The document discusses the implementation of EMV technology to reduce fraud from counterfeit and lost or stolen credit cards, which requires merchants to upgrade their point-of-sale equipment by October 1, 2015. EMV cards contain a microprocessor that enhances security through dynamic data, and the transition to EMV in the U.S. faces delays due to infrastructure and costs. Additionally, it emphasizes the importance of PCI compliance and offers strategies for businesses to prepare for the shift to EMV, including encryption and tokenization to protect payment data.

1. EMV Technology: Is your portfolio ready?
This presentation is brought to you by:

2.  EMV is a fraud-reducing technology that can help protect
your business against losses from the use of counterfeit and
lost or stolen credit cards.
 Updated EMV equipment will also allow the business owner
to process NFC (Near Field Communication) or contactless
credit cards. This includes Apple Pay, Google Wallet and
other mobile wallet payments.
 The EMV implementation will go into full effect on October 1,
2015 when the liability shift takes place. The transition to full
implementation will be a gradual process.
What is EMV?

3.  EMV bankcards are embedded with a
microprocessor, or smart chip, that interacts with
the merchant’s point-of-sale device to make sure
that the payment card is valid.
 Cardholder data is stored in this smart chip, rather
than a magnetic stripe. The smart chip technology
adds layers of security, as a result of dynamic data.
 EMV bankcard technology uses a computer and
software with 100’s of built-in security features.
The contacts on the surface of the device are
connected to wires running from a computer chip
under the surface.
How does EMV work?

4. The EMV infrastructure supports both
 EMV contactless payments: simply tap
or waive the card or mobile wallet
and pay securely.
 NFC Mobile Payments: provides secure
mobile payments and increased loyalty & marketing
options for issuers. (NFC = Near Field Communication)
 Merchants can install dual contact/contactless POS
terminals that accept contact EMV, contactless EMV &
NFC Mobile Payments.

5. Why has there been an
EMV Delay in the US?
The migration to EMV technology in the US has been
slowed down significantly as the result of:
 Infrastructure: Lack of EMV equipment in ATM
machines, as well as merchant processing solutions.
 Issuers: Card Issuers have a much higher cost to
issue an EMV or “Chip” card versus issuing a
traditional magnetic stripe card.

6. October 1, 2015 Liability Shift
 As of October 1, 2015, merchants will no longer be
responsible for lost or counterfeit and lost or stolen credit
cards at the point-of-sale, only if they update to an EMV
capable terminal.
 The liability shift encourages chip transactions because any
chip-on-chip transaction provides dynamic authentication
data, which helps to better protect all parties.
 According to Visa, with this liability shift, the party that, due
to their lack of chip technology, is the cause of a contact
EMV chip transaction not occurring, will be held financially
liable for any resulting card present counterfeit fraud losses
after October 1, 2015.

7. EMV Forecast for USA
 Mobile and Near-Field-Communications transactions will top
$1 billion in 2014, and are projected to reach $58 billion by
2017
 The US is set to transition more than 1.2 billion payment
cards and 8 million point-of-sale terminals to become EMV-
ready by the end of 2015
 It is projected that 166 million EMV credit cards will be in
circulation in the US by the end of 2015.
 The forecast predicts that large and medium-sized retailers
will transition to EMV-ready solutions first, with small and
micro-sized merchants taking longer to make the adaptations

8. BASYS EMV Strategies
 Deployment of EMV Capable Terminals: BASYS deploys
only EMV capable credit card terminals for new purchases,
educating each new merchant on options regarding their
existing reprogrammable equipment.
 Marketing campaigns, statements messages, personalized
phone calls & EMV introductory letters are available to inform
and educate the merchants on EMV.
 Merchants do not have to purchase a new terminal, however
BASYS highly recommends that card-present merchants
consider updating their processing solution to be EMV
capable by 10/1/2015.

9. NOW: Achieve PCI Compliance!
EMV will not replace the PCI requirements and will
always be a great risk assessment tool.
.
.
.
How Can Businesses Best Prepare?
2014: Breach Insurance, Encryption
and Tokenization
2015: Update to EMV capable
equipment.
NOW
Ongoing
2015

10. What are Encryption and Tokenization?
Encryption refers to the process of masking the
credit card data while it is in motion. This can be
during the communication process from point-of-
sale to the issuing bank to obtain an authorization,
for example.
Tokenization refers to the process of exchanging
all the credit card data for randomized symbols
and creating a “token” instead. Tokenization refers
to payment data that is at rest.

11. EMV: Protect your data
against card
counterfeiting and card
losses.
Multi-Layered
Solutions:
Today’s advanced
technology increases the
threat for data breaches.
Focusing on only one or
two of these points of
entry can still leave the
merchant vulnerable.
2
1
How do EMV and Data Security Relate?
Encryption: Protects
your credit card data
while in transit during
communication mode
Tokenization: Protect
your data at rest. (e.g.
Protect data while being
stored in a secure
database)
3

12. What is PCI Compliance?
PCI Compliance refers to the responsibility of the
business owner to ensure that they are accepting
and storing debit or credit card data in the most
secure environment.
The PCI Compliance process can help you
uncover vulnerabilities or areas of concern and
can help prevent data breaches. PCI Compliance
will still apply after the US EMV Adoption.

13. The Cost and Risk of Non-Compliance
 The average cost to recuperate from a credit card data
breach runs at $215 per compromised card number!
 43% of merchants do not think that PCI should apply to
their business because the threat level is so small, yet
attacks are on the rise against small to medium-sized
merchants.
 Recent surveys suggest that over 70% of small businesses
that are subject to a data breach don’t recover!
 BASYS offers $100,000 Breach Insurance
Coverage

14. BASYS PCI Strategies
BASYS takes a proactive approach to PCI
A Dedicated PCI Specialist to manage your bank’s
portfolio
Upon boarding, merchants are contacted within the
first 30 days
Quarterly scans to detect internet vulnerabilities
Non-compliance reports available to manage your
non-compliant merchants

15. THANK YOU