What to Know About EMV and the October 2015 Deadline
If you’re involved at all with customer payments, you’ve almost certainly heard or read this acronym with increasing frequency over the last few years. There are good reasons for that, in particular the soon-to-arrive October 2015 liability shift. But what exactly is EMV, and more important, what does it mean for U.S. merchants?
EMV (the initials stand for Europay, MasterCard and Visa) is a set of global standards and specifications for card-based and other non-cash payments, including the point of sale hardware and software used to process those payments. It’s most associated with “chip”-enabled payment cards, which have an embedded computer chip containing the card’s data rather than the magnetic stripe that holds the data on traditional credit and debit cards.
Chip cards offer greater protections against fraud than mag stripe cards and are more difficult to counterfeit. In addition, the chips generate “dynamic data,” a unique cryptographic code for each transaction they’re used for. So even if the data from an EMV card is accessed by a thief, losses are limited because the data is uniquely tied to a single transaction. This makes these cards less appealing targets for criminals, compared to the static, unchanging data held on mag stripe cards.
EMV cards are a global success story. The latest figures from EMVCo, which manages EMV specifications and testing processes, indicate the number of EMV payment cards in circulation increased by one billion in 2014 alone, hitting a total of 3.4 billion by the end of the year. Globally, 32% of card-present transactions (that is, those not conducted online or over the phone) are now EMV.
These figures are even more remarkable considering that the world’s largest consumer market, the United States, is the laggard of EMV adoption, with only 101 million cards in circulation and a 7.3% adoption rate. But U.S. card issuers have been aggressively playing catch-up. Aite Group estimates that by the end of 2015, 70% of U.S. credit cards and 41% of U.S. debit cards will be EMV enabled. Even now, many cards in consumers’ wallets are dual-enabled and contain both EMV chips and mag stripes.
Impact of Liability Shift
In addition, there’s the October 1, 2015 liability shift. Traditionally, costs for fraudulent transactions conducted with counterfeited, lost, or stolen cards had been absorbed by the major card issuers or financial institutions. But on October 1, some liability will fall on the least secure link in the payment processing chain.
Specifically, merchants may be liable if they are presented with a fraudulent EMV-capable card, but they choose to process the payment using a magnetic stripe terminal. Merchants can mitigate this risk by installing EMV-enabled terminals, which are becoming increasingly available in the U.S. market. To further motivate merchants to install EMV-capable POS technology, several card brands are offering incentives such as PCI-DSS (Payment Card Industry Data Security Standards) audit relief or reduced chargeback fees.
Benefits of EMV Adoption
The move to EMV offers benefits both on the macro scale and for individual merchants and consumers. Experts believe the improved security features of chip-enabled cards should lower overall U.S. fraud rates. Canada’s period of EMV migration saw its debit card fraud drop from a high of $142 million in 2009 to $38.5 million in 2012, according to Interac. And of course, better security also benefits individual consumers and merchants.
Because EMV is a global payments standard, upgrading to EMV-capable technology also makes your business friendlier to international travelers. If a portion of your clientele comes from outside the United States, or you are looking to expand this segment of your customer base, offering a streamlined payment experience for them will be critical.
Enabling New Checkout Capabilities
Another benefit of upgrading your POS technology to be EMV compliant is that it’s an opportunity to add capabilities for new and emerging payment methods, including those leveraging increasingly ubiquitous mobile and wearable devices. In addition to their chips, EMV cards also include an antenna that allows them to be used for contactless payments, where consumers simply tap their card on a contactless payment terminal.
Mobile EMV allows merchants to accept payments from consumer smartphones that are NFC (Near Field Communication) enabled via contactless NFC payment terminals. These “mobile wallets” not only expand payment options, but they offer a range of loyalty program and marketing options for participating merchants, helping tie customers more closely to your business. Contactless payments also speed up checkouts, reducing the time customers spend at the POS and increasing a merchant’s turnover capabilities.
Technology and Process Changes
Merchants preparing for the October 1, 2015 liability shift and the rapid growth of chip-enabled payment cards will need to upgrade their POS hardware and software to be EMV-capable. Specifically, card reading terminals, whether they are freestanding or part of an integrated POS solution, will need to be able to read both mag stripe and chip cards.
Since EMV’s entry into the U.S. market has been extensively planned and long expected – EMV cards began circulating in the U.S. in 2010 – most POS vendors are already offering EMV-enabled technology.
Most aspects of traditional customer checkout will remain similar with EMV cards. However, because the EMV-capable POS terminal needs to access the embedded chip, the card is “dipped,” as is common at ATMs, rather than “swiped”.
Merchants will also need to invest time in educating and training their own staff, and their customers, about these changes. Make sure that EMV payment procedures, along with easy-to-remember explanations that staff can provide to customers, become an integrated part of your training procedures now.
Assess Your Payment Security Infrastructure
While EMV offers several built-in and process-oriented features to decrease fraud at the POS, it’s only one element of a comprehensive payment security solution. A data breach that exposes customers’ card data (or other personal data) will cost a retailer not only in terms of financial restitution but in a downgraded reputation.
At a minimum, merchants should ensure that their POS and payment systems are compliant with the PCI-DSS rules. These standards are designed to protect cardholder’s confidential information not just at the moment a card is swiped or dipped, but all the way through the transaction process. They also apply when payments are made online or over the phone, ensuring that your customers’ data is safeguarded during these Card Not Present (CNP) transactions.
It’s also a good idea to get input from all players in the payment process, including your credit card payment processor, your key financial institutions, and the issuers of cards that you accept. The major card companies’ web pages focusing on data security are listed with other resources below.
Finally, your POS vendor can be a key source of information about the transition to EMV enablement. You can learn more from POS Nation by clicking on this link: https://posnation.com/contact/apple-pay/
EMV’s impact on how U.S. consumers pay for goods and services, already on the rise, will be getting a major jump-start with the October 2015 liability shift. (There will be similar liability shifts for ATM owners in October 2016, and for automated fuel dispensers in October 2017.) If they haven’t already, merchants should take this opportunity to future-proof their POS technology, prepping it not just for what will be increasingly ubiquitous EMV chip cards, but also for mobile and wearable payment options. Expanded payment options mean you can more easily serve more customers, offering them the convenience of fast, secure checkouts while protecting yourself – and them – from the dangers of fraud.
- EMVCo: http://www.emvco.com/
- PCI Security Standards Council: https://www.pcisecuritystandards.org/index.php
- That’s EMV: http://www.thatsemv.com/
- American Express: https://www209.americanexpress.com/merchant/services/en_US/data-security
- Discover Financial Services: http://www.discovernetwork.com/merchants/fraud-protection
- JCB International: http://partner.jcbcard.com/security/jcbprogram/index.html
- MasterCard: http://www.mastercard.com/sdp
- Visa Inc: http://www.visa.com/cisp
- Visa Europe: http://www.visaeurope.com/ais
Everything You Need to Know About EMV
Download Our EMV eBook Today!Get Started Now!