Merchants required to be EMV capable by October 1st
Prepare yourselves – the EMV is coming. EMV, which stands for Europay, VISA and MasterCard, is a standard for credit card chip technology designed to make transactions more secure and less prone to fraud. If you’ve recently received a new credit card – and noticed a computer microchip embedded in it – then you have the technology already. Starting October 1st 2015, businesses who process credit card transactions in person (card present) are required to have EMV capable terminals – or potentially face liability for any fraudulent charges.
EMV technology allows for much more secure transactions, which in turn reduces the chance of fraud. The key is all in that little chip that’s imbedded in the card itself. Older credit and debit cards use a magnetic strip to store information. This strip is programmed with details about the card – the account number, expiration date, and other things. This information is static and never changes. When it’s swiped at a point of sale terminal, the information is read from the magnetic strip and used to complete the transaction. Problem is, it’s very easy to capture this information and steal credit card numbers. It’s also easy to make your own credit cards with this stolen information. You can purchase blank cards and use a machine to program the magnetic strip with any numbers you want. EMV cards, on the other hand, are much harder to counterfeit. When a transaction takes place, the chip uses a one time transaction code that cannot be used again. So even if a hacker was able to duplicate the code, any subsequent transactions would be denied.
EMV cards operate a little different than older cards. Instead of swiping, EMV capable cards are “dipped” into a slot on the point of sale terminal – similar to how an ATM works. The card remains in this position for the entire transaction, so the reader can communicate with the chip in the card. The transaction take a little longer than a swipe transaction, but if it stops the bad guys from stealing, it’s worth it.
United States last to the EMV party
So why the sudden shift to EMV technology? It’s actually not all that sudden. The rest of the world has been using it for years, and the United States is the last major market to adopt the technology. Although the US only processes about 25% of the world’s credit card transactions – almost 50% of all fraudulent transactions takes place here. Credit card fraud is a major cost for payment processors, banks and consumers. Because of this, credit card companies want to make their cards more secure and prevent fraudulent activity. EMV technology will allow payment processors to validate transactions more securely, reducing the chances of someone using a fraudulent card. Also, there’s a liability shift for fraudulent transactions. Historically, fraudulent transaction liability was placed on the bank or payment processor. After the deadline, if a fraudulent transaction takes place, the liability will be placed on the least EMV compliant entity. So if you process credit cards and don’t have an EMV capable terminal, you could potentially be liable for any fraudulent charges made.
Even after the October 1st 2015 deadline, many retailers won’t have the upgraded equipment to process EMV transactions. After all, there is a cost involved in purchasing compatible terminals. To support the transition period, most EMV capable cards will also work in traditional swipe point of sale terminals. You will notice that most new credit and debit cards still have the black magnetic strip, in addition to the embedded chip. This means you can still swipe your card as you always have, and process the transaction as you normally would.
EMV and the potential for fraud
Will EMV stop fraudulent transactions from occurring? Probably not, but likely it will reduce in person credit card fraud. Since the chip is only relevant when processing a transaction with the card physically present, any internet sales could still potentially use a stolen card number. Also, it’s much easier to complete a transaction online with a stolen card because the security methods in place – like address verification and CVV codes – can also be forged or stolen. In addition, there’s one major difference in how many US transactions will differ from European transactions. European payment processors use a two-step verification process that includes a PIN. When you process a credit card you must also enter the PIN number. This step verifies you are the card holder. Unfortunately in the US, for most transactions you will still enter a signature instead of a PIN. This is because most payment processors don’t yet have the technology to process ship-and-pin transactions. As signatures are easier to forge, the transaction is less secure.
To reduce the likelihood of fraud, another method that retailers can adopt is NFC (near field communication). This is where your smartphone uses an app like Apple Pay or Google Wallet to process a credit card transaction. Since the smartphone can communicate with the point of sale terminal securely, it’s able to protect the data being transmitted – as well as verify the authenticity of the owner. This method is so secure that MasterCard mandated by 2020, merchants in Europe must accept NFC transactions in order to process any MasterCard payments.
Payment processors are working hard towards upgrading systems to support chip-and-pin authentication, but it will likely take a few years before everyone is up to date. Until then, EMV transactions will help reduce fraud – but only to a degree.