Blog | Level 10

What is EMV Compliance, and Why is it Important?

Written by Level 10 | April 9, 2015

What is EMV?

EMV stands for Europay, MasterCard, and Visa; it is named after the companies who defined the standard, although they have also been joined by JCB, Discover, and American Express. Credit cards which follow the EMV standard will include a chip containing the card’s information in addition to the standard magnetic stripe. EMV card readers require the card to be inserted into a terminal, providing authentication that the card is valid.

EMV is a global standard, with the United States being the last country in the world to join. It provides global interoperability, allowing credit cards to be used around the world. Its goal is to prevent fraud from counterfeit, lost, and stolen cards. As a result of this, “card not present” fraud, which affects online credit card payments, is expected to surpass total store fraud in the near future.

PINs vs. Signatures

Most countries use “chip and PIN” authentication, requiring the entry of a PIN when making a payment. However, the United States still uses “chip and signature” authentication. This prevents fraud from counterfeit cards, but lost and stolen cards are still a risk. While chip and signature may not provide as many protections against fraud as chip and PIN, it is still used for a number of reasons: consumers believe that it results in faster transactions, people don’t want to have to remember multiple PINs, and issuers and card networks make less money when PINs are used.

When Will This Take Effect?

The Fraud Liability Shift Date for EMV compliance is October 1, 2015. After this date, retailers will assume the liability for fraud if they are not able to accept EMV cards. Companies who accept credit cards at fuel pumps will have two additional years to meet compliance, with their fraud liability shift going into effect in October 2017.

Our Recommendations

As the date for EMV compliance approaches, retailers should take steps to ensure that they are meeting these standards. In addition, we recommend implementing End-to-End Encryption (E2EE) and tokenization, a technology which encrypts credit card numbers when they are sent to the processor for authorization and ensures that no actual card numbers are stored in your system, eliminating the possibility of card numbers being stolen in a data breach.

As you look at how best to meet these requirements, this is a great chance to take a step back and consider your entire payment architecture, ensuring that it covers all aspects of security and fraud protection.

If you have any questions about how to do so and what other aspects of your payment system you need to consider, please contact us.