EMV® (Europay®, Mastercard® and Visa®) is a global standard for the authentication of chip-based credit and debit cards. It starts with a credit or debit card with an embedded microprocessor chip that stores and protects cardholder data. Chip cards (also called "smart cards") are the standard in most of the world, and according to CreditCards.com, about 70% of US cardholders have at least one chip card.
Traditional credit cards are swiped through a magnetic stripe reader. Chip cards can be swiped too, but have extra security advantages when processed through an EMV chip reader instead.
The Liability Shift
Since October 1, 2015, if a guest uses a counterfeit or stolen chip-enabled payment card in a card-present transaction at your business, and you do not use an EMV card reader to process the payment, you may be liable for the chargeback and any related claims.
To reduce your liability risk, consider upgrading your software and card readers to support EMV: a fraud-reducing technology that can help protect your business from financial loss if a criminal uses a counterfeit or stolen payment card in your restaurant.
On a chip card, the cardholder's account information is securely stored on the chip. During an EMV transaction, a unique, non-reusable transaction code is created, and the user's identity is authenticated either by a unique PIN code or by signature. The card data is encrypted at the PIN pad. One of various security measures you can take to help reduce payment fraud, EMV applies only to card-present transactions. It does not take the place of PCI compliance.
While chip cards still have a magnetic strip that can be swiped for payment through a traditional card reader, an EMV-capable card reader is required for EMV transactions.
Security benefits and savings
- EMV technology combats counterfeit fraud.
- The new EMV card readers also support Near Field Communications (NFC), for contactless payment and Apple Pay.
- While EMV is not yet a PCI requirement, the payment brands have introduced programs that could waive your annual PCI-DSS audit if you process more than 75% of transactions through an EMV certified device.
Are EMV card readers worth the expense?
The answer may depend on how many card-present transactions you process: Is your concept mostly dine-in or QSR? Or do you handle primarily card-not-present delivery orders?
Another consideration may be pressure from your customers, local business community, insurers, or even the cities and towns where you operate. Beyond the liability risk, delaying the switch to EMV may also impact dine-in or carryout sales. As the banks educate consumers on the security of chip transactions, eventually your customers may become wary of businesses with less secure card readers.