What is EMV?
EMV or Europay, Mastercard, Visa is an additional security measure for credit cards that includes a chip on the credit card. EMV originated in Europe as a “chip and PIN” method to prevent credit card fraud at payment terminals. In October 2015, the United States also adopted EMV measures with the first roll-out including “chip and signature” (although Mastercard is now allowing issuing banks to choose if they would also like to require a PIN, even for a credit card). With the EMV liability shift, consumers received updated credit cards featuring the chip and many retailers updated their payment terminals to accept the new chips.
What Does EMV Mean for Retailers?
The liability shift left many merchants confused and asking questions regarding how quickly do they need to implement EMV pin-pads, how much their liability would increase without them and how else can they protect their store and their customers.
For implementation, the easiest answer is for individual retailers to consider the amount of chargebacks they currently deal with in their own store(s). If chargebacks are frequent, then implementing EMV as soon as possible is probably a good idea. Even if chargebacks have not historically been an issue, there is a new and rapidly growing threat being referred to as “friendly fraud.” This term refers to customers who make a purchase using a chip-enabled card on a non-chip enabled reader, and willfully call the the bank to challenge the charge (realizing the merchant is now on the hook for it if they can’t handle chip cards).
According to a study by creditcards.com, 70% of consumers now have chip-enabled cards, which translates into significant potential exposure for merchants who are not EMV capable.
The liability shift can immediately eradicate a retailer’s prior exposure as well
Merchants have historically been liable, in many cases, for approved transactions involving fraudulently used cards. Retailers will now get relief from fraudulent transactions using chip-enabled cards and processed using EMV enabled pin-pads. Merchants will bear the same liability for fraudulent transactions involving non-chip cards that are swiped.
Retailers can further protect their stores by ensuring they use a PCI-compliant POS that offers seamless processing in addition to point-to-point encryption (P2PE) and tokenization.
What is EMV vs. P2PE and Tokenization
EMV, P2PE and tokenization all work together to help make credit card payments more secure for retailers. P2PE protects merchants and customers by preventing data breaches. With P2PE, credit card data is encrypted immediately when the card is swiped or dipped, and therefore no credit card information is ever processed, stored or transmitted by the local computer or the POS system. The processor is the only party that possesses the unique “key” to decrypt the credit card data on their end. Tokenization is a process that replaces a primary account number (PAN) with a unique token that is provided to the POS at the point of authorization, and therefore further reduces the amount of cardholder data in the environment.