EMV is a global standard for credit and debit cards based on chip card technology. Issuers around the world are including chips in bank cards and merchants are moving to EMV-compliant terminals to increase security and reduce fraud resulting from counterfeit, lost and stolen cards.
The United States is one of the last countries to migrate to EMV chip technology. However, the October 1, 2015 deadline created by major U.S. credit card issuers has given all payment industry entities, good reason to consider faster adoption. After that date, card-present fraud liability will shift to whoever is the least EMV-compliant party in a fraudulent transaction. Any parties not EMV-ready could face costly penalties in the event of a largedata breach.
EMV cards store payment information in a secure chip rather than on a magnetic stripe and unlike a magnetic stripe card, it is virtually impossible to create a counterfeit EMV card that could successfully conduct an EMV payment transaction. Merchants that experience fraud perpetrated by the use of counterfeit cards can potentially reduce this type of fraud by adopting EMV technology in card present point-of-sale (POS) locations.
The microprocessor chip creates a unique transaction code that cannot be used again each time an EMV card is used for payment. If a hacker attempted using stolen chip information from a specific point of sale, the stolen transaction number created in that instance wouldn’t be useable again and the transaction would be denied. EMV’s dynamic functionality greatly improves the security of payment transactions for card authentication and transaction authorization.
If your POS hardware has been upgraded and activated to process via EMV, once a customer tries to swipe a chip card through the card reader, the POS will respond with a message indicating for the chip card to be inserted into the chip card reader to complete the transaction. You don’t have to be concerned about having to notice the cardholder has an EMV card before they present it for payment because the POS application will alert you that the card is chip transaction capable. Should they try swiping to pay, you will be alerted to instruct the customer to insert or dip the chip card into the chip reader. When an EMV card is dipped, data flows between the card chip and the issuing financial institution to verify the card’s legitimacy and create the unique transaction data.
Furthermore, the issuer defines the Cardholder Verification Method (CVM) and the card itself instructs the POS on whether PIN or signature is required during its interaction with the terminal, based on how the issuer defined it. A chip and signature transaction is just as it sounds; it uses a chip card that won’t require the customer to enter a PIN to complete the transaction. Chip and PIN transactions do require the customer to enter a PIN to complete the transaction.
To process chip and PIN, the POS hardware needs to have the capability to encrypt the consumer’s PIN in a PCI PTS certified PIN Entry Device (e.g. a PIN Pad). Encryption is the process of encoding messages or information in such a way that only authorized parties can read it by decrypting it.
Though it may be a slow transition in the U.S. overall, those who get chip-and-PIN cards will be able to use them right away. If a terminal doesn’t have the ability to accept a PIN, it will then step down to accepting a signature. There should always be a secondary option.
EMV is a registered trademark in the U.S. and other countries, and is an unregistered trademark in other countries, owned by EMVCo.