ABI Research has forecasted 575 million U.S. payment cards will feature EMV by 2015, and Global EMV card shipments are expected to total more than 3 billion by 2019. Solupay points out 4 important considerations with the adoption of EMV and EMV Security.
Point to Point Encryption
Just installing EMV in your place of business does not improve the level of security as it pertains to the kinds of breaches that occurred at Target and Home Depot.Those incidents could have been prevented even without EMV, had the merchant installed Point to Point Encryption (P2PE) technology. P2PE is where the card data located either on the magnetic stripe or the EMV chip is encrypted on the credit card terminal immediately when it is scanned, and stays encrypted until it reaches the payment processor or payment gateway. So if the credit card data is breached, it is useless to the culprit. (Yes, without P2PE even EMV data can be breached.)
Card Present Transactions
The added protection that EMV chip cards brings only effects those merchants that are doing “card present” transactions. The only fraud that EMV technology addresses is physical credit card duplication. This is where thieves would copy the credit card account data on the magnetic stripe from the original card and transfer to another blank card. This can be done rather easily with inexpensive equipment. Implementing chip (EMV) technology on the card makes it much harder to make duplicate credit cards. That is why, starting October 2015, you (the merchant) will be responsible for any fraud (if you cannot accept EMV cards) in your place of business if the fraud is committed with a duplicate card. You can certainly chose to continue only accepting magnetic strip style cards after this date, however, you then run the risk of liability for any duplicate card fraud that occurs in your place of business. Each merchant will have to make their own decision as to the outlay of funds to pay for new equipment vs. the risk of this type of fraud.
Card Not Present Transactions
For those that only process “card not present” transactions (such as e-commerce, mail order, or telephone order), EMV has no impact on you, nor is there any new equipment you must consider. If you do both card present and card not present, then of course EMV applies.
A New Style of Transaction
An EMV style of credit card transaction (in case you have not done one yet) is very different at the checkout counter. Instead of being able to quickly swipe your magnetic striped card at the terminal at any time the cashier is ringing up your sale and put your card away, an EMV transaction requires you to insert your card into the terminal at the beginning and keep it their during the entire part of the payment transaction. Think of it almost as an ATM style of transaction when doing a cash withdrawal. Also the amount of data being exchanged is greater than that of a magnetic stripe type of transaction. All these factors add up to the total time it takes to check out at the cashier with an EMV style card. So with the holidays upon us, please be patient, as many will be learning this new style of payment as EMV cards are becoming more widely used.
EMV is coming to the U.S., and it will eventually be the preferred method to accept credit cards. EMV combined with P2PE and tokenization will put your business in the most secure position as possible in conjunction with the other published PCI best practice recommendations.