On October 1st, 2015, new EMV technology will begin to rollout into the US market. EMV, Europay, MasterCard and Visa, is a new technology to protect credit card information and help eliminate both fraudulent purchases and data breaches throughout the United States. This new method which implements the use of dynamic data through a microchip on the front of credit cards, has already been implemented internationally in virtually every other major market. Counterfeit activity has dropped significantly in these countries, which is motivating creditors to make the switch to EMV. It’s proven incredibly more secure for both the credit card companies and their customers. Merchants and businesses will need to update their current POS/credit card systems in order to support EMV chip technology. This implies an investment for businesses throughout the country who are looking to become EMV-compliant.
In order to understand EMV, we need to backtrack and explain PCI compliance and its significance to your business. The Payment Card Industry Data Security Standard (PCI DSS) is a set of requirements designed to ensure that ALL companies that process, store or transmit credit card information maintain a secure environment. At first glance, PCI compliance might seem like a grand undertaking, especially for small businesses. However, the process of becoming PCI compliant is minimal in the greater scheme of things, especially as new standards for security are proposed in the United States. Failure to become PCI/EMV compliant could very well have serious, long-term negative consequences on your business, a risk not worth taking.
By complying with PCI standards, you are assuring your customers that you are trustworthy. Through trust comes confidence, and confident buyers become repeat customers. This creates loyalty to your business and/or brand which, in itself, is worth the effort. A good reputation also creates improvements in relationships with your creditors and partners. The more secure your business is, the more likely you are to stay ahead of the modern threatscape, making you less vulnerable to data breaches, lawsuits and fraud.
While EMV is an acronym for Europay, Mastercard and Visa- American Express and Discover are also participating in this technology shift.
Customers should already be receiving new EMV credit cards which are equipped with a microchip (the small metallic square on the front of the new card). It is, literally, a computer chip that will be constantly updated with custom “transaction codes” that are specific for each individual purchase. This microchip eliminates the possibility of fraudulent purchases made on your card.
The 2-step transaction process remains the same: credit card reading and transaction verification. However, the actions of the customer now change from the “swipe” method to the “dipping” method. Customers will have to “dip” their card into a slot where the microchip will be read and processed. While the dip method isn’t as quick as the swipe method, it is much more secure for both the customer and the business. When the card is dipped, information is verified between the microchip and the issuing financial institution in order to authenticate the cards legitimacy. During this process, unique transaction data is created. During this step, not only is the card being verified and authorized, but goes through further security by creating this unique transaction code.
These new EMV chips are much more secure than traditional magnetic strip credit cards. Magnetic strips contain unchanged data which makes credit cards far more vulnerable to fraudulent activity than EMV chips. As stated above, EMV chips highly reduce the risk of theft. Even if stolen, when someone attempts to use a counterfeit card, being as a new transaction code is created for each individual sale, the fraudulent purchase would be declined at the point-of-sale. Additionally, customers will be required to either provide a signature or enter a PIN number in order to further verify the card’s legitimacy. As of now, most credit card companies will not require the use of a PIN number. Eventually, once the EMV cards are in full effect in the US, chip-and-PIN cards will be brought into the mix.
As of October 1st, 2015, the liability for credit card fraud will shift from the credit card company/financial institution to whichever party is involved that has the least compliance with EMV.
Let’s break that down...
After October 1st, the merchant becomes liable if a customer makes a fraudulent purchase using an EMV card on a terminal/card reader that has not been updated to chip reading technology. This is crucial to understand. Before EMV cards, if there was a fraudulent purchase made, the payment processor or issuing bank would be liable. As of October 1st, if you run a business that is not compliant with EMV technology and you collect payment from one of these cards, you will be held accountable. Therefore, by not complying with the new EMV standards, your business is at risk with every transaction via the swipe/sign method.
Furthermore, merchants and business owners need to consider the possibility of a much larger problem: data breaches. Incase of a data breach, the liability remains the same. While you might avoid making the transition to the new card reading technology if you are not the victim of a fraudulent buyer, in the instance your business is hacked, you will be responsible for the financial backlash.
Becoming both PCI and EMV compliant is a complicated process as it involves a number of steps, understanding of both laws and guidelines, and financial investment. By partnering with an MSP, you can eliminate the headaches and confusion involved in the process. Additionally, by hiring someone who is familiar with the necessary measures and processes involved in becoming both PCI and EMV compliant, you can avoid missteps that may occur along the way. A professional IT MSP will be able to walk you through this process, from beginning to end, and will complete each step along the way with the necessary thoroughness and understanding; virtually eliminating any problems down the line.
PCI: To be considered PCI compliant, one of the basic steps is to encrypt customer data, including credit card numbers and CVV/CVC information. Additionally, it is required for you to have flawless security, including but not limited to the addition of a secure Firewall. It is imperative for these steps to be followed exactly, especially with the amount of cyber attacks that have been occurring over the past year. For some further reading on the current threatscape of cyber security, take a look at our blog on Cyber Attacks and learn some simple steps to take in order to protect your business from an attack.
EMV: To become EMV compliant, you will need to update or purchase new credit card readers and transaction systems to support the new chip-technology. Old swipe credit card systems will not suffice after these new and more-secure EMV cards.
The process of becoming PCI/EMV compliant is complex, but it is worth taking the steps in order to secure your business and prevent potential lawsuits, unnecessary fines and fraudulent activity. Delaney Computer Services is more than equipped to handle your transition to compliancy. Give us a call today for more information on how to get the process started. October 1st is right around the corner!