EMV Cards

From NewHaven Software Wiki

(Difference between revisions)
Jump to: navigation, search
(Why chips?)
(Why chips?)
Line 9: Line 9:
Recent statement from Square on the topic:
Recent statement from Square on the topic:
-
Here’s some data we’ve seen: about 17 percent of the cards swiped on Square Stand or Reader now contain a chip, up from roughly 3.5 percent in January 2014. For now, the majority of the cards are still being processed as magnetic-stripe transactions (all chip cards also have a magnetic stripe on the back). But as sellers upgrade to EMV technology, more and more of these transactions will be processed via the chip on the card instead of the magnetic stripe. A big milestone here is the liability shift, which, as we mentioned, happens in October. At the current pace of chip card issuance, we expect roughly 35-40 percent of cards to be chip-enabled by the time the liability shift hits (though this may change if issuers speed up or slow down their pace). - See more at: http://paymentsjournal.com/Content/Featured_Stories/26769/#sthash.XSpykLlN.dpuf
+
''Here’s some data we’ve seen: about 17 percent of the cards swiped on Square Stand or Reader now contain a chip, up from roughly 3.5 percent in January 2014. For now, the majority of the cards are still being processed as magnetic-stripe transactions (all chip cards also have a magnetic stripe on the back). But as sellers upgrade to EMV technology, more and more of these transactions will be processed via the chip on the card instead of the magnetic stripe. A big milestone here is the liability shift, which, as we mentioned, happens in October. At the current pace of chip card issuance, we expect roughly 35-40 percent of cards to be chip-enabled by the time the liability shift hits (though this may change if issuers speed up or slow down their pace). - See more at: http://paymentsjournal.com/Content/Featured_Stories/26769/#sthash.XSpykLlN.dpuf''
=Should I care?=
=Should I care?=

Revision as of 20:54, 3 August 2015

Some background information on EMV cards, clarification on the industry's roll-out plans, requirements, and frequently asked questions.

Contents

What is EMV

The above title link is an informative article from our primary payment processing partner, Mercury Payment Systems (MPS). The cards are also referred to as "chip card" (because they have a chip embedded in the card) or NFC which is near field communications chip. Most new devices will have you insert the card chip first into a slot, instead of swiping the mag stripe, where others will use the NFC technology where you'd merely wave the chip over the reader.

Why chips?

The chip is used in lieu of the magnetic stripe to communicate the card number, expiration date, and name to the device you plug it into (no more swiping.) These chip cards are much more difficult to copy/duplicate. This technology used is prevalent worldwide (we're late to the game in the U.S.A.) and helps to reduce fraudulent "card-present" transactions. It offers no additional security for card use online or by phone (CNP - card not present transactions). It's worth noting that these cards still have a mag stripe on them to be used with traditional/current card swipe solutions since it is expected that it will take retailers a few years to implement chip card readers.

Recent statement from Square on the topic:

Here’s some data we’ve seen: about 17 percent of the cards swiped on Square Stand or Reader now contain a chip, up from roughly 3.5 percent in January 2014. For now, the majority of the cards are still being processed as magnetic-stripe transactions (all chip cards also have a magnetic stripe on the back). But as sellers upgrade to EMV technology, more and more of these transactions will be processed via the chip on the card instead of the magnetic stripe. A big milestone here is the liability shift, which, as we mentioned, happens in October. At the current pace of chip card issuance, we expect roughly 35-40 percent of cards to be chip-enabled by the time the liability shift hits (though this may change if issuers speed up or slow down their pace). - See more at: http://paymentsjournal.com/Content/Featured_Stories/26769/#sthash.XSpykLlN.dpuf

Should I care?

If you do all of your business by phone and/or online, no need to worry about the change. It is something you should consider if you have a retail store front or other scenario where you accept physical cards.

As a consumer you'll start receiving new chip cards from your credit card providers and be instructed on how to use them as merchants start adopting the hardware needed to process them.

Do I have to accept EMV in my store?

"U.S. merchants are not required to implement EMV by October 2015"

Supporting EMV is not a requirement, see the link about or the following article from Visa:

Be aware that if you accept an EMV card by using its mag stripe instead, and the charge turns out to be fraudulent, you will be responsible for the fraudulent transaction costs.

What about the PCI fines?!

This is not about PCI, breaches or the crippling fines that go with them. If a fraudulent transaction occurs with an EMV card, the merchant is responsible for the cost of that fraudulent transaction. It appears to be the same as losing a chargeback dispute. It is not a data breach that would incur PCI fines. Here is an article from the PCI Council that explains their stance:

It does help to reduce fraudulent card-present transactions. While not a requirement, you may find it is worth the expense/effort to implement an EMV card reader.

There is an additional scenario where if the card was swiped in your store and then a duplicate card was created by someone obtaining the mag stripe data from your system, you would then also be liable for any transactions made with the duplicated card. CMS does not, however, store the mag stripe data (per our adherence to PA-DSS 3.1 regulations) so this should not be a concern for CMS users unless your mag stripe reader itself was replaced/spoofed.

When or is it required?

The first phase of the EMV roll-out is October 1, 2015 but even then it is not required. These articles confirm it is a liability shift, not a requirement:

Our primary payment partner MPS just announced their EMV solution in April and we are a now researching how we can support it. The only solution for EMV is to integrate with one of their certified input devices. We can't say yet when we will be able to support EMV but it's possible/likely that it will not be by October.

I want it already, what's the ETA?

To clarify, these EMV readers are not just another input device to feed the card data to CMS for processing like the mag stripe readers have been. This is a new paradigm where the card reader device MUST handle the processing. As such each device must be individually certified (which is rigorous) and thus we expect to only offer support for a small number of devices. CMS will also have to be modified to support feeding transaction data to the device, have the device process the transaction, and CMS be updated with the results of that processing. This is not a trivial project and must be executed carefully to ensure a trouble-free and PCI compliant implementation. Bottom line, it's going to take some time.

Will it work with my merchant account?

Our only solution for EMV will be with MPS and some of their devices. If your merchant account is not with MPS, please contact us so we can arrange to have a quote prepared for you.

Again, this has no effect on card not present (CNP) transaction, only card-present.

If you were to assess the number of card present fraudulent charges you've received in the past and then further reduce that by the fraction of future charges that will be made with cards that are EMV (noting this liability doesn't apply to non-EMV cards), in most cases the resulting risk should be low. As explained in this article the corresponding liability risk should also be low.

Any more good news?

Indeed. The devices we're examining appear to also be conducive to working with other payment solutions like PIN Debit, Apply Pay and other NFC payment solutions.

Personal tools