An overview of EMV technology. EMV is a fraud-reducing technology that can help protect against losses from the use of counterfeit and lost or stolen credit cards at the point-of-sale. Card data is stored in a smart chip; rather than the magnetic stripe. (Cards will be equipped with a magnetic stripe as well, but they will eventually be phased out.) This technology is often referred to as chip-cards, or smart-cards, and adds layers of security against counterfeit fraud and theft.
Unveiling the Top Chartered Accountants in India and Their Staggering Net Worth
EMV - Is your business ready?
1. EMV Technology: Is your portfolio ready?
This presentation is brought to you by:
2. EMV is a fraud-reducing technology that can help protect
your business against losses from the use of counterfeit and
lost or stolen credit cards.
Updated EMV equipment will also allow the business owner
to process NFC (Near Field Communication) or contactless
credit cards. This includes Apple Pay, Google Wallet and
other mobile wallet payments.
The EMV implementation will go into full effect on October 1,
2015 when the liability shift takes place. The transition to full
implementation will be a gradual process.
What is EMV?
3. EMV bankcards are embedded with a
microprocessor, or smart chip, that interacts with
the merchant’s point-of-sale device to make sure
that the payment card is valid.
Cardholder data is stored in this smart chip, rather
than a magnetic stripe. The smart chip technology
adds layers of security, as a result of dynamic data.
EMV bankcard technology uses a computer and
software with 100’s of built-in security features.
The contacts on the surface of the device are
connected to wires running from a computer chip
under the surface.
How does EMV work?
4. The EMV infrastructure supports both
EMV contactless payments: simply tap
or waive the card or mobile wallet
and pay securely.
NFC Mobile Payments: provides secure
mobile payments and increased loyalty & marketing
options for issuers. (NFC = Near Field Communication)
Merchants can install dual contact/contactless POS
terminals that accept contact EMV, contactless EMV &
NFC Mobile Payments.
5. Why has there been an
EMV Delay in the US?
The migration to EMV technology in the US has been
slowed down significantly as the result of:
Infrastructure: Lack of EMV equipment in ATM
machines, as well as merchant processing solutions.
Issuers: Card Issuers have a much higher cost to
issue an EMV or “Chip” card versus issuing a
traditional magnetic stripe card.
6. October 1, 2015 Liability Shift
As of October 1, 2015, merchants will no longer be
responsible for lost or counterfeit and lost or stolen credit
cards at the point-of-sale, only if they update to an EMV
capable terminal.
The liability shift encourages chip transactions because any
chip-on-chip transaction provides dynamic authentication
data, which helps to better protect all parties.
According to Visa, with this liability shift, the party that, due
to their lack of chip technology, is the cause of a contact
EMV chip transaction not occurring, will be held financially
liable for any resulting card present counterfeit fraud losses
after October 1, 2015.
7. EMV Forecast for USA
Mobile and Near-Field-Communications transactions will top
$1 billion in 2014, and are projected to reach $58 billion by
2017
The US is set to transition more than 1.2 billion payment
cards and 8 million point-of-sale terminals to become EMV-
ready by the end of 2015
It is projected that 166 million EMV credit cards will be in
circulation in the US by the end of 2015.
The forecast predicts that large and medium-sized retailers
will transition to EMV-ready solutions first, with small and
micro-sized merchants taking longer to make the adaptations
8. BASYS EMV Strategies
Deployment of EMV Capable Terminals: BASYS deploys
only EMV capable credit card terminals for new purchases,
educating each new merchant on options regarding their
existing reprogrammable equipment.
Marketing campaigns, statements messages, personalized
phone calls & EMV introductory letters are available to inform
and educate the merchants on EMV.
Merchants do not have to purchase a new terminal, however
BASYS highly recommends that card-present merchants
consider updating their processing solution to be EMV
capable by 10/1/2015.
9. NOW: Achieve PCI Compliance!
EMV will not replace the PCI requirements and will
always be a great risk assessment tool.
.
.
.
How Can Businesses Best Prepare?
2014: Breach Insurance, Encryption
and Tokenization
2015: Update to EMV capable
equipment.
NOW
Ongoing
2015
10. What are Encryption and Tokenization?
Encryption refers to the process of masking the
credit card data while it is in motion. This can be
during the communication process from point-of-
sale to the issuing bank to obtain an authorization,
for example.
Tokenization refers to the process of exchanging
all the credit card data for randomized symbols
and creating a “token” instead. Tokenization refers
to payment data that is at rest.
11. EMV: Protect your data
against card
counterfeiting and card
losses.
Multi-Layered
Solutions:
Today’s advanced
technology increases the
threat for data breaches.
Focusing on only one or
two of these points of
entry can still leave the
merchant vulnerable.
2
1
How do EMV and Data Security Relate?
Encryption: Protects
your credit card data
while in transit during
communication mode
Tokenization: Protect
your data at rest. (e.g.
Protect data while being
stored in a secure
database)
3
12. What is PCI Compliance?
PCI Compliance refers to the responsibility of the
business owner to ensure that they are accepting
and storing debit or credit card data in the most
secure environment.
The PCI Compliance process can help you
uncover vulnerabilities or areas of concern and
can help prevent data breaches. PCI Compliance
will still apply after the US EMV Adoption.
13. The Cost and Risk of Non-Compliance
The average cost to recuperate from a credit card data
breach runs at $215 per compromised card number!
43% of merchants do not think that PCI should apply to
their business because the threat level is so small, yet
attacks are on the rise against small to medium-sized
merchants.
Recent surveys suggest that over 70% of small businesses
that are subject to a data breach don’t recover!
BASYS offers $100,000 Breach Insurance
Coverage
14. BASYS PCI Strategies
BASYS takes a proactive approach to PCI
A Dedicated PCI Specialist to manage your bank’s
portfolio
Upon boarding, merchants are contacted within the
first 30 days
Quarterly scans to detect internet vulnerabilities
Non-compliance reports available to manage your
non-compliant merchants
A magnetic stripe card – in comparison – holds only static data (always the same, never changing)
PIN = (personal identifiable number)
The party that is the cause of a contact chip transaction not occurring will be financially liable for any resulting card present counterfeit fraud losses.
The liability shift has already started in other continents since 2006 and has continued to shift as more and more countries have adopted the EMV technology.
Normally, prior to the EMV introduction and liability shift, the card ISSUER is liable for fraudulent transactions. However, after a liability shift is implemented, if the merchant’s Point of Sale does not support EMV, then the merchant will be liable for the fraudulent transactions.
Breach Insurance is an insurance product that offers a set amount of coverage to use to recuperate from a potential data breach.
Breach insurance is generally a policy that does not have a deductible and the payments are a low monthly amount. Tokenization and encryption are additional fraud protection measurements specific to credit card acceptance and render the card data unrecognizable throughout the transmission process.
Tokenization replaces payment card data and replaces with a token
Encrypts card data prior to transmission and protects throughout the entire transmission process
PCI is short for PCI DSS, which stands for Payment Card Industry Data Security Standard.
PCI DSS is a set of comprehensive requirements to help ensure the safe handling of cardholder data throughout the payments chain.
PCI DSS was developed by PCI Security Standards Council (PCI SSC), which is comprised of the five major payment brands.
The most commonly used term “PCI Compliance” stands for “Payment Card Industry Compliance”.
Recuperating from a data breach is not only costly, but also time consuming. Ongoing security audits will be required and the merchant will need to implement all missing requirements at once
Merchants who do not achieve compliance may be subject to non-compliance penalties and large fines in the event of a actual data breach.
Non-Compliance fees from processors easily range from $19.99 to $49.99 or higher per month
PCI is short for PCI DSS, which stands for Payment Card Industry Data Security Standard.
PCI DSS is a set of comprehensive requirements to help ensure the safe handling of cardholder data throughout the payments chain.
PCI DSS was developed by PCI Security Standards Council (PCI SSC), which is comprised of the five major payment brands.
The most commonly used term “PCI Compliance” stands for “Payment Card Industry Compliance”.