Introduction to EMV

Most credit cards feature a magnetic stripe on the back. It contains information—account number, expiration date, name—needed for processing a payment. Magnetic stripe technology was developed in the 1960’s, and is the same outdated technology used in cassette tapes. It is very simple for fraudsters to steal the information and create counterfeit cards.

EMV cards, also called “chip cards” or “smart cards,” are plastic cards that use a much more secure technology that was introduced in 1996 as a means to combat magnetic stripe fraud. An embedded computer chip located on the front of the card securely stores account data and processing rules.

Why EMV? The embedded microchip on EMV cards cannot be duplicated, making the data stored on them virtually impossible to capture and clone.  EMV transactions are much more secure than mag-stripe transactions as a result of strong cardholder authentication combined with a unique cryptographic code that is sent and verified with each transaction, reducing the value of stolen data.

Why Now? Just about every other developed country has implemented EMV, and it has been proven to be effective in dramatically reducing in-person counterfeit and lost/stolen fraud. Therefore, the fraud has migrated to the U.S. Today, about 50% of all credit card fraud occurs in the States, creating frustration for consumers, and costing billions in losses for merchants and financial institutions. Global EMV markets have experienced as much as an 80% reduction in card-present counterfeit fraud after deployment.

Businesses that choose to upgrade to payment devices that support EMV will be making an investment in more secure transactions, while assuring their customers that they have the latest technology to help protect card data.

Watch Get Smart: Introduction To Chip Cards

How an EMV Transaction Works

EMV cards are processed differently than mag-stripe cards. Mag-stripe transactions go one way only. The card is swiped and the information contained on the magnetic stripe is sent for authorization. EMV cards share information from the chip with the payment terminal and the processor to help verify that the card is genuine.

The way that EMV transactions work depends on rules set by the card issuer, the type of payment terminal installed at a merchant’s location, and the consumer’s choice for how to pay. EMV technology is supported through two primary acceptance methods: contact (“dip”) or contactless (“tap”). Payment terminals will support any or all of the following ways to pay:

  • Magnetic stripe cards: swiped through a reader (non-EMV cards)
  • Contact chip cards: dipped into an EMV slot in the terminal
  • Contactless chip cards: tapped (held) near the terminal display to communicate via radio frequency
  • Dual-interface chip cards: dipped or tapped depending on terminal capability and consumer choice
  • Digital wallets: smartphones or other devices tapped near the terminal to securely transmit card information

Dip It: With EMV, the consumer inserts (“dips”) their credit or debit card face up into an EMV slot on a payment device, where it stays until the transaction is complete. This allows the card, the reader and the bank to have a electronic conversation and share important information that helps validate that the card is valid.

Tap It: Most EMV devices also support a technology called NFC, which stands for “Near Field Communication.” It leverages radio frequency to transmit information contained on a contactless-enabled EMV card when it is held near the payment terminal. It is also the technology behind Apple Pay, Android Pay and other digital wallets that allows consumers to pay by simply holding their phones near the EMV device.

PIN or Signature: The bank that issued the card sets the rules and stores them on the chip, which tells the payment device whether to prompt for a PIN or have the customer sign the receipt. In some cases—like quick service restaurants—neither is required.

A smart card: If an EMV card is swiped through an EMV terminal’s mag-stripe reader, the consumer will be prompted to insert it in the chip slot in order to proceed with the transaction.

Watch Take the Dip: How EMV Transactions Work

The EMV Liability Shift

As EMV has been adopted in other regions of the world, the criminals have set their sights on countries with a less secure mag-stripe infrastructure, making the U.S. one big target. Truth is, merchants and banks lose billions to counterfeit card fraud every year.

Liability Shift Explained: To stem the tide of fraud and propel the rollout of EMV cards and devices, the card brands have introduced “carrots and sticks” for both card issuers and merchants. One of the most compelling incentives took place in October 2015. Known as the “Liability Shift,” it occurs when a fraudster presents a counterfeit card (and in some cases a lost or stolen card) at the point of sale. The entity—card issuer or merchant—using the least secure technology will be responsible for the cost of the fraudulent transaction.

Counterfeit Fraud Chargebacks

Mag-stripe: With mag-stripe cards, the financial responsibility to cover counterfeit transactions typically falls to the bank/issuer. Merchants likely aren’t aware that fraud has occurred since consumers who spot a questionable transaction usually contact the card issuer directly.

EMV: With EMV, a merchant that can only process mag-stripe cards may be held liable for the costs of any fraud resulting from certain counterfeit cards. If an EMV card is compromised and the information on the mag-stripe is used to make a counterfeit card that is presented in person for a purchase, and the merchant doesn’t have EMV-enabled technology in place to process the transaction, the merchant may incur the cost for the full transaction amount and any related chargeback fees. In some cases (depending on the card brand), if a lost or stolen EMV card is used to make a purchase on a device that can only read mag-stripe cards, the merchant may be held liable for the purchase amount and any related chargeback fees.

For detailed information concerning each card brand’s definitions of the liability shift, visit the EMV Migration Forum site by clicking here. You can also see an infographic depicting the liability shift by clicking here.

Avoiding the Shift: It is estimated that by the end of 2015, 70% of credit and debit cards in consumer wallets will contain EMV chips. Businesses that have an EMV device in place will be protected from most in-person fraud charges that stem from the use of counterfeit cards. Don’t get caught off guard. Be prepared for EMV so you can protect your customers’ data, your reputation, and your bottom line.

Watch Shift into Gear: Protection From The Liability Shift

GCaDThe Scoop