Over the last couple of months, have you noticed that you’ve been receiving new debit or credit cards in the mail, even if your card isn’t close to its expiration date? Have you noticed anything…different…about these new cards? Whether you have or you haven’t, these new cards tie directly into why Anthropologie is killing charge-sends.
Find out why inside, why other retailers may soon follow suit, and why I believe it may cause business to suffer…
NOTE: THIS POST IS UNOFFICIAL. NO INFORMATION USED IN THIS POST COMES FROM THE ANTHROPOLOGIE HOME OFFICE. ANTHROPOLOGIE WAS NOT CONTACTED ABOUT THIS POST.
So, those new debit or credit cards you’ve gotten in the mail recently. What is different about them? Have you noticed the small microchip on the left side — it looks like the chip in the photo at the top of this post.
And perhaps you’ve been to a store where there’s a new technique to pay with your credit card. Instead of swiping your card via the good ol’ magnetic strip, instead you insert the front of the card into a little chip reader at the bottom of the credit card machine (called a Point of Sale, or POS, in technical terms). I myself have run into these at Banana Republic recently, but being in NYC I’m unclear if they’ve been rolled out nationwide. Even if you try to use the magnetic strip, the POS tells you to use the chip reader instead. (FINE, I tell it. Just do what the machine says, the poor SA’s eyes tell me from behind the sales counter.)
If you’ve been to Europe you’ve probably already seen them too; the little handheld sales devices waiters and such use to run your credit card where the slot for the card is on the bottom rather than using a magnetic strip reader along one side.
So, what’s the big deal about that little chip? Turns out it’s pretty huge.
It’s called EMV, which stands for MasterCard, Visa and EuroPay. This EMV microchip is part of MasterCard and Visa’s new requirement for all credit card-accepting retailers. (AmEx cards have been equipped with a similar chip for years.) Why? Perhaps you remember the recent Target debacle, where its credit card payment network was breached by hackers that gained access to millions of customers’ credit card data. In the wake of that massive security breach there has been a ton of legal arguing back and forth about who is financially responsible — Target, or the issuing banks of the credit cards. As of this post the matter is still in court.
MasterCard and Visa, two of the largest credit and debit-card issuing banks, decided to take action to protect themselves from future liability. Under current policy, the issuing bank is held responsible for guaranteeing cards are legitimate; they cover costs if cards are counterfeit. Retailers are responsible for verifying cardholder legitimacy; they pay fraud costs if that’s not the case. Under the new system, if a retailer accepts a chip card but doesn’t have a chip reader, the bank will no longer bear responsibility for fraud if the card is counterfeit, shifting the burden to the retailer. If the fraud is on the user side, the retailer maintains responsibility. (source)
In other words, any retailer that by October 1, 2015 doesn’t have the new POS in place to take these EMV-equipped cards will be liable for any fraud. That’s a huge burden for any retailer to bear, but especially a smaller one.
Make no mistake about it, these POS systems are not cheap. In addition to the machine itself that we customers swipe, there’s also a ton of software associated with it, not to mention all the data networking and related equipment needed to create secure zones for our credit card numbers to pass back and forth through the internet, all in the name of buying pretty dresses.
Stores like poor Anthropologie will be hit with a double whammy because they very recently invested in brand spanking new Apple Pay-enabled POS systems. Do those POS systems have EMV readers? I’m not sure (but will update after I stop into the store tomorrow, unless someone can say for sure in the comments).
Even after retailers have the new POS in place, most will need to get re-audited to ensure all of their protocols match the new requirements. Great for audit firms, majorly expensive for retailers. I can practically hear the CIOs weeping in their coffees.
The fact is that hackers will continue getting ever more savvy and customer data will become harder and harder to protect. I spent 5+ years as a security expert (among other hats) at two technology companies, and I know the stringent audits that come along with accepting credit card payments online and in stores. Still, nothing is 100% safe. One hundred percent secure will never happen. We just have to keep trying to get as close to that mythical percentage as we can.
So, these EMV microchips on our MasterCards and Visas are the next step forward in the security wars. They are also the banks’ way of protecting themselves from huge payouts to both customers and retailers, the latter who sometimes cut corners in critical areas like security. In Europe, these EMV chips are combined with a personal PIN that you enter at every purchase. In America as of now a signature is all that is required.
Anthro lovers, are you following me? These new EMV chips require an in-person signature in order for the retailer to be eligible for coverage under the issuing bank’s fraud protection. So, Anthropologie was faced with a choice. Kill charge-sends, or face the brunt of expenses of any potential future customer data breach. As a smaller retailer I’m sure the choice was pretty clear for them. No more charge-sends.
I want to be VERY CLEAR, this is not to say that Anthropologie is taking customer transactions in an insecure way. Quite the opposite in fact. Their quick movement towards this new policy in fact shows that they are keeping on top of security policies, something that’s very reassuring as a loyal spender there.
However, Visa and MasterCard, you’ve just killed a big part of our shopping joy.
All kidding aside, the security nerd in me totally gets it. Your physical presence when using the card is the best way to prevent fraud, because cameras in the store will capture the actual person using the card (which protects you if god forbid it’s not you) as well as a myriad of other reasons. By requiring an in-person signature you’re greatly diminishing fraud caused by people who made copies of stolen debit cards and then used them criminally. The chip is reportedly much harder to duplicate than a magnetic strip (at least for now).
Then again, the EMV chip obviously doesn’t work online as of now, so how does it prevent online fraud? I’m not quite clear on the details of this. I also don’t know if this means that online retailers will no longer be eligible for issuing bank fraud protection.
But for brick and mortar stores, the implication is clear. Have the new POS systems with EMV readers in place by October 1, or you’re SOL if your store’s transactional data is breached.
Most retailers are not going to make the deadline. What the repercussions of that are, it’s too soon to say.
Where does that leave deal-loving or top-notch Anthropologie item hunters? Not in a good spot at the moment. As of now, the stores have no way no to accommodate charge-sends. Additionally, my little blue birdies tell me that the Anthro stores have been pushing back on the home office, because charge-sends are time consuming and often customers are calling about items that either the store doesn’t actually have (shrinkage — aka theft, damages, etc.) or are in such poor condition that no customer would want them, but Anthro’s current policy had punished stores that can’t fulfill either online orders sent to them or charge-sends. Sidenote: this is why your popback order or last-inventory item order might be in crappy shape when you receive it. The store would rather send it to you and not get dinged in their results then cancel the order. Sad state of affairs, I’d say.
Since EMV does not apply to online transactions, there is still hope! Here are a few ideas on how Anthropologie could keep or bring back charge-sends.
1. Anthropologie could relaunch charge-sends via their website.
Since EMV does not apply to online transactions, Anthropologie could offer customers an online “we’ll try to find it!” service. Customers with an Anthropologie.com account and stored credit card info or a linked Paypal account could fill out a form, which would then search through store inventory and send the order to the store, much like popbacks work today. This could be done not only for items sold out online but also sizes or colors sold out online.
2. Anthropologie could continue to allow phone charge-sends via a payment service that does not transmit customer credit card data.
Paypal and Amazon Payments for instance, don’t even send customer credit card data out to complete a transaction. They have their own proprietary secure methods. So anyone with a Paypal account or an Amazon Payments account could still call in to the store and have their charge-send done. Hopefully the stores wouldn’t be too grumpy. 🙂
3. Anthropologie could continue to allow phone charge-sends via a gift card.
OK, technically this loophole already exists. Until Anthropologie closes it up. Stores can say no at their discretion. With a gift card you’ve already spent the money so there’s no credit card number or data to swipe. Just a little gift card number. Who doesn’t love a little gift card number? We should write a song about the little gift card number…
Back in 2013, J.Crew decided to kill charge/sends at its stores, and watched their quarterly results suffer for it in the next two consecutive quarters. They also faced higher leftover inventory levels which lead to more promotions and so on it tumbles down the results sheet and financials. J.Crew is much larger than Anthropologie but I would not underestimate the effect this new no charge-send policy may have on Anthro’s results.
I want Anthro to do well. I want them to kill it in fact! Kill it as in exceeding all expectations, having their best quarters ever, spraying Veuve Clicquot all over each other in the boardroom. I believe they need to keep charge-sends in order to achieve this.
What do you think?
Deadline For More Secure Credit Card Terminal Is October 1 — Forbes
EMV Ahead — STORES magazine via the National Retail Federation
Will Retailers be Ready for EMV by Oct 2015 — Payments Leader
Online Payment Fraud, The Next U.S. Retail Nightmare — Forbes (opinion column)
Thanks to my friend Peter, a cybersecurity expert who helped me research this post and and answered a lot of my questions!