Are you ramping up your knowledge of EMV in advance of the Liability Shift this fall? If so, you are not alone. A recent report shows one-third of smaller merchants are unaware of chip cards.[1]
In this article, we’ll help you on your journey by covering the basics of EMV, what the Liability Shift means to your organization, and more.
What Is EMV?
Europay, MasterCard and Visa (EMV®) is a global standard for credit and debit payment cards based on chip card technology. This technology is used to combat fraud and protect sensitive payment data in card-present environments. Chip card technology, or Integrated Circuit Cards (ICC), are standard bank cards that look like traditional cards, but with an embedded chip in addition to the standard magnetic stripe on the back of the card.
Unlike a magnetic stripe transaction, where only the card’s Track 1 or 2 data containing minimal cardholder data is processed to the card issuer at the point of sale, every ICC transaction contains dozens of pieces of information to be exchanged between the chip card, the EMV-enabled device, the acquiring bank’s processor and the card issuer.
Unlike swiping a payment card with a magnetic stripe, EMV uses dynamic authentication unique for each transaction. Magnetic stripe transactions use static authentication data which is easy to copy and prone to skimming.
Note: With the initial roll out of EMV in the U.S., cards and devices will support both EMV and card swipe.
What Is the Liability Shift?
Effective October 1, 2015, Visa’s global counterfeit liability shift will be instituted in the U.S for POS transactions. What does this mean? After this date, merchants will no longer be held financially liable for any resulting card present counterfeit fraud losses that occur on transactions processed using EMV technology.
If a chip card is processed at a merchant’s location without EMV and fraud occurs, the financial liability of the chargeback transactions will remain with the merchant.
Flavors of EMV
There are two methods of processing EMV transactions. These include:
Contact —At the point of sale, the consumer or terminal operator must insert or ‘dip’ the chip card into the terminal and a signature is obtained from the consumer for verification. This method of processing is commonly referred to as chip and signature.
Contactless — Allows customers to tap or wave their chip card or personal device (mobile phone, watch, etc.) against an EMV, NFC capable payment terminal.
How Will the Consumer Experience Be Different with EMV?
Using EMV will be a different experience from traditional card swipe for consumers. As mentioned, a cardholder will no longer swipe their card. Inserting the chip card, reads the chip data and confirms the card is valid via dynamic authentication. The consumer may be prompted to provide a signature to verify the cardholder. Next, the EMV card and terminal prepare the transaction data which includes unique components for that specific transaction only. The card is left in the device until the authentication process is complete. These steps may lengthen the transaction experience when compared to a card swipe.
What’s Involved for the Merchant?
In light of large-scale data breaches and rising incidents of fraud, merchants are looking for ways to improve security, reduce fraud, and protect their brand. In a survey of more than 500 retailers, 63% cited payment security as their top priority in 2015.[2] For merchants in a card-present environment, EMV may be a component of their security objectives; however, adopting it is no simple task. Here are just a few items on a merchant’s to do list:
Reterminalization—Replace existing card swipe devices with EMV capable devices, which tend to be more expensive than basic swipe devices.
Partner integrations—Many merchants and organizations integrate payment acceptance into other solutions, such as health record software, kiosks, and more. Merchants will need to consider including additional EMV required data elements that must be tested and certified.
Train employees—Employees who take payments will need to know how to use and troubleshoot the new devices in order to efficiently take payments and provide a positive customer experience.
Secure payment data – EMV does not encrypt cardholder data upon swipe or key entry. In order to achieve the most secure payment processing environment, organizations must ensure the EMV devices chosen and your payment provider utilize encryption upon entry (swipe or keyed) to protect sensitive PCI data within the merchant’s network (in flight).
Ready for More?
In the next article in our EMV series, we will take a closer look at the benefits of EMV and the timeline for U.S. adoption.
Follow us on Twitter or like our Facebook page to read the latest TrustCommerce news and blog articles.
[1] http://aitegroup.com/report/emvelocity-outlook-pos-reterminalization-and-mobile-payments
[2] http://digitaltransactions.net/news/story/Retailers-Rank-Security-As-Top-Concern-While-More-Than-One-Third-Plan-to-Add-NFC