Many of us take EMV Chip Card technology for granted, accepting it as the method which we must now use to make debit or credit card transactions. However not so long ago we were watching our cards get swiped and signing receipts in order to make payments. So what has changed? What really is EMV chip card technology and why is beneficial for businesses and consumers alike?
“EMV® is a global standard for credit and debit payment cards based on chip card technology”.
The name EMV comes from Europay, Mastercard and Visa who developed the system we now use for most cashless transactions. It was established as a way of processing payments from cards that contain microchips which is why it is commonly known as ‘chip and PIN’. For those retail POS systems that accept it, the requirement of a personal PIN code acts as an additional layer of cardholder verification on an already secure process.
So what are the main differences between EMV chip & pin transactions and magnetic stripe swiping?
The most significant difference is the level of data that is shared. When payments are processed using just the magnetic stripe, the only information that is actually shared is the card number and expiry date. However when using EMV chip card technology there is much more data shared and this requires much greater processing.
The other difference is the level of security each method of payment provides your customers and your business. With favourite fraud techniques usually always resorting to the weakest technology, magnetic stripe cards and transactions are the easiest target. Fraudsters have found that they can use inexpensive card reading devices to copy the information stored on the magnetic stripes of cards. This means they will have access to your card number and card expiry date. This process is known as skimming and has been found worldwide. It is particularly easy to do if at the point of sale you are asked to hand your card over for the cashier to swipe, rather than doing it yourself.
When using chip and PIN to complete a payment, a unique transaction code is created each time using a cryptographic key. It is this code along with the entry of a personal pin code that makes stolen data less useful to thieves. The card details are only a part of the information needed in order to spend. Even if a thief managed to obtain card details, they would not have the capability of creating a transaction code for in-store purchases. The POS device will verify the use of the card by piecing together and ensuring the authenticity of all of the individual security measures.
As of today, many payment providers are already offering the technology and our POS system already integrates with best of those so you can choose from a list of payment gateway providers that is best for your business.
What about security for ‘card not present’ (CNP) transactions?
Standard online fraud protection usually requests additional information in the form of address or card security code verification. However some businesses are taking this a step further in order to protect themselves and their customers from fraudulent transactions. The implementation of additional security questions is becoming common for those businesses that take payments from regular customers. Examples of the additional information they are requesting includes date of birth, middle name or password which the cashier (for telephone transactions) or system can then match to a customer profile.
Many online transactions are also protected by the systems set in place by the major card companies. These include ‘Verified by Visa’, ‘Mastercard Securecode’ and ‘American Express SafeKey’.
Can Chip cards be used at retailers that do not support EMV technology?
Yes, they can. Your magnetic stripe can still be swiped, but you will not have the added security that comes with chip-reading and entering a personal PIN code.
However there are a number of changes approaching with regards to the processing of non-EMV technology payments.
However in the United States, Mexico and Canada there are a number of changes approaching with regards to the processing of non-EMV technology payments. Look out for our article ‘How card payment liability is changing (US, Mexican and Canadian businesses) – get your POS ready for October 2015’ for the information you need to know.