To begin, let’s go over what exactly EMV stands for. EMV is an acronym for Europay, MasterCard and Visa, and represents the joint effort of these companies to ensure maximum payment security and PCI compliance. It is also the now-global security standard for chip-based debit and credit card transactions. The most distinguishable feature about the EMV card is that it contains an embedded microchip, unlike cards with only magnetic strips, which makes an impactful difference when being accepted at the point of sale. This microchip also protects data against credit card skimmers. EMV technology was slow to make its way into the U.S. in 2015, while Europe and Canada had been using EMV chip cards for years.
You may be wondering how and why EMV is more secure than more historical credit card technology like the magnetic strip. The microchip embedded into the card is the key difference, as you may have guessed. During most recent breaches, hackers have targeted credit card terminals by downloading malicious software in order to extract sensitive data, including credit card numbers, expiration dates and CVVs. This data is considered “Track 2 data”, and can be used to replicate and distribute counterfeit cards with the same information. What sets EMV technology apart is that the embedded chips include an integrated iCVV which holds data outside of the Track 2 level. Only the issuing bank can access this data through the iCVV. To put it simply, each time an EMV chip is used during a payment transaction, a unique code is generated replacing sensitive data that is impossible to replicate. This means even if hackers manage to swipe authentication codes, customer data is encrypted and otherwise useless for future transactions. The microchip therefore reduces counterfeit fraud, since the card’s information is unable to be used for copies.
According to Visa, EMV merchants saw a reduction in counterfeit fraud by 75% from September 2015 to March 2018. The technology of EMV, combined with other security solutions like point-to-point encryption (P2PE) and tokenization, which is the replacement of sensitive data with dummy data, provides for a powerful combination of protection.
In order to get U.S. businesses on board with using EMV technology to protect customer data, the Payment Card Industry Security Standards Council (PCI SSC) declared that merchants who did not adopt the secure payment acceptance method if accepting card-present transactions by October 1, 2015, would face increased potential liabilities. This was known as the liability shift. Under this EMV compliance regulation, any merchant who has not adopted EMV acceptance must assume the liability of fraudulent activity and the associated costs. Before this shift, it was the banks that would previously assume the liability. Over time. this has encouraged merchants to adopt terminals that have secure chip-reading capabilities.
EMV is one of the most recent global initiatives to fight fraud and protect sensitive data processed during card-present transactions. The advancement in technology not only protects the merchant, but also issuers and customers - so all parties involved benefit. Although EMV doesn’t prevent data breaches or attacks, it certainly helps to ensure the most sensitive and important data is not available for replication, helping to reduce costs and losses that are associated with the breach of a company.
If you’d like to talk us in more detail about EMV technology and devices that accept chip cards, please fill out the form below and someone will be in touch.