By now, most businesses are aware of EMV or chip cards, the new technology in credit card processing. The major credit card companies announced requirements for processors and businesses to accept these chip cards that have been shown to reduce fraud in card-present environments.
For most businesses, the compliance date was October 1st, 2015. (Pay at the pump gas stations have until 2020 to comply.) If you’re holding out on upgrading to EMV chip card equipment, here’s what you need to know.
- What is EMV?
- Traditional Credit Cards vs. EMV Cards
- Fraud Reduction with EMV
- EMV Liability Shift
- Becoming EMV Compliant
- Benefits to Businesses
- EMV Chip Card Scams and Sales Tactics
- Additional Sources
What is EMV?
EMV stands for Europay, MasterCard, and Visa, after the three companies that initially worked together on the technology. Today, American Express, Discover, JCB, and UnionPay also participate in EMV.
EMV cards, sometimes known as “chip” cards, are an advanced-security credit card designed to reduce fraud by utilizing advanced technologies to prevent counterfeiting, skimming card data, and other types of fraud. EMV chip cards use encryption and can support tokenization at the time of purchase and require contact with a point-of-sale terminal or close proximity to a contactless payment reader during card-present transactions.
Traditional Credit Cards vs. EMV Cards
A traditional credit card, also known as a magnetic stripe card, relies on a visual inspection of a signature match to ensure authorized use. Magnetic stripe cards are more vulnerable to fraud due to the relative lack of security features. Unencrypted card data can be stolen and used to replicate cards or make fraudulent purchases.
EMV cards have a special “chip” embedded directly in the card that communicates with the point-of-sale device when a customer uses the card and authenticates the transaction. Some EMV cards also utilize a PIN, adding another level of security. The chip encrypts transaction and card data differently every time the card is used, making it very difficult for data to be stolen and used for fraudulent purchases. Currently, EMV cards include a magnetic stripe, allowing the chip card to be used as a traditional card if necessary.
Running a magnetic stripe card is called “swiping” while running a chip card is called “dipping” the card.
Fraud Reduction with EMV
Countries that have implemented EMV payment acceptance have consistently experienced reduced card-present fraudulent activity. Additionally, unlike traditional cards, stolen credit card numbers can’t be used by thieves to make new counterfeit cards. With encryption and tokenization, EMV card data can’t be “skimmed” (illegally copied) at the time of use, preventing theft of card information that would be used for unauthorized purchases.
EMV Liability Shift
The major credit card companies set October 2015 as the date for a shift to EMV acceptance by most businesses in the United States. (Pay-at-the-pump gas stations have until October 2020 to upgrade to EMV acceptance, a postponed date that the card brands announced in December 2016.)
Starting in October 2015, businesses were required by the credit card companies to utilize EMV-capable point-of-sale equipment. Businesses who do not comply will be responsible for the costs associated with accepting fraudulent transactions. Essentially, the liability for fraudulent transactions will switch from the processor to the business. Credit card companies refer to this as the “liability shift.” Businesses who comply with the EMV mandate and utilize EMV-capable terminals will not be subject to the liability shift; liability will remain with the processor.
Credit card companies requiring EMV acceptance in October 2015 include Visa, MasterCard, American Express, and Discover. Maestro has already shifted liability to merchants as of April 2013 for Maestro cards in the United States.
As of March 2015, there is no U.S. government mandate regarding adoption of EMV technology. The October 2015 mandate is an industry regulation.
Becoming EMV Compliant
Businesses that have not yet complied with the October 2015 EMV shift by upgrading current payment terminals and point-of-sale equipment to an EMV-capable model can still do so. Processing companies offer a range of EMV-capable terminals. You’ll need to work with your processor to ensure that you have an EMV-capable terminal in order to reduce your liability for fraudulent transactions.
Note that consumers receiving chip cards is likely to still take some time and you may continue to see magnetic strip cards for awhile. Due to the expense of card issuance, EMV chip cards will be rolled out to consumers in stages. Some consumers are already utilizing EMV chip cards, while others may not for many months still. As of December 2016, EMV chip cards are already being issued by American Express, Citibank, Wells Fargo, Bank of America, JPMorgan Chase, and U.S. Bank. Some credit unions are also already issuing EMV cards.
EMV-capable point-of-sale terminals currently available still provide the option to accept traditional magnetic stripe credit cards, allowing you to process both card types.
If you currently lease non-EMV point-of-sale terminals from a credit card processor, you should contact the company to discuss upgrading to an EMV-capable device, or review your lease to see when it ends so you can purchase new equipment.
Related Article: Don’t Lease a Credit Card Machine.
EMV Non-Compliance Fees
As of October 2015, it costs the same to take chip cards and magnetic stripe cards. However, not having equipment to take EMV chip cards may start costing businesses. This is due to an EMV non-compliance fee. Processors may choose to add this fee for businesses that don’t upgrade to EMV capable terminals.
You can avoid the fee by using EMV chip capable equipment at your business.
EMV in Card-Not-Present Transactions
It’s important to note that while EMV cards are successful at reducing fraud in card-present point-of-sale situations, the technology can increase fraud in card-not-present situations if additional security measures aren’t put into place. For this reason, it is imperative to take advantage of security features in card-not-present environments, such as online purchases. Necessary security features for such transactions include tokenization and end-to-end payment encryption. Merchants can also take advantage of existing fraud prevention tools such as Address Verification Services (AVS) and Card Verification Value (CVV), and 3D Secure fraud tools offered by the credit card companies, such as Verified by Visa and MasterCard SecureCode.
EMV in ATM Transactions
Visa and MasterCard have both made announcements regarding a liability shift for ATMs. MasterCard has announced an October 2015 deadline for ATM operators to upgrade to EMV-capable machines.
Visa has announced an October 2017 deadline for ATM operators to upgrade to EMV-capable machines.
If ATMs are not capable of accepting EMV chip cards by the deadlines above, a liability shift will occur. If a fraudulent transaction occurs with an EMV card at an ATM that does not support EMV cards after the deadlines, the ATM owner will be responsible for the costs associated with fraud.
EMV for Gas Stations (Pay at the Pump)
Pay-at-the-pump gas stations were given a longer deadline for EMV compliance than other types of businesses. The original later deadline was 2017. However, in December of 2016, the deadline was pushed back. Currently, pay at the pump gas stations have until October 2020 to become EMV compliant.
Gas stations should be aware that some experts worry about an increase in “skimming” or stealing credit card data, at the pump as it becomes harder to steal data at other businesses. Be sure to familiarize yourself with skimming and know what to look for.
Related Article: Identifying Credit Card Skimmers.
Benefits to Businesses
In addition to added security and reduced fraud, businesses may be eligible for other benefits by upgrading to EMV-enabled terminals. businesses that utilize terminals that can accept both contact and contactless payments may receive partial or complete PCI compliance fee relief from Visa and MasterCard. Requirements vary, but businesses need to show that they process a large percentage of their daily transactions through a terminal that accepts both contact and contactless payments.
EMV Chip Card Scams and Sales Tactics
Some companies are using the EMV liability shift to attempt to trick businesses into switching processors. Common tactics include companies claiming that you overpaid for EMV transactions and they need your statement to send a refund, companies claiming to be Visa or Mastercard doing a rate quality check, and offering free EMV equipment. You can read more about these pitches here.
Did we miss one? If you’ve been contacted by a company pressuring you about EMV, let us know in the comments.
For answers to frequently asked questions, technical questions, and other information on EMV and the U.S. EMV mandate, merchants can visit the following sites:
EMVCo is the organization that oversees EMV technology. EMVCo is comprised of American Express, Discover, JCB, MasterCard, UnionPay, and Visa working together. EMVCo’s website includes general and technical information related to EMV processing.
Discover EMV resources
Discover provides an EMV specific section of their website for information about chip cards.