EMV Myths

-For more infomation on how to protect

your business contact TRCG

Myth #1:

Implementing EMV in your retail store is required and will be enforced by a government regulation or security council

If you are a U.S. retail store operator, no government agency

or industry association is requiring you to implement EMV.

You will not be fined if you do not implement EMV by the

often referred to “deadline date” of October 1, 2015. This is

not a deadline. It is your decision whether or not you want to

implement EMV – there is no requirement.

 

However, since the liability rules change on October 1,

any retailer that hasn’t implemented EMV by this date

may be liable for a fraud resulting from a magnetic -

stripe payment.

Customer using an Ingenico ISC250 Credit Card Reader

Myth #6:

If you don’t implement EMV, you won’t be able to accept credit cards after October 1, 2015

Myth #2:

If you don’t implement EMV you are liable for all fraudulent electronic transactions.

If you don’t implement EMV, the merchant does not automatically incur liability for all fraudulent electronic transactions. The liability shift applies to whomever is not able to process EMV transactions. If the issuer does not provide EMV capable cards or the acquirer is unable to process EMV transactions the liability will apply to them instead of the merchant. For the liability to shift to the merchant, an EMV card must be processed at the site by an acquirer that supports EMV transactions on a payment terminal that does not support EMV.

Myth #3:

Once you implement EMV, you will no longer be able to accept credit cards with magnetic stripes

Even if you don’t implement EMV-enabled payment devices by October 1, your business will still run the same as it did on September 30, aside from the liability shift. Both older magnetic stripe cards and newer EMV cards can be accepted by non-EMV merchants, as the new chip cards will also have magnetic stripes available for that very reason.

Myth #7:

Transitioning to EMV is as simple as plugging in a new payment terminal.

Making your store EMV-ready can involve lots of discussions,

questions and planning about many different things: your POS system, your payment processor and the right kind of payment terminal devices. It’s also crucial that you understand the impact that EMV technology will have on your operation; be prepared to train your staff appropriately and assist customers with using their EMV credit cards.

Believe it or not, magnetic stripes on credit cards are going

to be with us for quite some time. If you’re EMV-ready, when a customer pays with an older magnetic stripe credit card you’ll simply swipe it through your new payment terminal’s card reader. So regardless of whether or not you have implemented EMV, you’ll be able to take all credit cards in your retail store.

Myth #4:

EMV protects your retail store from a data security breach.

Remember – implementing EMV alone will not protect your retail store from being hacked. While EMV helps protect you from counterfeit card use, it’s not the end-all, be-all of store data security. There are measures that you can put into place that are not provided by EMV – such as encrypting credit card data as it passes through your network – that will safeguard your store from a data breach as well as give you greater peace-of-mind.

Myth #8:

EMV provides P2P capabilities.

EMV and Point-to-Point Encryption (P2P) are two separate

technologies that address different security concerns and require independent implementations. EMV focuses on securing credit card counterfeit fraud while P2P focuses on securing track and account information in store systems.  EMV transactions without P2P will expose track equivalent data and account information in the clear to payment applications. As a merchant you must decide if you want to implement P2P capabilities in addition to EMV and confirm that both your host and pin-pad provider support a common encryption scheme required for implementation.

Myth #9:

Debit cards cannot be processed unless US Common AID (US Debit) is implemented.

Myth #5:

EMV will rapidly achieve mass adoption by both

credit card issuers and other retail stores

Estimates are that only 20 to 30 percent of cardholders in the

United States will have new EMV-ready cards by October 1, 2015. Meanwhile, industry experts are saying that it will take at least 3-5 years in order for EMV to reach full acceptance in the U.S., and in Europe the adoption took much longer. So know that it’s going to take a while for everyone to finally make the transition to EMV

 

To comply with Durbin’s routing requirements, debit cards for the US market will include two or more AIDs.  The cards will include Global AIDs that will enable cards to be processed with the card brand (e.g. Visa, MC, Amex, Discover) and US Common AIDs that will enable cards to be routed to the merchant’s debit network or choice. Until support for the US Common AID is implemented, POS

systems may process these cards using the Global AID that is specific to a single processor. This will still allow cards to be processed, but will not enable cards to be routed to the merchant’s processor of choice. Further, in most cases the Global AID will result in the cards being processed as Credit transactions, which will restrict the ability to offer cash back or fuel using debit specific pricing.

Myth #10:

EMV is a requirement for complying with PCI Data

Security Standards.

You don’t need to implement EMV in order to be compliant with PCI Data Security Standards. While EMV can be one component of your data security strategy, it is not required nor mandated by PCI Data Security Standards, nor will implementing EMV make you PCI compliant.

 

2016 | DESIGN BY THE RETAIL COMPUTER GROUP