WHAT MERCHANTS NEED TO KNOW ABOUT EMV: FAQS
If your question is not listed, we're here to help. Please visit our EMV page, contact your Relationship Manager, or call our Merchant Services group at 1-800-457-9913.
- EMV is the global standard for card-present payment processing technology – and it's coming to the U.S.
- EMV uses an embedded chip in the card that holds all the same cardholder information that is stored on the magnetic stripe, and more.
- This "smart card" technology provides an additional form of card authentication for the transaction – providing better validation of the legitimacy of the payment type being used and helping reduce the use of counterfeit payment cards at retail points of sale.
- The EMV chip helps protect you from card-present counterfeit transactions, but not those made with a lost or stolen card. Businesses will still need to ensure they verify the identity of the person presenting the card for payment.
- EMV is technology in use today to authenticate cards and cardholders, helping to ensure that a card is not a counterfeit or "cloned" card. The embedded chip generates a one-time value to make each transaction unique. This is known as dynamic authentication.
- Magnetic stripe data is static; the data is the same each time the card is used at all terminals and is easily "cloned".
EMV-enabled cards, or smart cards, have an embedded secured microprocessor chip that stores cardholder data and creates a unique value for each processing transaction. Smart cards come in three forms:
Contact Cards get inserted into a card reader for transaction authentication and must stay in the terminal for the duration of the transaction, which ends when the receipt is printed.
Contactless Cards, aka "Tap-and-Go" cards, use a radio frequency and a nearby (within a few inches) contactless-capable reader for transaction authentication.
Dual Interface Cards combine contact and contactless technology and use dual interface terminals for transaction authentication.
- EMV technology contains advanced security features that can help reduce card-present counterfeit fraud.
- It can offer consumers more convenience and instill greater confidence at the point of sale (POS).
- When the Visa and MasterCard liability shift occurs in October 2015 for retail businesses and October 2017 for petroleum pay-at-the pump businesses, you may avoid the financial liability associated with counterfeit card transactions by being EMV-ready.
October 2015 is when the financial liability shifts from card issuers to retail merchants for counterfeit fraud card-present transactions, and October 2017 for petroleum pay-at-the-pump merchants, if only the magnetic stripe authentication is used when the card is EMV-capable. The table below shows who is financially liable for counterfeit card present transactions based on EMV readiness after the liability shift.
*Card Issuer liability remains subject to other Card Network rules.
- Customers who are unfamiliar with chip-based cards will need to be trained on how to insert or tap their cards in or over the device.
- Employees will need to understand these new procedures in order to help customers and to explain the security benefits as customers ask questions.
Dual interface terminals are able to process chip transactions from various payment products, including contact or contactless chip cards, mobile devices and wallets, and magnetic stripe cards. The image below shows how this works.
Yes. Chip cards will have both the embedded microchip and the magnetic stripe. However, you will be subject to the liability shift for card-present counterfeit fraud transactions.
An EMV-enabled terminal will have a slot where the smart card can be inserted, a contactless radio frequency reader, or both. Ask your bank representative if your terminal is EMV-ready.
Yes. Some terminals can be upgraded to fully support EMV transactions with only a peripheral device versus needing a new terminal. We will provide additional information on what you may need to be EMV-capable as it is available.
Yes. You will need to download a new application to read smart cards on EMV-capable terminals.
There are two components; the terminal device and the application it uses to read the card. EMV certified terminals have the ability to communicate with the chip card via contact or contactless means. The application drives the device, allowing it to authenticate the chip card and cardholder, as well as authorize the transaction either online with a PIN, or offline with the chip.
Not at this time. The card brands have not announced any new interchange categories for EMV card acceptance, so the transactions will qualify at the current rates.
With EMV, the Associations will have new chargeback codes. For Visa, a 62 code is for a Counterfeit Transaction dispute and an 81 code for Fraud, Card Present. MasterCard also has two codes. For Counterfeit Fraud, you will see a 4870 code, but a never-received-as-issued (NRI) fraud dispute will be a 4871 code.
While there are a few virtual terminal card readers on the market, manufacturers continue to develop "future proof" EMV-enabled devices. As we near the liability shift date, we will provide more information when it becomes available to us.
As EMV technology is adopted in the card space, it is expected that fraud will also shift to the least secure channels, including CNP. From an online fraud perspective, it's important that CNP businesses be prepared for this anticipated shift. Strategy is key, and it's essential that you take the extra measures to know good customers and good customer behavior beyond just Address Verification Service (AVS) and Card Validation Values (CVV). You should consider strengthening the value of these tools by supporting additional technology, such as CAPTCHA, a program that is designed to tell humans apart from computers automatically, to help mitigate fraudulent activity. An example of what CAPTCHA looks like is below.
The EMV liability shift affects all card-present transactions. So, there is no distinction made if you accept cards using a smart phone or tablet.
There are no unique EMV requirements for cash back transactions. However, they are subject to the same liability shift as all other card-present transactions.
The card brands vary on their requirements, but to be fully prepared, you will want an EMV device that can process chip and signature, chip and PIN, and contactless payments.
Yes. PCI-DSS compliance is mandatory for all merchants.
- Do your research in advance. As equipment upgrades have the potential to be both costly and time consuming, it's best to get started earlier versus later. Figure out how much it's going to cost, how long it's going to take and plan accordingly. Also, when planning on how to update your systems to support this change, you will want to take a look at the cost versus benefits of EMV.
- Training and product awareness at both the business and employee level is crucial to a successful implementation. As EMV acceptance is very different from the traditional magnetic stripe (the card is inserted into the terminal as opposed to swiped, for example), it is important that everyone is familiar with the new requirements to make the customer experience as smooth as possible.
- Don't wait until the last minute to migrate. You may begin to feel the pressure once the EMV card migration starts to reach its critical mass – with issuing banks beginning to issue chip cards to new and existing customers. Businesses that have not already migrated to EMV may consequently have to answer to their customers as to why they have to continue to swipe their new chip cards – especially when the market presents chip technology as the safer way to pay.
Talk to your bank representative and begin assessing what a chip card payment migration plan would look like for upgrading or replacing all consumer-facing POS devices.
NEED ADDITIONAL HELP?