EMV® Compliance

EMV is a global standard for secure processing of credit and debit cards based on microchip technology. Introduced in Europe in the late 1990s, EMV technology is already in use in more than 80 countries worldwide, with approximately 2.5 billion EMV cards in circulation and 36+ million EMV terminals in operation.

EMV is facilitated by EMVCo, overseen by six member organizations — MasterCard®, Visa®, Discover®, American Express®, JCB and UnionPay — and supported by banks, merchants, processors, vendors and other industry stakeholders.

EMV Benefits

EMV’s greatest benefit has been a reduction in fraud resulting from counterfeit, lost and stolen credit cards. This increased security results from the unique, one-time code generated by the EMV cardreader for each transaction.

Additionally, EMV provides worldwide interoperability and acceptance of credit cards. As of Q4 2014, 32 percent of transactions globally were EMV — a number that is sure to grow rapidly now that the United States’ payments infrastructure is migrating to the standard.

An important milestone for all U.S. businesses that accept credit cards will come on October 1, 2015, when financial liability for counterfeit fraud losses shifts to the party that is the cause of an EMV transaction not occurring. If a business is not EMV compliant by that date, it could be held financially responsible for fraudulent transactions.

Secure Technology

EMV “smartcards” are embedded with a microprocessor (microchip) that provides strong security features and other capabilities not available on the magnetic strip-based cards that have been the standard in the U.S. The microchip securely stores information and performs cryptographic processing that encodes the data to help keep it safe from identity thieves and fraudsters.

The two basic categories of chip technology are contact and contactless. Contact technology requires physical contact between the chip in the card and a cardreader that allows an exchange of data with the credit card terminal. Contactless technology accomplishes the data exchange via Near Field Communication, or NFC, requiring the cardholder to pass or wave their mobile device or card in close proximity to the cardreader.

Chip-and-PIN vs. Chip-and-Sig

Two types of EMV chip cards are available: chip-and-PIN and chip-and-signature. They function in the same way, but differ in how they are authenticated at the point of sale. The customer inserts or “dips” their EMV card into the cardreader instead of sliding it through, as they’re accustomed to doing with a mag stripe card. The reader collects the account data embedded in the chip and the transaction is processed.

Once authorization is obtained from the processor, holders of chip-and-PIN cards complete the transaction by entering a four-digit personal identification number (PIN) on a PIN pad. Chip-and-sig cardholders must sign to verify the sale.

EMV Growth in U.S.

By one prediction, there will be more than 575 million chip-enabled payment cards in the U.S. and almost half of merchant terminals will be enabled for EMV technology by the end of 2015. Those numbers are expected to rapidly escalate as the chip continues to replace the mag stripe in credit and debit cards issued in this country. (To facilitate the transition to EMV, the first round of cards is being issued with both chip and mag stripe functions.)

Businesses and service providers who adopt EMV technology early will be ahead of the competition, both in terms of processing EMV transactions and in terms of protecting themselves and their customers from data breach and identity theft. Becoming EMV compliant benefits everyone in the payment chain.

Helpful resources and important information about chip cards is available from the EMV Migration Forum and the Payments Security Task Force at GoChipCard.com.

EMV is a registered trademark in the U.S. and other countries, and is an unregistered trademark in other countries, owned by EMVCo.

Start Your PCI
Compliance Process Now!

Find Out About Our Solutions

PCI Compliance Solutions from Compliance101.com.

PCI Compliance Solutions

Did You Know?

Fines for noncompliance range from $5,000 to $500,000 per month?