Skip to content

How EMV Compliance Fits In With Other Regulations

chip credit card
In today’s Point of Sale environment, data security is more important than ever. Stories about massive credit card data breaches seem to appear regularly in the news. As a result, retailers want to do everything they can to avoid being the next victim. In order to increase security and protect against fraud, the industry is working to adopt standards such as EMV, among others.

As the Fraud Liability Shift Date for EMV Compliance approaches on October 1, 2015, retailers are working to make sure they are meeting these standards. In addition to this, are there other regulations to consider, and if so, how does EMV compliance fit in?


The main regulation that retailers need to be aware of is the Payment Card Industry Data Security Standard (PCI DSS). This regulation encourages retailers to meet security standards by building and maintaining a secure network and systems, protecting cardholding data, maintaining a vulnerability management program, implementing strong access control measures, regularly monitoring and testing networks, and maintaining an information security policy.

Essentially, the PCI standard requires retailers to protect cardholder data against a security breach by installing and maintaining firewalls, using strong passwords rather than vendor-supplied defaults, encrypting data when it is transmitted, protecting their systems against viruses and malware, monitoring access to cardholder data, and regularly testing their security systems. Following these policies will help retailers avoid data breaches and keep them from incurring penalties.


The latest full version of the PCI standard, version 3.0, was released in November 2013 (version 3.1 was released in April 2015, but it mostly consists of clarifications to the language in version 3.0). This version of the standard connects the regulation to End to End Encryption (E2EE) solutions. Retailers who utilize E2EE encrypt cardholder data when it is sent to payment processors for authorization, ensuring that no credit card numbers are stored in their local POS systems. This greatly reduces the possibility of a data breach.

Implementing E2EE will allow retailers to remove themselves from PCI scope, meaning that since they do not store any cardholder data, they are not subject to regulations related to maintaining the security of this data and protecting it from a breach. This solution can greatly reduce the risk, burden, work, and cost of maintaining data security.

If you’re interested in implementing an E2EE solution, we recommend POINT by Verifone.

If you want to know more about how to implement E2EE or if you have any questions about EMV compliance or PCI standards, please contact us.

Contact Us