As the payment card industry takes steps to address security issues and protect themselves and their customers against credit card fraud, retailers are taking action to meet EMV Compliance standards. But while the need for increased security is evident, how does the technology behind this shift work?
EMV credit cards contain a computer microchip embedded within the card. This chip stores the cardholder data in a way that is nearly impossible to counterfeit. The chip also makes card processing more secure by using a unique cryptogram to produce a one-time use code for each transaction made using the card.
Credit card readers which are EMV compliant will require the customer to insert the card into the terminal and leave the card in the terminal until the transaction has been completed. Some terminals will also use NFC (Near Field Communication) that will allow for "tap & pay" options or mobile payments using smartphones or smart watches.
Cardholder Verification Methods
During an EMV card transaction, the payment terminal and the chip embedded on the card will agree on the cardholder verification method (CVM) required to complete the transaction. There are several possible CVM options:
- Signature – Most cards issued in the United States use this method, in which the cardholder’s signature is compared with the signature on the card.
- Online PIN – The cardholder will enter their Personal Identification Number (PIN), which is then encrypted and sent to the card issuer for verification.
- Offline PIN – The PIN entered by the cardholder is compared with the PIN stored in the chip, and only the result is sent to the card issuer.
- No CVM – Used for low-value, low-risk transactions or transactions made at unattended POS locations.
- Consumer Device Cardholder Verification Method (CDCVM) – This method is used for transactions made with mobile devices. Depending on the device, cardholders may be able to use their personal passcode or a method such as biometric identification.
The Fraud Liability Shift Date for EMV Compliance is October 1, 2015. After this date, retailers which have not met EMV Compliance will assume the liability for credit card fraud. If you have any questions about EMV Compliance or would like to know more about how Level 10 can help you make sure you are protected from credit card fraud, please contact us.