EMV cards were introduced in Europe nearly 30 years ago to help combat the use of counterfeit, lost or stolen credit and bank cards. Today, there are more than 2 billion EMV payment cards in circulation and more than 36 million active EMV terminals worldwide—but those numbers are about to rise dramatically, particularly in the US.
Sixty-two percent of companies were victims of actual or attempted payment fraud in 2014, and the second most frequently targeted payment type was credit and debit cards. And as fraudsters show no signs of halting their cyberassaults on businesses or consumers, it's never been more important to protect your company from being a target.
Especially now that, as of October 2015, Visa, MasterCard, American Express and Discover will shift liability for credit cardpresent chargebacks to US merchants—meaning, if you're not using a chip card acceptance device, you can be held liable for the amount of a fraudulent transaction. Specifically, the liability for a fraudulent transaction will pass to the party that is not EMV-compliant, whether merchant or issuer.
Which begs the question: Are you prepared for EMV?
EMV is becoming the global standard for credit card and debit card payments. Named after its original developers—Europay, MasterCard and Visa—EMV technology features payment devices (e.g., credit or debit cards or mobile devices) with embedded chips that store and protect cardholder data. This standard may also be referred to as "chip and PIN" or "chip and signature."
EMV technology uses a chip, or microprocessor, that’s embedded in a card to make payments at the point of sale (POS). The chip:
In a POS-payment environment, EMV offers several security features that magnetic strip cards do not, such as:
Additionally, EMV can help your business to:
Come October, even if you've started to implement EMV acceptance for your business, you can still be liable for a fraudulent transaction, if you're the less EMV-compliant party—and the liability will apply whether or not the card was swiped, a signature was captured or an issuer authorization was obtained. So, you need to prepare to be as EMV-ready as possible.
It's also worth noting that although the liability shift differs slightly for counterfeit cards versus cards that are lost or stolen, to enhance your EMV-compliance, make sure your POS, chip-certified solution accepts a personal identification number (PIN), as well as a signature.
During the early stages of EMV migration, terminals will be able to accept both magnetic strip and chip cards. This will ensure that your customers can continue to use their existing magnetic strip cards until the US has fully migrated to chip technology.
But it's inevitable that the migration to EMV chip card acceptance will require additional investments. To help you minimize costs, you may want to upgrade to POS hardware or software that will support both EMV and contactless technology at that time. The technology requirements will include:
As an incentive for EMV adoption, Visa, MasterCard, American Express and Discover have announced annual PCI “validation relief” for merchants that accept 75 percent of their card-present, payment brand-specific transactions through fully contact and contactless chip-certified devices. This means that you may be eligible to have your annual PCI assessment waived by the respective payment brands. You will still be required to maintain PCI compliance, but you will be able to avoid the process of validating compliance with each of those payment brands if you meet the required 75 percent minimum.
According to EMVCo, there are approximately 2.4 billion EMV payment cards in circulation in 130 countries and 36.9 million active EMV terminals worldwide—but in the US, only .03 percent of card-present transactions are EMV.
US businesses have a long way to go, but the payoff will likely be worth it—according to the 2015 AFP Payments Fraud and Control Survey, 92 percent of finance professionals believe EMV cards will be effective in reducing POS fraud. So, while fraud may not be going away any time soon, you can reduce the likelihood of your business being victimized in 2015 and beyond with the help of EMV.