In this article, you’ll learn:
- The 10 steps of an EMV chip transaction
- End-to-end encryption
- How EMV technology prevents fraud
- The bells and whistles of EMV technology
In 2014, credit card and data breaches climbed all the way to 1,540, compromising over a billion records. The vast majority of that fraud happened within United States borders. 47% of cross-border fraud happened from the U.S. too, and experts blame it on America’s slow adoption of EMV chip cards.
When the UK deployed credit card chip technology, their counterfeit fraud rates declined by 70%. Now that the U.S. has, at last, made the transition, those statistics will topple locally, too.
What is EMV?
EMV stands for Europay, MasterCard, and Visa, the credit card behemoths who dominate the sector and developed the global standard for chip-based security. EMV has come to represent every credit card with chip, even those issued by smaller companies.
Because the chips generate a new number for every transaction, they make counterfeiting almost impossible. The card is inserted into instead of swiped through a credit card reader, and a signature completes the purchase.
Who Pays for Fraud?
The transition to EMV chip cards is good news if you have the technology to process them, but dire news if you’re still dragging your heels. Two years ago, retailers didn’t have to cover the counterfeit security breach tab, but now you do. The only insurance against liability is to offer your clients EMV technology.
The liability shift began late in 2015 to encourage retailers to adopt safer practices. At the time, the retail community complained bitterly to the National Retail Federation about the expense of upgrading to new card readers, but you needn’t pay a cent in upfront or fixed costs.
Your typical EMV reader costs between $500 and $1000, alongside monthly and transaction fees. In comparison, SumUp EMV readers only charge a percentage of each transaction. They don’t demand upfront or monthly fees, so switching for security purposes should be a no-brainer.
EMV — Faster Than Ever
The biggest complaint thus far about EMV chip technology is that it processes cards at a snail’s pace. When the transition was still happening, transactions were certainly painfully slow, as was buyer adoption. Now that 2017 has arrived, chip credit cards are faster than magnetic strips were.
How Does EMV Add Security?
The EMV transaction flow has 10 steps.
- The terminal and card chip make an application choice.
- The terminal reads data from that application.
- Data is authenticated offline to make sure the card is not a counterfeit.
- Confirmation of the transaction and chip occur.
- Cardholder verification is done with a PIN, signature, or CVM.
- The reader checks floor limits and the like.
- The terminal requests approval.
- The card approves online or off.
- An online authorization request and authentication are completed and sent to the payment authorizer.
- The transaction is finalized and an issuing script is sent back to the card.
It’s been in use around the world since 2011 and is well tested through an estimated 19 million terminals.
In addition to the extra steps involved in transactions, the signature authentication process is more accurate. PIN verification adds yet another fraud prevention layer. Identity theft becomes far more of a challenge with an EMV chip, too, since all the sensitive information magnetic strips freely gave away to criminals is secured.
It’s important to note that EMV is not a new technology.
What Do Buyers Want?
EMV chips are not merely a virtual Fort Knox for information, but a core customer service, too.
They keep your buyers safe from breaches. In fact, the more aware the marketplace becomes of credit card chip benefits, the more it perceives the failure to adopt this technology as a customer service failing.
The press has bombarded consumers with enough information to write tomes about the new standard. In 2014, 60% of buyers welcomed EMV, a number that grows with every passing day.
Even so, EMV chip cards alone are not enough: the data your reader accesses needs to be encrypted, something that the vast majority of readers don’t do. Your defence of your clients’ privacy is only as powerful as your end-to-end encryption, which should be certified by EMVCo.
End to End What?
End-to-end encryption is a system that limits communication to the users who are interacting. It defeats attempts to access the data on any software or credit card with chip by keeping that information indecipherable while it travels.
This kind of encryption was once the terrain of programmers and IT geeks alone, but now you’ll hear laypeople discussing it over their coffee. It’s become a part of everyday life given the sheer breadth of data theft worldwide.
WhatsApp users are kept informed of it with every upgrade, and some basic journaling applications offer it. If something as benign as a blog offers encryption, how much more important is it when dealing with credit card data?
The History of Encryption
The internet passes information through a long string of routers, servers, and devices. At any stage, a hacker with a penchant for credit card fraud can intercept that data, so encryption was developed as a cure-all.
The data on your chip is scrambled before it travels beyond your credit card machine. When it reaches the correct recipient, it’s unscrambled. This is not a new tool.
The Ancient Greeks used an encryption and authentication technique to protect Spartan military communication, and in 1500 BC, Assyrian merchants used it to protect their trade transactions.
You don’t need to understand the jargon or participate in the encryption process to benefit from it. You only need to choose the right transaction partner.
SumUp uses secure socket layer security because it’s the web’s encryption standard.
Every EMV credit card can use the encryption as long as your reader can. There are no manual inputs or tasks involved on the retailer’s side. The magic happens automatically.
What About Card-Not-Present Fraud?
The EMV credit card processing transition has been 99.9% effective at preventing card present fraud in Europe. As adoption matures, the United States will probably see a rise in both magnetic strip and card-not-present fraud. This will upset the current balance, leading to more losses for retailers who are still relying on magnetic strips.
Credit card chip and pin technology is thus your best protective measure for on and offline card processing, but your e-commerce business needs further mechanisms to keep data safe.
The Evolution of EMV Chip Adoption
The first EMV chip card was issued in 2010 to give valued clientele an extra tier of security and create a globally accepted card. A year later, another 1.6 million users were given chip and PIN debit cards. When smaller issuers like JPMorgan Chase and U.S. Bancorp migrated to EMV, the momentum became unstoppable.
However, the UK adopted chip and sign cards more widely and much earlier than the U.S. They wanted to introduce technology that could process transactions online. Offline endorsements involve the use of a signature, while online ones involve the use of PINs.
Today’s credit card security happens in layers, with each new stratum adding an extra amount of security. If hackers get past the outer layer, they still have several more to pass through if they’re to reach the sensitive data in the center.
The UK’s EMV peak happened in 2008 when there was a 40% reduction in general fraud rates. These numbers rose to over 69% for face-to-face transactions. France experienced even more startling results. Their fraud rates on domestic face-to-face transactions stood at a mere 0.01% in 2009..
What Else Can EMV Do?
Credit card chip readers come with enough bells and whistles to be attractive to any retailer. They speed up your queues, simplify your point of sale, and even create records of your stock levels and bookkeeping data.
Contactless terminals are also far more compact than their predecessors, so they can be carried from door to door in the pocket. Your business can thus be as mobile as you wish. All your reader needs is a mobile Android or iOS device to support transactions.
EMV might have been developed to keep retailers and buyers safe, but it’s evolved to give small and medium-sized businesses access to business models that weren’t available to them before.
You can now carry your point of sale anywhere and gain a new level of automation to support your human resources and accounting departments.
Your data capture and processing workload have withered away to nothing, leaving your staff with extra hours to work on your revenue. With the right EMV partner, chip cards are your ticket to a profit boom.
EMV chip technology adoption is a massive marker of customer service as it secures card information with its end-to-end encryption. But that’s not all, with the right EMV partner, your PoS is transportable and your accounting and human resourcing workload is drastically decreased.