Here’s What Merchants Need to Know About EMV Compliance

If you’re a merchant, then you probably haven’t been able to escape talk of EMV compliance over the last year or so. But even if you’ve heard about it, that doesn’t mean you’ve made the switch to EMV technology. As of October 1, 2015, all businesses are expected to be EMV compliant per rules set forth by MasterCard, Visa, Discover, and American Express. But many businesses have failed to make the shift. So far, only around one-third of merchants have become EMV-compliant.

If you’re a merchant, then you probably haven’t been able to escape talk of EMV compliance over the last year or so. But even if you’ve heard about it, that doesn’t mean you’ve made the switch to EMV technology. As of October 1, 2015, all businesses are expected to be EMV compliant per rules set forth by MasterCard, Visa, Discover, and American Express. But many businesses have failed to make the shift. So far, only around one-third of merchants have become EMV-compliant.While transitioning to EMV can be confusing (and costly), it’s important to make the switch as soon as possible. If you’re still feeling in the dark about what EMV is all about and why it matters to your business, this article will set the record straight. And if you still have questions? Our team of experts is standing by.

5684_emv_graphic-1

What Is EMV?

EMV is short for “Europay, Mastercard, and Visa” in reference to the three companies that developed it. (These days, the technology is also supported by American Express, Discover, and UnionPay.) It’s a global technical standard used in credit and debit cards and at payment terminals and ATMs. EMV technology is most widely identifiable in the form of chip cards—credit or debit cards that must be inserted into a reader at the point of checkout, rather than being swiped. The term can also apply to “contactless” cards that can be read using RFID technology and don’t need to be inserted or swiped at all. EMV technology is also used to authenticate transactions conducted with EMV cards.

5728_emv_graphic-1

Over the past several years there’s been a cross-industry push to switch to EMV technology and phase out antiquated magnetic swipe cards. The main force driving this transition is the fact that EMV is significantly more secure and can reduce fraudulent charges both in person and online. That’s because magnetic strips contain fixed cardholder data—so if anyone accesses said data at any point, they’ll be able to re-use it over and over again to commit fraudulent charges. In contrast, EMV cards create a unique transaction code for every transaction—meaning even if a code is accessed, it cannot be used to make additional purchases. One of the primary goals of EMV is to mitigate the effects of massive data breaches such as those that occurred at Target, Home Depot, and other major retailers over the past few years.

What Does It Take to Be EMV-Compliant?

Merchants looking to switch to EMV must take three main steps in order to become EMV-compliant:

  • Install EMV technology in their stores. Every piece of hardware involved in payment transactions (think registers, self-service kiosks, and so on) needs to be compliant with both EMV credit cards and EMV debit cards. If your equipment doesn’t contain a chip slot, that’s a sure sign it’s not EMV compliant. (Most systems purchased within the last year will be compliant.) EMV readers can be pricey—think several hundred or even several thousand dollars depending on your POS system and the number of readers involved. But it’ll be cheaper than being liable for a variety of fraudulent transactions. (More on this below.)
  • Invest in payment processing systems that work with EMV technology. (Note: SwipeSum can help!)Start by calling your payment processor to determine whether your system is compliant and whether your terminals need to be Level 3 Certified. If your system isn’t compliant, you’ll need to invest in compliant software. This is also a good time to review your payment processing contract to ensure it continues to be in your company’s best interest.SwipeSum can help you make sure any contract you sign is aligned with your business’ needs and represents the best fee structure available.
  • Familiarize yourself with the “Liability Shift”. Prior to October 1, 2015, responsibility for fraudulent transactions typically landed with the credit card company in question. These days, liability for some types of fraud committed during card-present transactions involving EMV-compliant cards falls to whichever entity is least EMV-compliant—whether that’s the merchant or the card issuer (aka banks, credit unions, and other financial institutions). If stores are EMV-compliant, then credit card companies will still take on liability for certain fraudulent transactions. Even though there's no law requiring merchants to comply with EMV technology, it’s still a safer bet than avoiding compliance and risking liability for fraudulent transactions.

In addition to being costly, steps one and two can require a significant time investment. In some cases, becoming EMV compliant might take several weeks or longer (especially when you factor in employee training). The cost and timeline involved can vary depending on whether you're operating standalone terminal, an integrated terminal, or a proprietary terminal, in addition to other factors. If you haven’t started the process to become EMV compliant, it’s important that you do so. But we understand this can be intimidating. If you’re not sure where to start, SwipeSum Consultants are standing by and ready to help.

What Does All This Mean for the Processing Industry?

Just over a year after the October 1, 2015 Liability Shift went into effect, EMV is impacting the payment processing industry in a number of ways:

  • Credit card fraud on card-present transactions does appear to be on the decline. MasterCard reported a 54% decrease at EMV-compliant merchants between April 2015 and April 2016, while Visa reported that EMV-compliant merchants reported a 47 percent drop in 2016 relative to 2015.
  • Online credit card fraud and other fraudulent “card-not-present” transactions are on the rise. The U.S. seems to be following in the footsteps of the UK, which experienced a rise in online shopping fraud after making the switch to EMV in 2005. It is ever more critical that merchants with a high number of card-not-present transactions take additional steps to strengthen security and minimize fraudulent activity.
  • Non-EMV-compliant merchants have experienced a rise in chargebacks since the Liability Shift took place. If your business is not yet EMV-compliant, it’s critical you implement best practices for payment processing, such as verifying customers’ identities, authorizing every transaction, and maintaining transaction records that date back a minimum of 13 months.
  • Contactless payments are a growing trend, and merchants should expect to accommodate a rising number of these transactions. The good news is that most EMV-compliant equipment will be able to do so.

As you can see, there’s a lot to consider when it comes to EMV compliance. No matter your industry or payment processing needs, our team of SwipeSum Consultants is available to answer any questions you might have and help you negotiate payment processing contracts that represent your company’s best interests.

Swipesum Team

Swipesum Team

Read more

Request a CONSULTATION

Meet one of our payment processing experts to see if working together makes sense.

We will schedule a quick consultation call to go over how you're currently handling merchant services, and present a proposal at no cost.

Man smiling while folding his arms

Swipesum.Insights

SWIPESUM.CONSULTING

We help businesses make intelligent payment decisions.

Learn more about Swipesum

audit Merchant services Statements

Start with a free merchant statement audit and analysis

Schedule an audit

consultation

Connect with a payments expert and get a free initial consultation

Book consultation

By submitting this form you agree to receive information about Swipesum product updates via email as described in our Privacy Policy and Terms & Conditions.