Do you need EMV?
The whole picture of protecting your business and your customers with card data security and fraud protection often can be blurry. And, with so much talk of EMV and chip cards, understanding their place in that picture is important. Chip cards and chip card acceptance are designed to stop fraudulent card presentation at the point of sale. Here's a look at EMV and some of the elements of securing your business and your customers outside of EMV.
First, chip card, or EMV, transactions are much like other credit or debit transactions, with a notable exception. Chip cards contain customer account information on a card that is embedded with a microprocessor – a smart chip. That chip communicates with point-of-sale devices specifically designed to read the chip. The reading process helps confirm that the card is valid and, in some cases (when chip and pin are used), that it belongs to the cardholder presenting it.
EMV has gained widespread acceptance across Europe. Introduced in 1996, today more than 1.5 billion chip cards have been issued, with over 21 million EMV acceptance POS terminals in use worldwide1. Although chip cards and terminals aren't ubiquitous in the U.S., there's both growing issuance and interest in the fraud-protection role of EMV.
Should you be going EMV? And what other card protection and fraud measures should you be taking? Here are some things to consider:
EMV was not a mandate in October 2015.
First things first. There was no EMV or chip card mandate in October, 2015. Contrary to what many think, U.S. businesses were not required to begin chip card acceptance in October. Instead, as of October 1, 2015, the liability for payment card fraud shifted away from issuing banks and toward U.S. merchants. Based on specific transaction realities, merchants now bear more responsibility for the cost of fraud and are responsible for, as in they will not be paid for, transactions that aren't authorized by the cardholder. EMV helps reduce fraud at the point-of-sale, but it is not a whole picture security solution as many think. EMV cards and readers keep the card encrypted while it is "plugged" into the EMV acceptance terminal—the card information is protected during this process. The value of avoiding costly fraud chargebacks and associated costs is reason enough for some businesses to consider implementing EMV. But EMV is not a silver bullet for all security considerations. There are some additional things you should be considering.
Make sure your POS system is secure.
There are two big things you can do to make your point of sale more secure:
- Work with your dealer/provider. They can help you evaluate, add to and enhance your point of sale—whether you use stand-alone terminals or one of many POS systems available, to be more secure. Your dealer may suggest EMV terminals, and a certified E2E implementation, or some other secure POS solution for your POS system. No one solution fits all, so ask your dealer for an evaluation and for more information.
- Be and remain PCI Compliant. Your providers should be able to help you become PCI compliant with many offering sensible solutions to not only guide you through the PCI compliance path, but provide you with additional assurances associated with card data handling, up to and including assistance in the unfortunate case of data breach.
Carry breach protection assistance.
- You may want to consider investing in financial reimbursement assistance to cover costs associated with a data breach. Many providers offer assistance packages designed to help shoulder some of the costs should a breach actually occur.
- For more information about Vantiv offerings, visit OmniShield Assure or SecureAssist available for integrated point-of-sale (POS) systems.
- AMEX, Frequency Asked Questions EMV Global and US, April 2013