Coming October 1, 2015. Is your business ready?

Are you aware of the EMV liability shift?

What is EMV?

EMV is a technology standard originally developed by Europay, MasterCard and Visa in 1994 that utilizes smart cards to increase the security and global compatibility of credit and debit card transactions.

With EMV, a customer's credit card information is transmitted to a business's credit card machine via a small microchip in the customer's credit card instead of via a magnetic strip that is the current standard.

A smart card is a plastic payment card that has an embedded microchip with memory and often micro processing functionality.

Smart cards are the same size and shape of traditional credit cards, and most feature a magnetic strip in addition to a microchip so that it can be accepted by businesses with point of sales systems incapable of reading a smart card.

Unlike magnetic strip cards that store and transmit static cardholder information to a business's point of sale device, the microchip in a smart card adds a bit of dynamic data to each individual transaction. Think of this dynamic data as a one-time-use password that protects each transaction.

How am I impacted by the liability shift?

With the liability shift, if a chip card is presented to a merchant that has not adopted a terminal that is certified for chip card acceptance, liability for counterfeit fraud may shift to the merchant's acquirer – who may then pass this fee back to the merchant. The liability shift encourages chip adoption since any chip-on-chip transaction (chip card read by a chip certified terminal) provides the dynamic authentication data that helps to better protect all parties. In addition, if a counterfeit magnetic stripe card is presented at a chip certified terminal, the liability for the counterfeit fraud will be the responsibility of the card issuer.

Am I required to support EMV?

No, you are not required to support EMV in the U.S. region at this time. However, one item that you need to consider is that even if your organization hasn't been targeted by high levels of card present fraud in the past, you may be putting yourself at risk in the future, as fraud will migrate to the weakest technology (magnetic stripe) Therefore, you may want to ensure that all your terminals are chip capable and that your payment processing application can support chip card acceptance.

EMV Security and Fraud

EMV utilizes microchips instead of magnetic strips to transmit cardholder data at the point of sale. Unlike magnetic strips that transmit static information, a microchip attaches a unique cryptogram to each and every transaction.This makes each transaction unique, thereby thwarting a fraudster's attempt to duplicate a transaction.

The dynamic cryptogram generated by a smart card also protects against "card skimming," which occurs when a fraudster reads the magnetic strip information from a credit or debit card without the cardholder knowing and then uses the information to make card-not-present purchases.

Once obtained, the card information can be used for "card transplant" fraud. This occurs when a fraudster uses inexpensive devices to copy a Cardholder's magnetic strip data to a blank card. The card copy is then used to make purchases, or in the case of ATM cards, to withdraw funds from the cardholder's account.

The EMV standard will also help reduce card-not-present fraud by reducing the amount of stolen credit card information available for use online, although this benefit will not be realized until the EMV standard has been widely utilized for some time.

What does EMV migration mean for card-not-present (CNP) merchants?

As EMV technology is adopted in the card present space, it is expected that fraud will also shift to the least secure channels, including CNP. From an online fraud perspective, it's important that CNP businesses be prepared for this anticipated shift, as experienced in other regions that have already migrated toward chip card technology.

As fraud migrates online and fraudsters continue to get more sophisticated, the tools you have in place now may no longer be advanced enough to protect you and your customers. Strategy is key and it's imperative to take the extra measures to know good customers and good customer behavior (beyond just AVS and CVV). It is recommended that you avoid the use of Address Verification and card validation values (security code) checks as your sole fraud detector since the false positive exposure can be high with these tools alone. You should consider strengthening the value of these tools by supporting additional technology to confirm and mitigate fraudulent activity.

A good fraud prevention tool will enable in-house management in real time, with no negative impact on your good customers' experiences (those transactions that are not fraudulent in nature). Having the ability to control your fraud prevention at the business level, without the required assistance of IT support or third-party vendors, helps to ensure that your good transactions get through and your customer is not burdened with holds or declines based on suspected fraud. Simply put, you can prevent the fraudulent transactions without compromising the legitimate ones. This will protect you, your good customers, your bottom line and your brand.

How are EMV cards processed?

EMV is a card-present technology, meaning the card must connect directly to a business's point of sale system either physically or within a distance of no more than a few inches through near field communication (NFC). In the case of NFC, a cardholder simply waves her smart card in front of a reader on a business's POS device to make payment. Alternatively, a cardholder can insert her EMV card into a slot in the business's credit card machine and a reader within the machine connects with the card to initiate contact. Smart cards that are capable of both contactless and physical transactions are called dual interface cards. Most smart cards are dual interface, but not all.

Four basic methods for processing an EMV transaction:

Contactless ("tap and go")

For a contactless transaction, the cardholder simply waives her card in front of a business's POS device to provide payment information. She may then be prompted to enter a personal identification number (PIN), or to sign a receipt once the transaction has been authorized.

Chip & Pin

A "Chip and PIN" EMV transaction occurs when a cardholder inserts her card into a business's POS device and the card remains within the device while she provides a PIN number to unlock the card. Chip and PIN is the most widely utilized EMV standard worldwide.

Chip & Signature

A "chip and signature" transaction occurs when a customer signs a sales receipt instead of providing a PIN number to complete the transaction. It is speculated that the U.S. will utilize chip and signature instead of chip and PIN since it is very similar process to what consumers are accustomed to with magnetic strip cards.

Chip & Choice

A "chip and choice" EMV transactions occurs when a customer is given a choice of completing a transaction by providing a PIN number or signing the sales receipt.

Preparing your business for EMV

The best time to begin preparing your business for an EMV transition is now. EMV-capable credit card processing machines and POS terminals have been available for some time.

Will I still be able to accept traditional credit and debit cards?

The Future Proof terminal has a magnetic stripe swipe reader and you can continue to accept payment cards that are not chip-enabled.

Chip cards will still have a magnetic stripe during the U.S. migration to EMV, to ensure that customers can continue to pay until all merchants have been given the time to upgrade their equipment.