The EMV standard for credit cards was introduced as an alternative to magnetic stripe cards by EuroPay, Mastercard and Visa in 1993/94. EMVCo, the consortium of financial companies that currently manages the standard also consists of Discover, JCB, UnionPay and American Express. EMV was adopted across Europe gradually and in the US, card issuers switched over to the EMV chip standard and put a liability shift deadline in place as of October 1, 2015.
EMV cards are backward compatible with MagStripe readers. EMV enabled credit and debit cards as well as mobile phones consist of an embedded microprocessor chip that can store and protect the card holders data. Because of this they are also known as chip cards. EMV cards can be used in the following two modes for verifying the card holder.
- Chip-and-PIN: Users are required to enter PIN’s to complete payments.
- Chip-and-signature: Users are required to sign the payment slip to complete payments.
The Chip-And-Pin mode is considered to be more secure of the two.
The EMV Chip reader and the chip together create a unique encrypted code called a token for every transaction. The token is a dynamic number that can be used only one time and is generated from information on both the chip and the reader, after following the instructions contained in the chip. This token is then decoded to verify with the card issuer that it came from specific card chip. Once it is verified, the system checks if there is enough available credit for the purchase to be approved.
The unique token generated during every EMV transaction is dynamic as against the static information that is contained in the magnetic stripe of the card. The static information may be copied easily by hackers. Thus, the cryptographic processing involved while validating the EMV card provides better security against credit card fraud.
In the US, card issuers declared that, businesses would be officially responsible for fraud cases where EMV cards were used with non – EMV compliant readers. With this liability shift, the risk to any business not implementing EMV readers has increased and it has become necessary to be EMV compliant to mitigate this risk. Our previous article on EMV discusses what small businesses need to know in order to become EMV compliant.
According to these Dec 2018 statics shared by Visa, 3.1 million stores are accepting chip cards in the US alone as against 392K in September 2015. This constitutes 68% of the US storefronts. 98% of the overall payment volume in December 2018 was using EMV cards. With such high volumes of usage, consumers expect that all stores and businesses will have EMV compliant readers.
Microprocessors contained in the EMV cards can interact with terminals to perform offline transaction and cardholder verification. Card readers can be configured to accept offline PIN’s without an online connection to banking systems.
EMV standard supports contactless transactions where cardholders are only required to tap the card against the terminal. This is usually enabled by card issuers for low value transactions. The standard also supports mobile transactions which can be accomplished by tapping a mobile against the card reader.
As EMV is now a global standard, cards issued in one country can be used in any other country. This would encourage visiting tourists to spend more when shopping at a store which has an EMV compliant reader.
Merchants who implement EMV compliant terminals may apply for PCI Compliance relief to the card company if, more than 75% of merchant transactions originate from EMV-compliant POS terminals that support both contact and contactless transactions.
EMV compliant terminals are as easy to install as any other card reader and cost about the same. As such for new businesses they should be the obvious choice.
Since EMV has become a widely accepted standard globally, implementing EMV card readers is a logical step for any business. Sooner the implementation takes place, higher will be the benefit for the business.