While EMV compliance has been around for quite some time, there still tends to be a lot of confusion around the subject. What is EMV compliance, and how can you as a merchant ensure your business is EMV complaint? Find all of your answers below!
What is EMV Compliance?
Have you ever wondered what caused the switch to go from sliding your credit card to inserting it into the terminal? The EMV, short for Europay, MasterCard, and Visa, is behind that. They are the three companies who established the computer chip technology to help combat against credit card fraud. In addition to the traditional magnetic stripe, EMV credit cards now also feature smart chips and are seen as the new industry standard around the world.
Why are EMV Cards More Secure than Traditional Cards?
Cards that only have a magnetic stripe are at a higher risk for fraud because the stripe contains unchanging data. If someone copies the stripe, he or she can easily replicate the data because it doesn’t ever change.
However, when a credit card with an EMV chip is used to make a payment, the chip creates a unique transaction code that cannot be used again. So even if a hacker was able to steal the chip’s information from one specific sale, card duplication will not work because the stolen transaction number expires after one purchase. The card would ultimately get denied. It’s important to note that while this technology makes it more difficult for criminals, it will not completely prevent data breaches from occurring.
The Importance of EMV Compliance for Small Business Owners
EMV compliance rules officially went into effect in October 2015, but they are not a legal matter. So while you cannot be arrested for non-compliance, there are some costly risks associated with not following the rules. If your business is still processing credit cards with the magnetic stripe, it will be held automatically responsible for any fraudulent charges made with a chip card.
For example, if a customer comes in and completes a $500 transaction with a chip card and you use the card’s magnetic stripe to ring them up, that customer can potentially dispute the change. And because you are a non-compliant merchant, you would have no legal recourse.
EMV compliance protects your small business from liability. It doesn’t matter if some of your customers are still using cards that only have a magnetic stripe, as long as you are EMV compliant, you will not be liable. This includes both chip transactions and swipe transactions.
How to Become EMV Complaint
So what does this new technology mean for your business? The first step is to upgrade your POS systems to ensure compliance. The new terminals feature the option to insert the card at the bottom, while still offering the swipe feature for customers who do not have EMV credit cards.
The next step is to look into the EMV Value Added Reseller Qualification Program. This is a certification that was developed by the PCI Security Standards Council and the Payments Security Task Force for VARs. During this process, an EMV terminal and toolkit are used. Special test scripts will be executed with the help from the EMV toolkit. The results are submitted to the acquirer who then forwards the results to the associations for final approval.
EMV certification typically includes an administrative fee that ranges between $2,000 and $3,000 for every formal test script run. Re-certification is required every time a new hardware device, using a different EMV kernel is added to the previously certified EMV-processing pad. For example, if you have a specific type of device that has been previously certified, any other device of that kind is automatically covered. But if you use a different type of device, your business will need to initiate another EMV certification, even if you are utilizing the existing host integration and back end.
Challenges to Becoming EMV Compliant
One of the main reasons why businesses have yet to become EMV compliant is how much it costs, especially for retail or other businesses with multiple locations. But what many of these business owners do not understand is that the liability switch leaves them at a higher risk for having to pay fraudulent charges.
Another challenge is getting the appropriate certifications in a timely fashion. Many software providers underestimated the complexity and time of getting certifications completed. This means that even if merchants have their new terminals setup and ready to go, if they are waiting to be certified, they can be held accountable for any fraud that occurs with chip cards.
Benefits of Being a EMV Compliant Business
The biggest payoff is fraud reduction. While the level of success is suggestive, MasterCard has reported that fraud has decreased by 60%, in terms of dollars among its top five EMV-compliant merchants. Reducing the risk of fraud helps your business save money on credit card processing fees. But saving money isn’t the only benefit.
New EMV-compliant terminals offer add-ons that customers are starting to become more accustomed to, like Apple Pay and Android Pay. While it is unlikely for any other form of payment will surpass cards anytime soon, the payments mix is becoming more complicated. With more users looking for alternative payment options, being EMV compliant provides a better customer experience. In addition, the new technology makes it easier to integrate systems into legacy POS.
If your business hasn’t upgraded to EMV technology yet, it is strongly advised you do so. While these upgrades can be expensive, merchants risk facing a much greater cost if they get stuck with bills for credit card fraud.
EMV compliance has helped significantly reduce card-present fraud. But it does not protect consumers from all data breaches. Liability for fraud on a non-chip card remains with the banks. In addition, card-not-present fraud (online or phone purchases) is on the rise. Regardless of what new challenges may be on the horizon, it’s important to make the switch to EMV technology. This worldwide standard is shaping the future of payment processing, and we will continue to see development of contactless technologies to help reduce fraudulent activity.