What does it mean for your business?
EMV chip card technology is a global standard for cards equipped with computer chips and the technology used to authenticate chip-card transactions. EMV stands for Europay, MasterCard® and VISA®, the three companies that originally created the standard. In the wake of numerous large-scale data breaches and increasing rates of counterfeit card fraud, U.S. card issuers have migrated to this new technology to protect consumers and reduce the costs of fraud. These new cards are being sent to credit card holders to improve payment security, making it more difficult for fraudsters to successfully counterfeit cards.
For merchants and financial institutions, the switch to EMV credit card processing means adding new in-store technology and internal processing systems and complying with new liability rules. For consumers, it means learning a new payment process.
How do chip cards work?
The EMV chip is that small, metallic square you see on new credit and debit cards. It’s a small computer chip that sets it apart from the older generation of credit cards. On older, traditional credit and debit cards, magnetic stripes contain unchanging data. Whoever accesses that data gains the sensitive card and cardholder information necessary to make purchases. That makes traditional cards prime targets for counterfeiters, who convert stolen card data to cash. If someone copies a magnetic stripe, they can easily replicate that data over and over again because it doesn’t change.
Unlike magnetic-stripe cards, every time an EMV card is used for payment, the card chip creates a unique transaction code that cannot be used again. If a hacker stole the chip information from a point of sale, typical card duplication would never work because the stolen transaction number created in that instance wouldn’t be usable again. If used, the card would simply get denied. EMV chip card technology will not prevent data breaches from occurring, but it will make it much harder for criminals to successfully profit from what they steal. Counterfeit fraud rates have already decreased in the United States as a result of EMV adoption, according to Mastercard and VISA. In March 2017, chip-enabled merchants saw a 58 percent drop in counterfeit fraud compared to a year earlier.
How to use a chip card
Just like magnetic-stripe cards, EMV cards are processed for payment in two steps: card reading and transaction verification. However, with EMV cards you no longer have to master a quick, fluid card swipe in the right direction. Chip cards are read in a different way. Instead of going to a register and swiping your card, you are going to do what is called “card dipping” instead. This requires you to insert your card into a terminal slot and wait for it to process. Of note, you will notice your EMV cards still have a magnetic strip for point of sale terminals that are not EMV-enabled, such as at gas stations.
When an EMV card is dipped, data flows between the card chip and the issuing financial institution to verify the card’s legitimacy and create the unique transaction data. This process isn’t as quick as a magnetic-stripe swipe. It will take a tiny bit longer for that transmission of data to happen. If a person just sticks the card in and pulls it out, the transaction will likely be denied. It takes a little bit of patience. While chip card transactions may take a bit longer than magnetic stripe transactions, total card processing time will vary between merchants and eventually speed up as the new payment environment improves.
Will you still have to sign or enter a PIN for your card transaction? Yes and no. You will have to do one of those verification methods, but it depends on the verification method tied to your EMV card. Whether you need a PIN no longer depends on whether your card is debit or credit. Chip-and-PIN cards operate just like the checking-account debit card you’ve used for years. Some U.S. financial institutions have begun issuing customers chip-and-PIN cards. Entering a PIN connects the payment terminal to the payment processor for real-time transaction verification and approval. However, many payment processors are not equipped with the technology needed to handle EMV chip-and-PIN credit transactions. So, it is not likely you will have to memorize new PINs anytime soon.
EMV security and who is liable
The major U.S. credit card issuers Mastercard, VISA, Discover and American Express® set an October 1, 2015, deadline regarding the liability for card-present fraud. This liability has shifted to whichever party is the least EMV-compliant in a fraudulent transaction. Consider the example of a financial institution that issues a chip card used at a merchant that has not changed its system to accept EMV chip card technology. This allows a counterfeiter to successfully use the card. The cost of the fraud will fall back on the merchant. The change is intended to help bring the entire payment industry on board with EMV by encouraging compliance to avoid liability costs. Today, any parties not EMV-ready could face much higher costs in the event of a large data breach. Although the deadline was strong encouragement for all payment processing parties to become EMV-compliant as soon as possible, not everyone has made the transition yet. To become an EMV-compliant merchant, you will most likely need to purchase a new credit card terminal that is EMV enabled, if your terminal isn’t already.
How to become an EMV-compliant merchant
It’s likely that on an almost daily basis that you have someone coming into your business looking to lower your credit cards rates and trying to sell you new EMV-compliant terminals. Be aware that most, but not all, of these sales representatives are looking to make a quick deal, sell you equipment at over-inflated prices or lock you into expensive long-term leases. Or, they may promise you credit and debit card processing rates that will begin to climb higher after six months.
If your credit and debit card terminal doesn’t currently accept EMV cards, you will need a new terminal. You can expect to pay anywhere from $150 to $350 for the terminal. Also, if you want to have a PIN pad to put on your counter for customer to use, add an additional $100 to $200 dollars to that cost. You may also want to consider mobile readers for mobile devices that will allow you to take EMV credit and debit cards. Prices on those can range from $75 to $175 depending upon whether you want to have a PIN pad for your customers. One additional benefit of most new credit and debit card terminals and PIN pads is that they also accept contactless or “tap and pay” transactions such as Apple Pay®, Google Pay™ and Samsung Pay® at no additional cost.
Setting up your new credit and debit card terminal is easy. Plug in your communication cable (telephone or internet), plug in your PIN pad (optional) and plug in the power cord. That’s it! Once you’ve plugged in the power cord, the terminal will automatically turn on and begin loading it’s internal software.
Have your credit and debit card terminal communicate via an internet connection to simplify the process of accepting EMV credit and debit cards and make it smoother for your customers Using the internet to process your credit and debit card transactions will increase the speed 2 to 3 times faster than a phone line. You and your customers will appreciate the quick process.
Processing credit and debit card transactions over the internet also will increase the complexity of your annual PCI compliance questionnaire and most likely require quarterly network scans of your business’s network. It sounds complicated, and it sometimes can be depending how your businesses network. Thankfully, some merchant service providers like ProCard Solutions, through a partnership with Elavon®, offer a low monthly cost encryption program for their customers. Safe-T, ProCard Solutions and Elavon’s encryption program benefits a merchant in three ways. One, it’ll encrypt all credit and debit card transactions on a merchant’s terminal. Two, because all credit and debit card transactions are encrypted, there is no longer a need to have quarterly network scans to be PCI compliant. And three, the Safe-T program works so well at protecting merchants’ credit and debit card transactions, their annual PCI compliance questionnaire is even easier than having a credit and debit card terminal on a phone line.
In an upcoming blog post from Greater Alliance Federal Credit Union and ProCard Solutions, we will navigate the waters of PCI compliance and what it means to merchants in today’s credit and debit processing environment.