Payment process: updated! All you need to know about EMV and how to update your credit card processing as a business owner.
Credit and debit cards issued to American consumers now come equipped with an EMV (Europay, MasterCard, and Visa) smart chip on the front, and a magnetic strip on the back.
As a business owner, it is your responsibility to make the transition or risk the liability of a security breach.
Here is a look at why the change to EMV took place, and what it means for merchants and consumers.
Related Article: Swipe Happy: How to Make Accepting Credit Cards Suck Less
Why EMV cards are necessary to protect sensitive data
The United States accounted for more than half of all the fraudulent payment activity that occurred worldwide in 2013. That same year, Symantec reported that each breached record in the United States costs about $190 — not including the subsequent costs consumers face if their information is used to open future fraudulent accounts.
The United States was likely so vulnerable to breaches because it was one of the few countries in the world still using magnetic strip card technology. As NPR reported in 2013, the technology is decades old — and fairly cheap for fraudsters to replicate and intercept.
When the Shift to EMV Cards Began.
There are more than 40 million active EMV terminals globally, according to data shared at the EMV Migration Forum, but plans for EMV implementation in the United States didn’t begin until 2011. In 2012, American Express, Discover, MasterCard and Visa all announced roadmaps to support transitions to an EMV-based payment infrastructure. The transition to EMV for financial institutions and card issuers began in 2013. Now that the October 2015 deadline imposed on merchants that accept debit and credit cards to implement EMV-enabled point-of-sale terminals (gas stations have until 2016 to switch) has passed, liability for fraudulent transactions has shifted.
What Happens if a Merchant Isn’t EMV-Equipped?
Before the October 2015 EMV deadline, the bulk of the liability following a data breach or similar payment fraud fell to financial institutions. Now, the party offering the lowest level of security in a transaction is liable for the fees, fines and possible lawsuits that result from a payment security breach.
How EMV Smart Cards Work
Regardless of whether a card is associated with a credit card or debit card account, EMV-enabled cards include a square metallic chip on the front. As the experts at EMV Connection explain, the chip acts as an embedded microprocessor that contains sensitive data. Unlike a magnetic strip on the back of a card, the chip is more difficult to replicate to create a fraudulent version of a card (and much more expensive for thieves to counterfeit than magnetic stripes). Additionally, because the EMV chip facilitates the use of cryptogram technology, unique data is assigned during transaction processing. If thieves do intercept a transaction, they won’t be able to replicate the data associated with it for use in future fraudulent transactions (something they can do easily with magnetic strip cards).
Though many of the newly issued EMV cards in the United States include an EMV chip on the front and a magnetic strip on the back, the EMV technology is easily “activated” by the customer at the point of sale or ATM. When the time comes to input his/her card for processing, the cardholder simply inserts the card into the EMV terminal and leaves it there while the transaction processes.
Related Article: 5 Things You Need to Know About Credit Card Processing Online
How Merchants Can Support the New EMV Cards
Aside from installing point-of-sale terminals that are EMV-enabled, merchants can help to educate consumers on the benefits of using the new technology — including how to optimize the security it offers.
According to a report issued by the Federal Reserve in 2011, there is a 700 percent greater likelihood of fraud associated with signature-based transactions, compared to those authorized using a PIN code. When consumers’ EMV cards/terminals allow them to choose a PIN versus a signature to approve a transaction, encourage them to choose that option, when available.
Additionally, consumers should understand that the new EMV technology doesn’t eliminate all security risks, and doesn’t mean they can become complacent about protecting their information. Visa’s chief risk officer told Computerworld that EMV’s security impact relates more to transactions that involve a physical card than online purchases. NPR reported that the level of fraud in 2003 in Europe increased following its EMV transition. Without an easy way to swipe card data, thieves turned to new tactics to obtain card information — like fraudulent phone calls and letters.
The transition to EMV technology represents a change in behavior and terminals, but it’s a necessary and important step in protecting sensitive data — and minimizing the risk customers and merchants are exposed to when using credit and debit cards.