Unitec is committed to ensuring our customers remain compliant with industry standards and applicable legal requirements.
EMV FREQUENTLY ASKED QUESTIONS:
I’m not sure how to estimate the potential cost associated with this liability risk, can you explain it? Sure. The risk occurs when the cardholder data from an EMV card is used to create a fraudulent magnetic stripe card. If this card is then used at an EMV terminal, the terminal will detect that the card was issued with a chip (EMV card) and will not allow processing by the magnetic stripe. A non-EMV terminal would not have this capability and would process the fraudulent card. Should this happen, the merchant would lose the revenue from that wash sale and could be liable for a chargeback fee from the card company. The liability shift does not apply if the original card was not issued with a chip (mag stripe only) or if the sale was completed with a stolen EMV card.
Will use of EMV prevent data breaches? No. Payment card system criminal activity can be either fraud or data theft. Fraud is making a payment using another person’s card. Data theft involves stealing or collecting cardholder information such as account number, name and expiration data for later fraudulent use. As a merchant, using EMV-capable devices in the right manner can help reduce the possibility that a fraudulent card will be used for payment. EMV does not prevent the theft of data or a data breach, which can still occur through methods such as network malware.
Do I need to upgrade to EMV for PCI compliance? No. PCI requirements are separate and compliance is not at risk if you don’t upgrade for EMV.
I’ve heard that EMV cards will not work with my terminal unless I upgrade, is that true? No. The chip cards issued in the U.S. will still have magnetic stripes and can still be processed with legacy terminals.
Is EMV the same as Chip and PIN? Not exactly. EMV stands for Europay/Mastercard/Visa who formed the organization that originally introduced this payment method. The cards are referred to as chip cards as there is a computer chip mounted on the surface. In some cases, the cardholder must enter a PIN (Personal Identification Number) to verify they are the owner of the card. Applications that require a PIN are referred to as ‘Chip and PIN”. Similarly, applications that require a signature are sometimes known as “Chip and signature.”
Will I need to also to upgrade my terminal to accommodate PIN entry? Not likely for car wash applications. Card issuers will accept chip with no PIN and no signature for “low-value, low-risk” transactions.
How can I determine if a terminal with an EMV card reader is approved for use in my business? It’s best to check with your credit card processor first. Each of the major card brands require an ‘end to end’ certification before EMV cards can be accepted. The credit card processor (or acquirer) is responsible for this certification and should be able to identify the products that have been certified.
DEFINITIONS: ApplePay: A mobile payment method using an Apple iPhone 6 and a NFC reader, or through a web app. Introduced Oct 2014, allows the use of most credit cards encoded as “tokens”. Requires registration and setup through Apple. Chip Card or Smart Card: A credit card issued with an embedded microprocessor, used in EMV payment applications. Chip and Pin: A payment acceptance method requiring presence of a chip card and the use of a Personal Identification Number (PIN) for identification. Contactless Payment: A method of passing cardholder data without requiring contact of the card or device, such as through NFC. EMV: A payment acceptance method created by an alliance between Europay, MasterCard and Visa. If has been in use in Europe and other parts of the world for around a decade, and is being introduced into the U.S. presently. An alternative to Magnetic Stripe. Google Wallet: A mobile payment method using a mobile device and an NFC reader or web app. Links a user’s credit cards or accounts to a Debit MasterCard. Requires registration and setup through Google. Liability Shift: Occurs in Oct 2015 for POS merchants, and Oct 2017 for AFD (Automatic Fuel Dispensers) and ATMS. From Visa’s website: Magnetic Stripe (Mag Stripe): A credit card with a stripe of magnetic material on the back which contains the account number, expiration date and verification code which can be read by swiping through a card reader. Prevalent in the U.S. at this time. Mobile Payment: A method of payment and payment acceptance using mobile devices instead of a plastic credit card for storing and passing on account information. ApplePay and Google Wallet are two examples of mobile payment methods. NFC: Near-field communications, a technology used to pass information between a card or device such as a mobile phone, and a reader, without swiping or inserting the device into the reader. PCI: Payment Card Industry, whose Security Standards Council sets standards for securing credit card and PIN debit transactions? Not directly related to EMV or NFC, but rather a set of standards which checks information flow throughout financial transactions to ensure that data is secure and encrypted when appropriate to minimize risk of data breaches and inadvertent personal financial information disclosure. All merchants accepting credit or debit cards or storing cardholder data are typically required to be compliant with PCI DSS standards. Payment applications such as Unitec’s systems which are used to process transactions are generally required to be compliant with PCI PA-DSS standards, or Payment Application Data Security Standards. PIN devices are measured against the PCI PIN Transaction Security (PTS) standards. Token: A dynamic, random string of alpha-numeric characters representing a credit card during an individual transaction. The token changes with each use, which reduces the risk of unauthorized account use due to a data breach.
7125 Troy Hill Drive
Elkridge, MD 21075