EMV is the acronym for Europay, Mastercard, and Visa, the three companies that founded the standard. EMVCo, the organization that manages the specifications today, includes these founders along with Discover, JCB, UnionPay, and American Express. An EMV card is a type of smart card. It can be a card that needs to be inserted into a card reader or a contactless card that uses NFC (near field communication) technology.
EMV cards have quickly become an integral part of keeping businesses and their customers secure. Chip cards work to protect businesses by decreasing losses and fraud liability related to credit card fraud and creating a safer payments ecosystem.
Hence, most debit and credit cards these days are EMV cards. When you look at your EMV payment card, you will see a small, shiny, square chip on it—this is the EMV chip. EMV cards are much safer than traditional magnetic strip cards, as the chip generates a unique verification code for each transaction.
Data is stored on the IC (integrated circuit) chip of an EMV card, as well as the magnetic strip. This allows EMV cards to be backward compatible, which means that they can be used on older card readers and payment terminals. These cards are also known as IC cards, chip cards, and integrated circuit cards. Card issuers can choose various authentication methods like digital signatures or PINs for their EMV cards. Depending on the authentication method, EMV cards can also be called chip-and-signature or chip-and-PIN cards.
Figures published by EMVCo in 2023 show that there were 13.9 billion EMV cards in circulation worldwide and that 88.6% of card-present transactions globally were made with EMV technology.
TL;DR
- EMV is an acronym for Europay, Mastercard, and Visa, as these are the three companies that came together to create the EMV standard. An EMV card is a type of smart card. It can be a card that needs to be inserted into a card reader or a contactless card that uses NFC (near field communication) technology.
- EMV chip cards are more secure because they contain a microchip that generates a code for each transaction. This code is unique and cannot be reused, so even if the cardholder’s information is obtained from stolen cards, if the card is copied, or if the credit card number falls into the wrong hands, fraudsters wouldn’t be able to complete a transaction.
- The first step to implementing EMV chip technology is to ensure that you have the right equipment. In some cases, you may also need to guide your customers on how to use an EMV debit or card payment card.
The history of EMV
Europay, Mastercard, and Visa were the founding members of this standard, creating the name EMV in 1993. They were later joined by Discover, JCB, UnionPay, and American Express to form EMVCo.
The first version of EMV came out in 1994, although it took a few years before it saw widespread use across Europe. Issuers in Europe adopted this standard because phone line card authorization was prohibitively expensive for them. Due to international call rates, the cost to authenticate cards was 80 to 90 percent higher in Europe.
The United States did not start its EMV migration until 2015. Companies were slow to adopt the more secure payment system because of the expense and lack of synchronization among retailers, credit card providers, and banks.
On October 1, 2015, an EMV liability shift was created. The EMV liability shift dictates that the party—either the merchant or the card issuer—that uses the less secure technology (i.e., magstripe) is liable for counterfeit card fraud if the other party uses EMV technology.
EMV cards have now become the standard, as they are more secure and smarter than magnetic stripe cards or cash transactions.
How EMV chip technology works
EMV chip cards are more secure because they contain a microchip that generates a code for each transaction. This code is unique and cannot be reused, so even if the cardholder’s information is obtained from stolen cards, or if the card is copied, or if the credit card number falls into the wrong hands, fraudsters wouldn’t be able to complete a transaction.
In contrast, card transactions involving magnetic stripe cards are less secure because magstripe cards are only able to store static information. This makes it easy to produce counterfeit cards. An EMV chip card needs to be inserted into a special slot in the card reader or POS terminal to complete a process that is called “dipping.” The process is called “dipping” because the card must remain in the reader until the transaction is complete, forcing the customer to wait for the unique code exchange. Newer protocols like Quick Chip have significantly reduced this wait time. In comparison, a magnetic strip card is swiped at the payment terminal so that the static card data can be read.
It must be noted that during the transaction, the EMV chip transmits a unique, dynamic cryptogram (authentication code) rather than the card’s static primary account number (PAN). The card number (PAN) is technically sent, but the dynamically generated code prevents a fraudster from reusing the transaction data. This cryptogram, which is verified by the card issuer in real-time, is used to authenticate the transaction and confirm the card’s physical presence.
Once an EMV card is inserted, the data on the computer chip is read, and the card is verified by the terminal. As the EMV verification process is more complex than that of magnetic strip cards and because a unique code is generated each time the card is used, it takes a bit longer to complete a dipped transaction.
While signature was initially common, major card networks (Visa, Mastercard, Amex, Discover) eliminated the signature requirement for card-present transactions in the US in 2018. Chip-and-signature cards still exist, but merchants are no longer required to capture, verify, or store the signature, making chip and PIN and contactless the dominant authorization methods. Chip-and-PIN transactions are more popular outside the US where a customer types in a four-digit PIN during payment processing. In general, the latter is considered to be safer.
Newer EMV cards can also be used for contactless payments. Customers can simply tap or wave the card across an EMV-enabled terminal, and the card will generate a one-time code for the transaction.
From the customer’s side, using a card with EMV chip technology is quite simple. They present the card at the point of sale (POS), but instead of swiping it, the shopper dips or taps their card using the merchant’s card reader. Once the transaction is authorized, they can proceed with the sale.
EMV cards are safer
Previous methods using magnetic-stripe cards meant that cashiers had to look at the card and signature to verify a purchase. Card information on these cards is stored statically, meaning that it can be pulled from the stripe with a simple piece of hardware.
The chip in the EMV cards provides stronger security for transactions through cryptographic algorithms, uniquely encrypting the data each time you use it. Authenticating your purchases are made easier with the use of a personal PIN number, instead of requiring a signature.
EMV cards provide a two-fold confirmation during card-present transactions, using the physical card and the customer’s PIN. This verifies the cardholder, allowing the one-time-password (OTP) generated by the chip to be confirmed and approved. In situations of card-not-present purchases, these options are unavailable, as the card won’t be in the merchant’s hands, making it easier to exploit than retail fraud. Some methods and tools for ecommerce sites to implement verification include:
- Continue PCI compliance and follow the specific rules for data security and management.
- Verify card security codes.
- Use an address verification service (AVS).
- Analyze priority shipping requests (especially if free shipping is offered).
- Validate unusual orders from repeat and regular customers.
- Confirm the phone number and transaction information before shipping products.
- Implement tokenization. This replaces the card number with a non-sensitive token for stored or recurring payments, which is the primary way to reduce the merchant’s PCI scope.
- Take advantage of fraud prevention services, such as 3D Secure 2.0 (Verified by Visa or Mastercard Identity Check). Using 3D Secure for CNP transactions is the single best way to shift the fraud liability away from the merchant and back to the card issuer.
Keeping a well-maintained authentication system will significantly reduce your business’s risk while your customers enjoy the ease of purchasing your products with a business that establishes trust and security with CNP payments.
EMV cards are smart
Every chip on an EMV card contains an embedded microprocessor, a type of small computer that provides strong security features and other capabilities not possible with traditional magnetic stripe cards.
When you insert this card into a terminal, the reader is able to exchange data with the card easier. Contactless EMV cards allow for an exchange of data via radio frequency without the card ever leaving the customer’s hand. They use NFC (near field communication) to transmit the EMV-formatted data from the chip to the terminal, allowing for secure transactions without physical insertion.
For low-value contactless transactions, a signature or PIN is not required. However, for high-value purchases, the card issuer can require the customer to enter their PIN or use a biometric (e.g., Face ID on a mobile wallet) to complete the transaction. The cashier also does not have to print out a receipt unless specified by the customer.
How to implement EMV chip technology in your business
The first step to implementing EMV chip technology is to ensure that you have the right equipment. Your credit card readers must be EMV enabled in order to support chip-and-pin and chip-and-signature transactions.
The good news is that most credit card terminals these days can support EMV, so if you recently purchased your credit card machines, they’re likely EMV-compliant.
If this isn’t the case, contact your payment processor or hardware provider to discuss your options.
If you already have an EMV card reader or EMV terminal, you should be good to go from the technical side of things. You may need to orient your staff on how to use the terminals if they’re unfamiliar with the technology.
In some cases, you may also need to guide your customers on how to use an EMV debit or credit card.
Final words
As more transactions become digitized, data security is of the utmost importance.
Additionally, businesses and their customers need to be educated on how they are transferring money and the tech behind these products that protect their payments.
With Stax, data security is simple. Learn how Stax can help you secure your payments and streamline your payment process.
FAQs about EMV technology
Q: What does EMV stand for?
EMV stands for Europay, Mastercard, and Visa. These are the three companies that came together to create the EMV standard.
Q: What is an EMV card?
An EMV card is a type of smart card containing a microchip that generates a unique code for each transaction. This makes EMV cards more secure than traditional magnetic stripe cards.
Q: How does an EMV card work?
When an EMV card is inserted into a card reader, the terminal reads the data on the chip and verifies it. The card generates a unique code for each transaction, which is used to authenticate the transaction.
Q: What is the purpose of EMV technology?
The primary purpose of EMV technology is to enhance the security of payment transactions. The technology helps decrease losses and fraud liability related to credit card fraud, creating a safer payments ecosystem.
Q: How prevalent is the use of EMV cards?
Figures published by EMVCo in 2023 show that there were 13.9 billion EMV cards in circulation worldwide, and that 88.6% of card-present transactions globally were made with EMV technology.
Q: What are the different types of EMV cards?
EMV cards can be categorized based on their authentication method. They can be chip-and-signature or chip-and-PIN cards. More modern EMV cards also support contactless payments.
Q: What is the difference between chip-and-PIN and chip-and-signature cards?
Chip-and-PIN transactions require the customer to type in a PIN during payment processing, while chip-and-signature transactions require the customer to sign on the receipt to complete the transaction.
Q: What are contactless EMV cards?
Contactless EMV cards are a newer type of EMV card that supports contactless payments. Customers can tap or wave the card across an EMV-enabled terminal, and the card generates a one-time code for the transaction.
Q: How to implement EMV technology in a business?
To implement EMV technology, businesses need to have EMV-enabled credit card readers. They might also need to provide guidance to staff and customers on how to use EMV cards.
Q: What is the history of EMV technology?
Europay, Mastercard, and Visa created the EMV standard in 1993. Over the years, other companies joined them to form EMVCo. The first version of EMV was released in 1994, and it gained widespread use across Europe over the following years. The United States started its EMV migration in 2015.
Q: What is the EMV liability shift?
The EMV liability shift, created on October 1, 2015, required businesses to be able to accept EMV cards or risk being liable for fraudulent transactions. This pushed for synchronization across retailers, credit card providers, and banks.
Q: How do EMV cards enhance transaction security?
The chip in EMV cards provides stronger security for transactions through cryptographic algorithms, uniquely encrypting the data each time the card is used. The cardholder’s personal PIN number or the physical card itself helps authenticate purchases.
