Currently, EMV (Europay, Mastercard, and Visa) chip cards are the “hot topic” in the payments industry. There is a plethora of information about EMV on the internet which can be overwhelming. Through this blog we hope to answer business owner’s questions about EMV in regards to how EMV chip cards affect business owners, how the implementation process is going, and how successful are EMV chip cards at reducing fraud.
How it affects business owners
EMV helps to provide additional authentications and security measures to help business owners and issuers reduce fraud. With this new technology comes the need for business owners to educate themselves on EMV chip cards and upgrade their terminals and POS systems to accept these types of payments.
How it works
3 Steps for using EMV POS or Terminal
- Put card into terminal with chip facing up
- Leave card in reader, follow prompts, and provide signature or PIN number
- Remove card and provide receipt
An EMV chip card must go through a variety of authentications to provide additional security. All EMV chips must go through static data authentication (SDA), dynamic data authentication (DDA), and combined dynamic data authentication and application cryptogram verification (CDA) (Group, 2014). These authentications are possible due to the increased maximum data byte storage, which has increased from a 26 byte maximum with mag stripe to 259 bytes of data storage on the EMV chip.
In addition to a dynamic authentication process, the United States has opted to combine EMV with a signature Cardholder Verification Method (CVM) at the terminal or POS rather than a PIN number CVM. This is a major difference in the United States from Europe’s adoption of EMV technology. While PIN CVM has helped to significantly reduce fraud, the cost to create a portfolio of cards that support PIN can be very costly compared to similar cards using signature. Therefore, issuers in the United States have opted for signature cardholder verification. Many, credit unions on the other hand, have been opting for PIN cardholder verification. Regardless of which card is presented for payment, as long as the business owner has an EMV compliant terminal you do not need to be overly concerned with whether the transaction is signature or PIN, because liability will fall to the issuer.
What should business owners be doing to prepare?
- Assign in-house EMV expert/owner
- Ensure POS system supports all EMV payment types (contact, contactless/NFC, mag-stripe)
- Ensure POS provider and acquirer can assist by deadline 10/1/2015
- Develop training program for employees affected
- Seek independent advice if you feel like your acquirer or POS provider are trying to take advantage of this change
What not to do:
- Don’t ignore the importance of migrating your POS to an EMV enabled environment
- Do not sign a lease for any standalone POS devices. Month to month rental programs for EMV enabled terminals are available for less than $10.00
- Avoid long-term commitments, particularly if the provider can modify processing rates
Business owners should be EMV compliant by October 1st, 2015.
If not, fraud liability may shift to the business owner starting October 1st.
Issuers (Banks), networks (Visa, MasterCard, etc.), and business owners are steadily adapting to EMV chip technology.
Eighty countries globally are in various stages of EMV chip migration, including Canada and countries in Europe, Latin America and Asia. In 2011, Visa announced plans to accelerate the migration to contact chip and contactless EMV chip technology in the United States and in 2012 MasterCard announced their roadmap to implementing EMV chip technology. The United States is far behind most other developed countries, but quickly gaining ground.
According to VISA, by December of 2015 the United States migration will reflect the following:
How successful is EMV at reducing fraud?
EMV technology has been successful at reducing fraud in various countries. It is estimated that the total amount of savings in the United States will be $700 million annually from counterfeit fraud and $300-$350 million annually from lost/stolen card fraud (Group, 2014). Below are some statics on the impact of EMV in various countries:
While in most countries EMV technology has helped reduce fraud in face-to-face transactions, the implementation of EMV technology has led to an increase in card-not-present (CNP) fraud.
Due to the fact that EMV does not focus on card-not-present transaction fraud, the payments industry is continuing to innovate and create security measures for these types of transactions.
EMV has been successful at reducing fraud in countries that have implemented this technology. EMV is being adopted at a steady pace by issuers, networks, and business owners throughout the United States. This technology will provide dynamic authentication processes in order to provide more security and protect business owners and issuers against fraud. If you are not EMV compliant, make sure that you have a terminal or POS system that is EMV compliant by October 1st, 2015. Also, make sure to ask your processor if you have any questions regarding EMV and payment acceptance.
Group, M. A. (2014). EMV Adoption and Its Impact on Fraud Management Worldwide. Maynard: Mercator Advisory Group.
King, D. (2012, January). Chip-and-PIN: Success and Challenges in Reducing Fraud. Retrieved May 27, 2015, from Retail Payment Risk Forum: http://www.pymnts.com/assets/Shared/Gemalto-EMV-Whitepaper.pdf
Kossman, S. (2015, March 16). 8 FAQs about EMV credit cards. Retrieved May 27, 2015, from Creditcards.com: http://www.creditcards.com/credit-card-news/emv-faq-chip-cards-answers-1264.php