by Tim Kirk
EMV (EuroPay, MasterCard, Visa) allows cardholder data to be stored on a payment card using integrated chip technology. Questions about EMV chips abound. Common questions include: “Why should I switch to EMV?” “Why are there so many merchants who don’t accept EMV?” “I just received a call from someone who told me that my entire business could implode at any moment if I don’t get an EMV terminal right now—how seriously should I take this?”
A Bit of History
In the beginning, payment cards had physically raised lettering on hard plastic cards which were used to capture an imprint of cardholder data on paper; in later years magnetic strips were used to store and transmit cardholder data. Magnetic strips use the same technology as audio cassette tapes to store information.
Magnetically striped cards became problematic when it became easy to deploy technology to counterfeit cards by recording stolen cardholder data onto magnetic strips of blank cards. This meant that cardholder data snatched through a security breach could be transferred to the magnetic strip of another card—even a hotel key card. The primary defense against this type of breach was to make merchants and point of sale developers accountable for cardholder data security.
The New Chip Technology
EMV technology was developed in Europe as another line of defense against data breaches and payment card counterfeiting. Although there have been data breaches involving EMV technology, they are very few and far between. Plans to deploy EMV chips in the U.S. were delayed when the Durbin Amendment, which took effect in 2011, created a new classification of payment cards, resulting in the need for major adaptation and restructuring of the EMV system. This is the main reason the payment card industry has missed its deadline of October 2015 for a complete migration to EMV chipped cards. Currently, only about 70% of issued cards are chip enabled. When the transition is complete, chips will replace strips and PINs will replace signatures.
Clearing Up the Confusion
Most confusion regarding EMV migration regards a shift in merchant liability. This shift in liability only affects the possibility of chargebacks due to counterfeit fraud in a card present environment. Does this increased probability of losing revenue due to chargebacks for merchants who have not transitioned to EMV technology? Yes, but not nearly as much as some in the payment card industry wants merchants to believe.
There are a number of reasons for chargebacks; EMV only mitigates risk for card-present counterfeit fraud. When an EMV card is present, EMV technology is deployed, and if a cardholder claims that an unauthorized transaction has occurred, the card issuer may issue a chargeback. If merchants and their employees follow industry standards and best practices for conducting secure transactions, these chargebacks can be resolved in the merchant’s favor or avoided altogether. Merchants should watch out for processors whose sales forces create an exaggerated sense of urgency regarding EMV technology to influence them to open a new merchant account, especially if an equipment lease is offered.
Make the Switch
Merchants who haven’t transitioned to EMV should make it a priority to develop and execute plans to make the switch. This is not difficult for merchants who use a stand-alone terminal to process payments—it is a simple matter of terminal replacement. The transition can become more complex if you use an integrated Point of Sale (POS) system. POS developers and payment gateways are still in the process of developing solutions to comply with EMV migration; merchants should be in contact with POS providers and gateway tech support and ask them about a date when to expect a solution. Merchants can also seek help from their merchant services provider. If a provider is not helpful, it may be time to shop around.
Data security and secure transaction procedures are a broad subject. Other aspects of security will be covered in subsequent articles. Ironically, EMV technology is over 20 years old; advances in technology and more secure methods for conducting credit card transactions already exist. Merchant processing should always be a matter of teamwork between merchant processors, solution providers, and merchants. Business owners should know what is required and train staff to be vigilant.
Tim Kirk is an account executive with PaidRight; he has been helping merchants establish, grow and manage their revenue streams since 2009.