The Security Behind The Europay, MasterCard And Visa Shift

Editor’s note: Suneera Madhani, CEO and Founder of Fattmerchant.

If you regularly accept payments from magnetic stripe debit or credit cards, you might as well post your customer’s credit card information on Google AdWords. Credit card fraud has become far too common, putting both consumers and businesses at risk.

According to the U.S. Federal Trade Commission, 37 percent of fraudulent transactions in 2014 were from counterfeit credit cards, and 23 percent from cards that were either lost or stolen. With debit and credit cards making up the vast majority of consumer transactions, and in all likelihood they’re not going anywhere anytime soon, new technology needs to be implemented in order to safeguard our swipes. Enter EMV.

EMV stands for Europay, MasterCard, Visa. At its simplest, it is a technological advancement in credit cards that implements a microchip instead of a magnetic stripe, providing stronger security for a reduction in fraudulent transactions.

One notable benefit of EMV cards is interoperability. Whereas travelers have faced difficulty at times using their personal credit cards in different countries, the standard features of EMV allow consumers to safely use the credit cards globally within the EMV infrastructure – international commerce with ease.

The true benefit is the added security. Think of a magnetic-stripe credit card as a high-security vault. Although laymen might not be able to penetrate the highly guarded steel walls, for a skilled fraudster it’s just a matter of dodging a few laser beams and cracking the code to open it – a concurrently impressive and abhorrent activity and the cyber equivalent of Ocean’s Eleven. However, comparatively, an EMV card’s microchip is more like an M. C. Escher drawing of Fort Knox. Unlike the traditional magnetic stripe card, it is virtually impossible to create a counterfeit EMV card that successfully runs a transaction. Consumers and businesses, rejoice.

The Breakdown

The greater security for EMV can be broken down into three separate but related components: card authentication, cardholder verification and transaction authorization.

The microchip is encoded with cryptographic algorithms that validate the card upon processing. EMV transactions also eliminate cyber trails by creating unique transaction data, so any data that is captured cannot be used to run new transactions. Verification of the cardholder prevents fraudulent activity from lost or stolen cards.

To check if the cardholder is indeed the person to whom the card belongs, there are PIN and signature safeguards supported by EMV. It most importantly uses issuer-specific keys for personalization of the cards, so it learns the transaction patterns of the consumer. 

What Does This Mean For Small Business Owners?

This technology undoubtedly yields greater protection for both the business and its customers. However, merchants must also understand this advancement has created a liability shift. Instead of the banks, it will be the merchants who are held accountable for any fraud that occurs from processing magnetic stripe cards.

By October 2015, merchants’ equipment will need to be updated in order to accept payments from EMV cards. If the equipment isn’t updated, the company could lose out on business and/or be held liable for any potential fraudulent activity.

The bottom line for your business? Make sure your equipment is updated and EMV-compatible. To update processing equipment, the merchant should ask their merchant services provider about terminal options; these could include a terminal exchange program, purchasing the machine outright or leasing the equipment.

Terminal options will vary among providers. Companies that offer exchange or swap programs may offer the option of paying an upcharge for new equipment in exchange for the old. This charge is typically a discounted amount for the cost of a new terminal, so it may only be $175 instead of $250, for example. Purchasing EMV-compatible terminals outright will cost between $200 and $300 for the standard plug-and-play machines.

Wireless terminals will put you out about $450 at cost. Ask your merchant services provider what equipment they offer for purchase, and if it is locked or proprietary. This way you can look up the model online to be sure they aren’t placing a huge upcharge on it, and ensure it isn’t proprietary so you can use it with another provider if you end up switching.

If you aren’t interested in purchasing your equipment outright, you may be able to lease it from your provider. They will charge a monthly rental fee; this may be month-to-month or it may have a set term limit, i.e. 36 months. Ensure you read the fine print if you’re thinking about leasing so you understand all of the terms of the program.