Data breaches and credit card fraud attacks have increasingly dominated the headlines, including the high-profile Yahoo, Equifax, and Blackbaud breaches. In 2020, a massive 37 billion records — like full names, addresses, credit card numbers, and Social Security numbers — were compromised, the largest number since 2005.
The payments industry is fighting back against fraudsters with new tools like EMV technology. EMV cards (or “chip cards”) are more secure than traditional magnetic-stripe cards, making fraud and chargebacks much less likely. To avoid any fraud liability, merchants have to meet certain EMV requirements, whether you own a brick-and-mortar business or online store.
In this guide, we’ll answer your EMV compliance questions and show you exactly how to protect your business and your card-holding customers.
EMV is an acronym that’s short for Europay, Mastercard, and Visa — the credit card networks that pioneered and implemented this secure technology. American Express and Discover, the other major U.S. card networks, are behind this push for payment security as well.
EMV has actually been around for decades in other countries. Payment experts explain that the U.S. has always had a robust credit card system with plenty of anti-fraud steps, so there’s been less need for higher security measures. But with data breaches and fraud on the rise, there’s been a growing call to adopt EMV transactions.
Now, EMV is a global credit card standard, using microchip technology to authenticate and secure card transactions and reduce the risk of fraud. According to EMVCo, over 80% of card-present transactions worldwide are conducted with EMV chip technology. U.S. merchants are still in the process of adopting EMV chip cards, with 63% of card-present transactions using EMV.
We’ll also note that EMV cards go by several different names. They’re also referred to as:
Next, let’s go over the different ways EMV chip cards safeguard payment data from end to end.
EMV and near-field communication (NFC) often get confused because they both represent new, secure payment technologies available to merchants. However, they’re not interchangeable.
EMV refers to chip cards, while NFC is a type of technology that lets people pay with their mobile devices, like smartphones and watches. It works by allowing devices to communicate with each other when they’re held close together, usually about two inches or less, which is why it’s often called a “contactless” payment solution. Apple Pay and Google Pay are two common examples of NFC apps.
NFC was already on the rise, but it became even more popular during the COVID-19 pandemic, when businesses and customers were on the hunt for hands-free checkout options. It’s just as secure as EMV — transactions are encrypted using tokenization, making it virtually impossible for cybercriminals to access card information.
From a customer’s perspective, payment is simple — they insert (or “dip”) their card into the chip reader in your point-of-sale (POS) system and wait for their transaction to be completed in a few seconds.
Behind the scenes, EMV technology is protecting your customer’s personal information — and by extension, your business — at every turn. As we mentioned earlier, an EMV card is a credit card or debit card with an embedded microchip. These computer chips can store more information than magnetic strips and can only be authenticated by special EMV card readers.
When a customer initiates an EMV transaction, a unique, one-time-use transaction code is generated. Your small business never receives or transmits a customer’s actual card number. Even if a cybercriminal breaks into your POS system and steals EMV card information, they walk away empty-handed. They only get access to the random code created for the transaction, just a jumble of letters and numbers. Your cardholder’s actual card information is safe, encrypted, and inaccessible.
We’ve broken down the what and why of EMV technology, but how exactly does the shift toward EMV cards affect your business? Mainly, you’ve got to have a payment system with POS terminals (in-store or virtual) that accept EMV cards.
The reason? The 2015 EMV Liability Shift. It used to be that if you accepted a fraudulent payment, the banks absorbed the costs. But in 2011, the major credit card companies set an October 1, 2015 deadline for merchants to start using EMV-enabled POS systems for in-person purchases.
As a result, liability for fraud shifted to the party that wasn’t EMV-ready. In other words, you could be on the hook for fraudulent purchases with chip cards if you don’t meet EMV compliance requirements.
There is, however, an exception for gas stations. As of early 2021, the deadline has been extended to April 2021 to accommodate the added costs and time needed to upgrade the payment terminals in their fuel pumps.
Let’s look at an example. Say you own a cosmetic surgery center and a client comes in for a rhinoplasty that costs $5,409. The customer pays with a stolen or counterfeit EMV credit card. If you don’t use an EMV card reader to process the transaction, you may be responsible for the full $5,409 charge — not the credit card issuer, bank, or payment processor. That’s a hefty chunk of change for any business, but merchants offering high-cost services and products are particularly vulnerable.
Before we continue, it’s important to note there’s no law or mandate that says merchants have to accept EMV transactions. There isn’t anything illegal about not using EMV-compatible card readers. However, if you don’t meet EMV compliance standards, there’s no question that your business and customers are at risk. Fraudsters don’t just go after large corporations and Fortune 500 companies. Over 40% of cyberattacks target small businesses, and 60% of small companies close within six months of being hacked.
The good news is that maintaining your EMV compliance really works. Visa recently reported that merchants who accepted EMV cards saw a whopping 76% decrease in counterfeit fraud.
Customers are quickly adopting EMV cards. One poll found that 70% of U.S. credit cardholders now carry an EMV chip card. So, if you want to avoid costly fraud liability and give your customers a secure way to pay, it’s time to invest in EMV.
It’s easy. All you need to do is upgrade your POS system — your credit card terminals or mobile card readers — to support EMV transactions. EMV is the gold standard for safe card processing, so most merchant services providers offer a variety of affordable payment solutions.
For example, Nadapayments can get you set up with a Wi-Fi-enabled EMV terminal for as little as $35 per month. Plus, with Nadapayments’ surcharge program, you won’t pay any processing fees on credit card transactions, saving you thousands and increasing your bottom line.
Cybercriminals are constantly evolving their methods of attack, but so is the payment industry. Using EMV-compliant terminals is one of the smartest moves your business can make to ensure your data is protected 24/7/365. Ready to upgrade? Get in touch with us to learn about our EMV-ready payment solutions.