What is EMV?
EMV (Europay®, Mastercard®, Visa®) is a payment standard that utilizes a difficult-to-duplicate microchip on the credit card, rather than the traditional magnetic stripe. The purpose of EMV is to reduce credit card fraud by confirming that the card is both valid and in the hands of the correct owner. Other variations remove the security PIN code requirement (e.g. “Chip & Signature”) – higher processing rates may apply.
Who is Liable?
On October 1st, 2015, liability associated with the fraudulent use of counterfeit cards shifts from the card issuer to the acquirer/merchant. This shift only applies to merchants who have not implemented an EMV solution. EMV does not effect the merchant’s liability towards (or security against) data breaches or ‘card not present’ transactions (ecommerce), where the bulk of stolen cards are used.
Myths Surrounding US EMV
Myth: Merchants MUST upgrade their systems to EMV by October 1st, 2015 in order to process transactions and avoid non-compliance fees/penalties
Truth: October 1st simply marks a shift in liability. Work with your POS reseller to examine your history and risk of fraudulent card use. If you have a low risk, it may not be worth the upgrade cost, especially considering the new hardware, slower transaction time and employee training that goes hand in hand with EMV.
Myth: EMV protects against the site-wide data breaches that have been so prevalent in recent news
Truth: EMV does not protect card data after the sale. It only assures that the card and cardholder are valid. For a more complete security solution, EMV should be paired with Encryption and Tokenization, where available, to protect data in the POS and in-transit.
Myth: Having a PIN Pad with an EMV reader makes your business ‘EMV-ready’
Truth: A PIN Pad with an EMV slot does not mean that your business is ready to accept EMV transactions. Check with your POS provider to learn about the specific PIN Pad model(s) that will be certified for EMV transactions and what is required to upgrade your system to accept EMV cards going forward.
Myth: EMV-related Penalties and Fees are onerous and unclear
Truth: The merchant’s liability associated with fraudulent transactions in a non-EMV processing environment is actually very straight-forward and much less arduous than many think. The merchant is simply liable for the dollar amount of the fraudulent transaction. For example, a boutique that sells a $25 scarf to a customer that uses a counterfeit card is only out $25. No additional fees. For this reason, merchants with low dollar-value sales generally have much less risk and will likely migrate to EMV relatively slowly.