. It is important to know that significant fines are assessed for non-compliant merchants when found. PCI is mandated by the major card brands (Visa, Mastercard, etc.), and it is the merchant account owner's responsibility to ensure this is completed accurately. EMV is strongly recommended as a way to take payments more securely, accept contactless payments and avoid the liability shift for fraudulent transactions. Ultimately, it is the merchant's decision to implement EMV or do nothing and accept the liability shift.

Related Industry Blogs

Check out other industry blogs related to Protect your Self-Storage Business with EMV and PCI.

Make More Money - Audit Your Self-Storage Operation

Auditing is a tool every self-storage location should use regularly to help increase revenue, streamline operations, reduce theft, mitigate risk and grow the business.

Self-Storage Tenant Insurance is Good Customer Service

From a customer service perspective, requiring evidence of insurance to store at your facility gives your tenants the opportunity to review their current coverage and compare it to the program you offer.

SiteLink Web Edition

Subscribe To The Monthly SiteLink eNewsletter

Stay up-to-date with latest SiteLink News, Webinars, Blog posts,
Event schedule and other self-storage industry resources.

Scroll