Business tips

How EMV chip cards work.

By Jereme Sanborn on
post image

Target, Samsung, and Equifax: these are just three of the best-known major corporations that have fallen victim to data breaches over the past few years. If you own a small business or online store, do not be lulled into a false sense of security in the belief that only the big fish become the prey of today’s cyber criminals. Whether you have no employees or thousands, whether you have negligible sales or are one of the top players in your field, you are susceptible to fraud and other data-related criminal activity. If you have not already migrated your business to accept EMV or “chip card” transactions, it is imperative that you do so right away. Even if you’ve already made the switch, it makes sense to learn about the history of chip cards, how they work, and the role they will continue to play in safeguarding your business and customers.

What is EMV?

EMV is an acronym for EuroPay, Mastercard, and Visa. These major credit card companies banded together in Europe to found an organization known as EMVCo in 1994. Since then, this entity has expanded to also encompass other large card companies including American Express, Discover, UnionPay, and JCB. Charged with the task of making all cards across the globe compatible, EMVCo was ultimately responsible for developing the framework for the chip cards that are in common use on many continents today.

What distinguishes EMV cards?

Before customers started using this new type of card in Europe in the 1990s and in the U.S. in 2015, credit cards were much less secure. They contained a magnetic stripe on which sensitive information was stored for all to see, including business owners, and cybercriminals. As a result of the visibility of sensitive data, the security of credit cards was a dicey proposition at best. That’s why EMVCo made it a priority to make some much-needed modifications. 

Although American business owners and credit card companies were originally slow to embrace the burgeoning technology, the upsurge in cybercrime, coupled with concurrent reductions in similar statistics in Europe after adoption of EMV, caused the tide to turn. In the end, the card companies shifted liability for fraud to EMV-noncompliant businesses as of October 1, 2015. This precipitated a rapid adoption of EMV technology in the U.S.

The result of EMVCo’s efforts was what is commonly called the EMV chip card, which radically enhances the security of transactions. EMV technology is now being used in more than 80 countries throughout Europe, Latin America, and Asia, as well as in Canada and Australia.

Why are EMV cards more secure?

Are you still playing your favorite music on cassette tapes? Chances are excellent that you are not, yet magnetic stripe technology dates back to the very same 1970s technology once used for that less-than-stellar way to hear your tunes. Information on a magnetic stripe cannot be changed, making it easy to copy and use over and over again with readily available technology that can be obtained online with a few clicks. 

By way of contrast, the chip that is installed in each EMV card is able to generate a unique code that only remains valid during a particular payment transaction. As a result, sensitive data is extremely difficult to replicate. Even if a criminal were to succeed at grabbing the data, the information obtained would ultimately be unusable since it would have expired after the original transaction was completed.

Are EMV cards the ultimate solution?

Fraud can take place in a variety of ways. For this reason, it should come as no surprise that EMV cards are not a cure-all for all nefarious activity related to electronic payments. For instance, they do not, of course, help to prevent fraud that occurs when merchants use magnetic stripe card readers instead of taking the data from the card’s EMV chip. They are also totally ineffectual in cases when data is “skimmed” from terminals using illegal magnetic stripe readers. Furthermore, EMV technology does not help to prevent card-not-present online fraud.

The “dip process” explained.

You may be wondering exactly how EMV cards work. The key is in their design. Covering the tiny microprocessor that is embedded into the card is a small metal plate. When the customer inserts or “dips” the card into one of a wide variety of EMV-compliant readers, a contact connection is made between the reader and the chip card. For each transaction, a unique, encrypted transaction key is created by the chip and sent to your POS terminal. Only then does the terminal initiate the process of authenticating the card.

In most cases, EMV cards — like their magnetic forebears — require an additional verification step: the entry of a PIN. In the United States, signature authentication remains the more popular form of identity verification. Unfortunately, it is far less secure than PIN verification since signatures can be easily copied. 

To make matters worse, cashiers often neglect the scrutiny that might nip a fraudulent purchase in the bud. In spite of their reduced security, so-called chip & sign transactions remain widely used in the United States for two main reasons. First, card companies and business owners believe that customers would be reluctant to adopt the chip & PIN process due to its unfamiliarity. Second, many merchants and financial insiders fear that this procedure would lead to customer confusion and a slow-down in checkout lines that would harm the profit margins of retailers. 

Because it is clear to most people that signatures are an ineffectual way to verify identity, Visa and Mastercard no longer require signatures on receipts or touchscreens at the time of purchase. Even so, they have continued to resist adopting the more stringent PIN authentication standards that are common in many other countries throughout the world. Only time will tell if American companies recognize that the customer peace of mind gained by more robust authentication is worth the small increase in “friction” at the register that it may cause.

Does EMV compliance affect your business?

Years have passed since that fateful day in October of 2015 when liability for the cost of credit card fraud shifted to merchants who had not upgraded to EMV technology. These days, you must pay for the cost of any transactions that could have been prevented had you taken the necessary steps to adopt EMV and install these credit card readers. If you have not taken the EMV plunge yet, ask yourself the following questions:

  • Are you still swiping magstripe cards instead of using their built-in microchips?
  • If so, are you prepared to pay for any purchases made and chargebacks incurred, along with their associated costs?
  • Do you have a point of sale system that has been upgraded in recent years?

If you are like most forward-thinking business owners who have simply avoided upgrading to EMV because of a tendency to procrastinate, you probably realize that the time has come to protect yourself and your customers with the heightened security that this technology can bring.

Taking the next steps.

The first thing you must do when considering upgrading is to look at your existing hardware and software. If you have an updated POS solution, chances are good that you already possess the necessary software and just need to get new card readers from your payments partner. If everything in your setup is antiquated, however, the time has come to invest in a modern POS solution. In addition to processing payments, these multifaceted systems can help you automate numerous business functions, including inventory and customer relationships management, payroll, report generation, and sales forecasting. When you combine these features with the exponentially stronger security that EMV compliance offers, you are left with an affordable yet comprehensive system that protects and enhances your business at many different levels.

Can any particular type of technology safeguard your business and the data you transact 100% of the time and in all situations? Of course not. However, EMV chip technology has proven itself to be a remarkable improvement over previous security measures. In an era of hackers and thieves who show no signs of stopping their criminal behaviors, it is incumbent upon you to do all that you can to protect the business you have worked so hard to build and the customers who have continued to support it. Put the security capabilities of EMV cards to work for your business today and you will soon reap the numerous rewards.