Decoding the way that EMV technology is shaping the world its liabilities

Today, people no longer wish to carry a wallet full of notes and coins. Luckily for us all, the way we perform transactions has been evolving quickly over the years, from coins and notes to magnetic stripe cards. However, magnetic stripe cards are becoming outdated as we are already shifting to chip cards. Find out how the EMV technology is shaping our lives, its impact on our transactions and the liabilities involved.

What is EMV?

EMV does not refer to any specific card type. EMV is a new international standard for credit and debit cards that are equipped with computer chips. It is an abbreviation that stands for Europay, MasterCard, and Visa. It equally supports the technology to authenticate transactions and demarcate a fraudulent user from a genuine one.

How did the EMV technology emerge?

The EMV technology has been developed in the 90s by MasterCard, Europay, and Visa in the wake of massive data breaches, counterfeit cards, and fraudulent online payment attacks. As these organizations realized the need to secure payment processes and transactions, they created and published the first version of the EMV standard in 1996. Ever since, other companies such as Discover, American Express, UnionPay, and JCB have joined together with the initial founders (thus creating EMVco*) to maintain and enhance the existing EMV standards.

How does EMV differ from the traditional magnetic stripe cards?

Contrary to “traditional” credit and debit cards, EMV technology is supported by the use of a computer chip instead of a magnetic stripe. The magnetic stripe cards were simply a static storage device that was read by the terminal. For a typical magnetic stripe card, the terminal performs various functions, including card swipe, PIN encryption, signature capture and then authorizes access. The latter contains unchanging data and whoever gets access to the data acquires information on the cardholder that can be used to make purchases and other frauds. They are much targeted by counterfeiters who can make unlimited replicas as the information remains unchanged.

However, the EMV chip cards work differently. EMV cards contain a computer chip that generates a unique one-time code every time a transaction is made. As such, data stolen from a specific point of sale is useless as it may not be used again. The payment processing rules have been already determined by the issuing bank on the chip. The chip will process information supplied by the terminal and will decide how to carry on the function. In simpler terms, the EMV terminal is responsible for enforcing the rules on the chip. If ever the terminal is unable to provide the services that the chip requests, the issuer can easily set rules so that the chip cancels the transaction.

EMV technology in today’s world and in the United States

The EMV technology is being adopted at national level in view of protecting both consumers and businesses as it virtually makes fraudulent payments difficult. These types of cards are proving to be very effective in the fight against fraudulent transactions and in securing payments.

EMV cards have made significant progress in the United States. Apart from an increase in demand, excellent customer satisfaction and controls on expenditures, EMV cards have also prevented the customers of the UNFCU to “go native” by switching to their local banks. The American market has been recently one of the biggest targets for fraud attacks and EMV cards have emerged at the best time to help business people and individuals alike secure their private data and payment transaction history from fraud attacks.

In fact, the United States has already witnessed a drop of 47% in counterfeit fraud in 2016, as compared to 2015. On a parallel note, counterfeiters have shifted to focusing on the card, not present (CNP) transactions and fraudulent transactions implicating these cards shot up to 77% in the same period. An analysis made by the UNFCU shows that the EMV chip cards have been well received by people and is still in great demand with 153% increase in card applications, 382% in credit lines booked, 20% for revolving balances and an increase of 15% in overall purchases.

The EMV technology has already established itself as an innovative system and a global standard to combat fraudulent payments involving credit and debit cards. However, this new technology automatically entails questions regarding the system itself and conditions and liabilities involved in its use.

Compliance with EMV technology has been imposed since 2015

The EMV compliance rules have become effective as from 1 October 2015, although gas stations had until October 2017 to abide by the rules. What does EMV compliance mean for small businesses? It simply means that they should upgrade their terminal to a particular model that can process payment and transactions via EMV chip cards.

The transition from swiping to inserting our credit cards is still ongoing as implementing the EMV technology is still voluntary for many business owners. Many businesses are still reluctant and wary about adopting EMV technology for various reasons that include cost, the pressures, and uncertainty of embracing a new technology and the slow process that it entails.

What are the consequences for merchants who do not comply with EMV?

Although there are no legal consequences for non-compliance, a merchant who does not have EMV readers and still swipes his/her client’s EMV card will be fully responsible for any negligence or fraud. He will be also accountable for reimbursing the total loss sustained by the client. A small corner cafe might be saved from such types of frauds but the risk is higher for certain types of businesses (jewelry, designer goods, electronics, etc.) that use credit and debit cards for most of their payment transactions.

For example, consider the case of having a customer that commits fraud and charges $1000 on an EMV chip card. You as an EMV non-compliant business owner use his/her old magnetic swipe card to carry out the payment process. In this fraud case, if the customer disputes the charges, then you would have no legal recourse and might actually be charged more than your business can afford to lose.

It is better for small businesses to comply with EMV

It is highly recommended for businesses to invest into becoming EMV chip compliant not just to go along with the trend, but because it offers security for both the business and the clients.

By becoming EMV compliant, you also acquire first-class, updated hardware and software to use in your business. It provides you with an opportunity to provide better service and save money. It is also advisable that merchants making most transactions online equally update their card readers to safeguard themselves from carrying liability for fraudulent charges.

A new set of liabilities has been established

A business may choose not to adopt EMV compliant technology but a savvy business person who accepts major credit and debit cards for the transactions of his/her customers should know the liabilities in failing to upgrade to an EMV-compliant terminal.

All the liability costs for cards stolen or cloned have moved from the financial institution where the card was issued to the least compliant party. That is, the charge isn’t lifted from the card issuer, but rather on the business that does not comply with EMV. Credit card companies will be held liable only if criminals devise a way to exploit the EMV technology. In addition, banks that do not encourage customers to shift to using the EMV chip technology will be liable if the magnetic stripe cards used by the customers are counterfeited. In cases where the customer’s bank has provided with an EMV card but the merchant has failed to adopt the technology, he becomes financially liable for any fraud.

How to be EMV compliant?

For your business to become EMV compliant, consider using a countertop credit card terminal, a point of sale (POS) system or a mobile card reader that can read EMV chips of debit and credit cards. All of these devices contain a slot either at the top or at the bottom which allows your customer to insert their card. The device will then read the card’s EMV chip and request the customer’s PIN in some cases to authorize the transaction. In other cases, the customer will be required to sign before access is provided.

EMV cards are offering faster processing features now!

Although payment processing times are slower with chip cards, compared to magnetic stripe cards, it is better to choose this option for your own security. Nowadays with the evolving technology, some EMV cards contain NFC (allows data to be exchanged between devices that are a few centimeters away), providing fast processing features. If you’re concerned about the time it takes to process chip card transactions, consider upgrading to the NFC technology while being EMV compliant.

Do your part to ensure additional security

Even though EMV has made significant progress in the credit card industry, it doesn’t guarantee to make card-present fraud 100% impossible. Rather, it is well-equipped to make data breaches difficult and protect cardholders in the event of any fraud cases. New EMV chip cards still contain magnetic stripes that allow them to be used at older payment terminals. According to experts in the industry, it will take years for the transition from magnetic stripe cards to EMV chip cards to take place completely. Until then it is important that every small business owners have an EMV compliant system to protect them.

How to take additional precautions?

For complete security, it is also important to take additional precautions by allowing experts to help you in protecting your customers’ data. Some of the small steps that you can take include setting up proper firewalls, configuring antivirus software, detecting and resolving any weaknesses in your systems and have an expert monitor your POS system for tampering.

By also implementing point-to-point encryption and tokenization, you can also lower any risks of frauds to take place during the payment authorization process. Point-to-point encryption helps in encoding the data on your customers’ payment cards, regardless of whether the card is swiped or dipped. On the other hand, tokenization will generate a random set of numbers (called a token) instead of the usual card number. Thus, if hackers or thieves happen to intercept the number, it will be of no use to them. These new forms of technology work greatly with EMV and provide further security for any individual or business person seeking a complete peace of mind for his/her payment processes.

Related articles published in EMV and Smart Payment Cards :

Image : Shutterstock