In 1994, three international payments systems, Europay, MasterCard and Visa began the development of a global chip specification for payments systems. In 1996, the first version of the EMV standards was published, describing the requirements for interoperability between chip-based payment applications (chip cards) and acceptance terminals. EMVCo has been managing and updating EMV specifications and the related certification programs since 1999.

An EMV card—also referred to as a “chip card” or a “smart card”—features a secure, embedded integrated circuit chip (ICC)on the front that has the ability to read and write information to the chip and validate authenticity. The chip stores encrypted data that is more secure than mag-stripe data.Chip cards also contain a mag-stripe on the back.

EMV technology is designed to improve security for in person transactions by providing features that reduce fraud resulting from counterfeit and lost/stolen cards.  The features that support lower fraud are authentication of the chip cards (verifying card is genuine), risk management parameters (allowing a transaction to be conducted a certain way), choice of cardholder verification methods (e.g. signature, PIN, No CVM), and digital signature for the payment data (creating a one time cryptogram)

Unlike data on a static mag-stripe card that can be copied (“skimmed”) to create a cloned card, chip technology combats counterfeiting by assigning a dynamic value for each transaction. When an EMV card is used at a terminal, the chip produces a one-time secure use code for each transaction.  If this information is accessed in a data security breach, it cannot be used to process additional transactions or create a counterfeit card.

Globally, there are more than 3.4 billion chip cards in circulation. As EMV has been adopted in other regions of the world, fraud has migrated to countries with a less secure magnetic stripe infrastructure. The increased occurrences of data breaches in the U.S. demonstrate that the criminals have set their target on the United States. While EMV alone doesn’t prevent a data breach, the secure elements contained on the cards dramatically reduces the occurrence of counterfeit card fraud.


If you see the chip on the front, the card is EMV. But don’t worry; you don’t have to examine every card that consumers present for payment. If an EMV card is swiped through a mag-stripe reader, the terminal will instruct the user to insert it instead. The customer inserts their chip card face up into the smart card slot on the payment terminal, where it remains throughout the transaction. The chip controls the terminal’s prompting sequence: sometimes it will prompt for a PIN, sometimes a signature, and sometimes neither is required.

Chip-enabled terminals have all of the features of most standard payment terminals—mag-stripe reader, key pad, display—with the addition of a slot for the customer to insert their card. The slot is typically located on the lower front area of the payment terminal.

It’s important to verify with your merchant processor that the software in your device is enabled to support EMV cards. If someone presents a chip card and you are able to process the transaction using the mag-stripe, you should contact your payment processor to understand if you need to get new software, or if you need to upgrade to a new device that supports the latest EMV standards.

While EMV alone can’t prevent a data breach, it is important for everyone in the payment stream—issuers, processors, merchants—to adopt EMV as an important method in stemming the impacts of data breaches and the resulting use of counterfeit cards. Merchants are not required to upgrade to EMV, however, it’s important to understand the financial impact that could occur if EMV is not supported in your business.

In an effort to drive issuers and merchants to adopt EMV technology, an incentive called the “Liability Shift” was established.  It took effect in October 2015 and, shifts the responsibility for some fraudulent transactions to the “least-secure” party (issuer or merchant) who is not EMV ready. A merchant may be liable for counterfeit card fraud that occurs on any chip card used on a magnetic swipe terminal. An issuer is liable for most fraud that occurs on any magnetic stripe card used on a chip card-enabled terminal. It is estimated that 70% of credit cards in consumers’ wallets will contain EMV chip cards by the end of 2015.

Learn more about the Liability Shift by visiting the EMV Connection website.

In addition to the security features associated with EMV, the technology used for contactless chip cards is propelling the adoption of mobile technology and digital wallets that allow consumers to “tap” devices such as phones, smart watches, and fitness bands to exchange payment and other information. Upgrading to EMV-accepting devices helps you tap into these innovations.

Please contact your account representative or call us if you have questions about EMV, or you would like to upgrade your terminal to accept EMV cards.

The EMV standards govern in-person transactions only; e-commerce payments continue to work as they do today. However, it’s important to note that as merchants adopt EMV technology for in-person payments, more fraud will migrate online. Therefore, it is wise to take a multi-layered approach to protecting cardholder data. Check with your payment processor about data security and fraud prevention solutions to protect your business.