EMV, which stands for Europay, MasterCard and Visa, is the technology behind that tiny microchip that’s showing up on new credit and debit cards everywhere in the U.S. and Canada. This tiny little chip has huge benefits when it comes to protecting against fraud for card-present transactions. It offers better data security than magnetic stripe transactions and makes counterfeiting a card next to impossible.
3. 3
What
is
EMV?
EMV,
which
stands
for
Europay,
MasterCard
and
Visa,
is
the
technology
behind
that
?ny
microchip
that’s
showing
up
on
new
credit
and
debit
cards
everywhere
in
the
U.S.
This
?ny
liFle
chip
has
huge
benefits
when
it
comes
to
protec?ng
against
fraud
for
card-‐present
transac?ons.
It
offers
beFer
data
security
than
magne?c
stripe
transac?ons
and
makes
counterfei?ng
a
card
next
to
impossible.
Suzi Smith
Understanding
EMV
&
the
Technology
that
Powers
EMV
Cards
Embedded
Microchip
Embedded
Antenna
This
microprocessor
chip
is
what
turns
the
card
into
a
smart
card
and
enables
it
to
communicate
secure
EMV
transac?on
data
to
an
EMV
terminal.
This
antenna
connects
to
the
embedded
microchip
and
communicates
the
secure
EMV
transac?on
data
to
a
point
of
sale
terminal
via
NFC
technology.
4. 4
Ways
to
Accept
EMV
Contact
EMV
Contact
EMV
payments
require
a
customer
to
put
their
EMV
card
into
the
slot
of
an
EMV
terminal.
While
the
card
remains
in
the
terminal,
the
embedded
chip
and
the
terminal
communicate
to
verify
the
card
is
real
and
to
validate
the
cardholder’s
iden?ty.
Understanding
the
3
Ways
EMV
Payments
Can
Be
Accepted
Contactless
EMV
Contactless
EMV
payments
allow
customers
to
tap
their
card
against
the
EMV
terminal,
enabling
the
terminal
to
communicate
with
the
card’s
embedded
antenna
via
NFC
technology
while
s?ll
using
the
EMV
security
standards.
Mobile
EMV
Mobile
EMV
payments
allow
customers
to
upload
their
EMV
card
creden?als
onto
their
mobile
phone.
Then,
when
it’s
?me
for
payment,
a
customer
can
tap
their
phone
against
the
terminal,
which
then
communicates
with
the
phone’s
antenna
via
NFC
technology,
while
s?ll
using
the
EMV
security
standards.
Suzi Smith
SuziSmith
Suzi Smith
è
è
Suzi Smith
è
5. 5
EMV
Chip
&
PIN
Chip
&
PIN
The
EMV
terminal
requires
the
customer
to
enter
their
PIN
to
verify
their
iden?ty.
Understanding
How
EMV
Authen?cates
the
Cardholder
Chip
&
Signature
The
EMV
terminal
prompts
and
requires
the
customer
to
sign
for
the
transac?on.
+
+
The
EMV
card
and
EMV
terminal
communicate
and
work
to
nego?ate
the
highest
level
of
security
available
to
determine
if
a
PIN
or
signature
will
be
required
for
the
Contact
EMV
payment.
SuziSmith
SuziSmith
6. What
Happens
When
an
EMV
Transac>on
is
Processed?
Understanding
the
Steps
and
Key
Players
Involved
in
Processing
an
EMV
Credit
Transac?on
EMV
Cardholder
EMV-‐Ready
Merchant
EMV-‐Ready
Issuing
Bank
EMV
Cer?fied
Payment
Gateway
Suzi
Smit
h
SuziSmith
EMV
Terminal
7. 7
Key
Players
in
Processing
an
EMV
Transac?on
EMV
Cer?fied
Payment
Gateway
EMV
Cardholder
An
EMV
cardholder
is
someone
who
has
obtained
an
EMV
credit
or
debit
card
from
a
card
issuing
bank
and
is
ready
to
start
using
it
to
make
purchases.
The
EMV
cer?fied
payment
gateway
securely
transmits
the
EMV
transac?on
data
and
one-‐?me
cryptogram
to
issuing
bank.
This
is
Suzi
Joe’s
EMV
Cer?fied
Payment
Gateway
Account
EMV
Terminal
An
EMV
terminal
is
the
POS
hardware
that
communicates
with
the
cardholder’s
EMV
card,
specifically
the
embedded
chip
or
antenna
on
the
card.
EMV-‐Ready
Issuing
Bank
(Cardholder
Bank)
The
EMV-‐ready
issuing
bank
issues
EMV
credit
cards
to
consumers
like
Suzi.
They
are
responsible
for
decryp?ng
the
EMV
transac?on
data
and
one-‐?me
cryptogram,
authorizing
the
transac?on
and
sending
back
their
response
via
a
new
one-‐?me
cryptogram
with
the
transac?on
authoriza?on.
Suzi’s
EMV-‐Ready
Issuing
Bank
EMV-‐Ready
Merchant
An
EMV-‐ready
merchant
has
a
compa?ble
EMV-‐enabled
terminal
in
their
store
and
can
start
accep?ng
EMV
payments
from
their
customers
(cardholders)
for
the
goods
or
services
they
sell.
This
is
Joe
Suz
i Smi
th
SuziSmith
8. Contact
EMV
Transac?on
Flow
1.
Suzi
the
EMV
Cardholder
Purchases
a
Red
Widget
While
Suzi
is
shopping
in
her
town,
she
spots
the
perfect
red
widget
while
passing
by
Joe’s
Widget
Shop
and
decides
to
stop
in
and
buy
it.
Suzi
is
able
to
make
an
EMV
payment
for
the
widget,
since
Joe’s
shop
is
EMV
ready.
Suzi
makes
a
contact
EMV
payment
and
ini?ates
the
transac?on
by
placing
her
card
in
the
terminal’s
slot.
2.
The
EMV
Terminal
Verifies
the
Card’s
Authen?city
There
are
a
few
different
ways
this
can
happen,
depending
on
whether
it’s
a
contact
EMV,
contactless
EMV
or
mobile
EMV
transac?on.
SuziSmith
SuziSmith
Suzi Smith
è
For
Contact
EMV
(and
in
Suzi’s
Case)
The
card
is
placed
into
the
slot
on
the
terminal
and
remains
there
while
the
terminal
verifies
the
card
is
real
and
validates
the
cardholder
iden?ty.
The
terminal
will
ask
for
the
cardholder’s
PIN
or
signature
depending
on
the
issuer’s
verifica?on
method.
For
Contactless
EMV
&
Mobile
EMV
Suzi Smith
è
è
Suzi Smith
We
Accept
✔
✔
Suzi
Smit
h
The
user
taps
the
card
or
mobile
phone,
and
using
NFC
technology
it
communicates
with
the
terminal.
The
same
EMV
security
standards
used
for
contact
EMV
purchases
are
employed
to
verify
the
card
is
real
and
to
validate
the
cardholder
iden?ty.
9. 9
3.
EMV
Transac?on
Data
is
Prepared
&
One-‐Time
Cryptogram
is
Created
Once
Suzi’s
card
has
been
verified
and
her
iden?ty
has
been
validated,
the
terminal
and
the
card
work
to
prepare
the
EMV
transac?on
data
and
create
a
one-‐
?me
cryptogram
that
is
only
valid
for
this
specific
transac?on.
4.
EMV
Transac?on
Data
&
One-‐Time
Cryptogram
are
Sent
to
the
Payment
Gateway
The
gateway
receives
the
EMV
transac?on
data
and
one-‐?me
cryptogram
and
securely
transmits
them
to
Suzi’s
issuing
bank.
Suzi’s
EMV-‐Ready
Issuing
Bank
Suzi Smith
SuziSmith
+
=
Joe’s
EMV-‐Ready
Payment
Gateway
Account
è
✔
✔
10. 10
5.
The
Issuing
Bank
Decrypts
the
EMV
Transac?on
Data
&
One-‐Time
Cryptogram
A]er
Suzi’s
issuing
bank
receives
the
transac?on
data,
it
works
to
decrypt
the
EMV
transac?on
data
and
one-‐?me
cryptogram.
Now
the
bank
has
all
the
informa?on
it
needs
and
can
authorize
the
transac?on.
Suzi’s
EMV
Ready
Issuing
Bank
+
6.
The
Issuing
Bank
Creates
a
New
One-‐Time
Cryptogram
to
Send
Its
Response
Suzi’s
issuing
bank
now
needs
to
communicate
the
transac?on
authoriza?on
back
to
the
EMV
terminal
and
creates
a
new
one-‐?me
cryptogram
to
do
this.
✔
Transac?on
authorized
è
✔
Transac?on
authorized
=
11. 11
8.
New
One-‐Time
Cryptogram
with
the
Issuer’s
Response
is
Passed
Along
to
the
EMV
Terminal
Once
the
payment
gateway
receives
the
new
one-‐?me
cryptogram,
it
passes
it
along
to
the
EMV
terminal.
From
there
the
EMV
terminal
decrypts
and
displays
the
issuer’s
response,
which
in
this
case
is
an
approval.
✔
Joe’s
EMV
Cer?fied
Payment
Gateway
Account
è
SuziSmith
APPROVED
SuziSmith
è
7.
The
Issuing
Bank
Sends
the
New
One-‐
Time
Cryptogram
to
the
Payment
Gateway
Suzi’s
issuing
bank
sends
the
new
one-‐?me
cryptogram
with
the
transac?on
authoriza?on
back
to
the
payment
gateway.
Suzi’s
EMV
Ready
Issuing
Bank
Joe’s
EMV
Cer?fied
Payment
Gateway
Account
è
12. What
Do
Merchants
Need
To
Know
About
the
EMV
Liability
ShiQ?
Understanding
the
Liability
Shi]
and
the
Steps
to
Take
to
Avoid
Liability
October
1st
Deadline
EMV
Liability
Shi]
Rules
Tips
to
Avoid
Liability
1
OCTOBER
EMV
Adop?on
13. 13
October
1st
2015
Deadline
Understanding
How
this
Deadline
Affects
the
Liability
Shi]
Liability
Shi]
Card
Present
Transac?ons
Only
A]er
October
1,
2015,
if
a
fraudulent
transac?on
occurs,
the
liability
belongs
to
whichever
party
has
not
yet
adopted
EMV
chip
technology.
This
means
that
the
issuing
bank
or
merchant
could
end
up
being
financially
responsible
for
the
fraudulent
transac?on
if
they
aren’t
EMV-‐
ready.
The
transi?on
toward
EMV
technology
and
the
liability
shi]
only
affects
merchants
who
process
card
present
transac?ons.
Online
transac?ons,
on
the
other
hand,
are
not
directly
affected
by
EMV
technology
or
the
liability
shi].
1
OCTOBER
14. 14
EMV
Liability
Shi]
Rules
&
Scenarios
Scenario
1
A
tradi?onal
magne?c
stripe
card
is
swiped
by
the
customer
at
a
magne?c
stripe
terminal.
In
this
case,
neither
the
issuing
bank
nor
the
merchant
is
EMV-‐ready.
If
the
purchase
is
a
fraudulent
transac?on,
the
merchant
is
generally
not
liable,
just
like
today.
A]er
October
1,
2015,
Who’s
Liable?1
Issuing
Bank
Joe
the
Merchant
Scenario
2
A
chip
card
is
used
at
a
tradi?onal
magne?c
stripe
only
terminal.
Scenario
3
A
chip
card
is
used
at
a
chip-‐enabled
terminal.
In
this
case,
the
issuing
bank
is
EMV-‐ready
but
the
merchant
is
not.
If
the
purchase
is
a
fraudulent
transac?on,
the
merchant
is
generally
liable,
since
the
issuer
has
made
the
investment
to
upgrade
to
chip
technology
and
the
merchant
has
not.
In
this
case,
the
issuing
bank
and
the
merchant
are
both
EMV-‐ready.
If
the
purchase
is
a
fraudulent
transac?on,
the
issuer
will
con?nue
to
bear
the
responsibility
of
the
fraudulent
ac?vity,
as
they
do
currently.
EMV
Ready
Issuing
Bank
Joe
the
Merchant
Joe
the
Merchant
is
EMV
Ready
EMV
Ready
Issuing
Bank
Liable Liable Liable
1.
"EMV
Liability
Shi]:
Why
it
pays
to
adopt
new
technology,"
Visa.com,
hFp://usa.visa.com/merchants/grow-‐your-‐business/payment-‐technologies/credit-‐card-‐chip/liability-‐shi].jsp.
15. 15
Fuel
&
ATM
Transac?ons
Liability
for
automated
fuel
dispensers
and
ATM
transac?ons
doesn’t
shi]
un?l
October
2017.
FUEL ATM
EMV
Liability
Shi]
Rules
&
Scenarios—The
Excep?ons
Are
There
Any
Types
of
Transac?ons
Not
Included
in
the
October
2015
Liability
Shi]?
1
Card-‐Not-‐Present
Transac?ons
The
liability
shi]
doesn’t
apply
to
card-‐not-‐present
transac?ons.
In
these
cases,
the
liability
remains
subject
to
exis?ng
liability
and
chargeback
rules.
1.
"EMV
Liability
Shi]:
Why
it
pays
to
adopt
new
technology,"
Visa.com,
hFp://usa.visa.com/merchants/grow-‐your-‐business/payment-‐technologies/credit-‐card-‐chip/liability-‐shi].jsp.
16. 16
EMV
Adop?on
What
is
the
Expected
Adop?on
Rate
of
EMV?1
Issuing
Banks
Merchants
By
the
end
of
2015,
it’s
expected
that
the
card
issuing
banks
will
be
taking
the
lead
when
it
comes
to
EMV
adop?on.
By
the
end
of
2015,
it’s
expected
that
only
about
half
of
all
US
merchants
will
have
upgraded
their
terminals
and
will
be
EMV-‐
ready,
leaving
a
high
likelihood
that
a
high
percentage
of
merchants
will
be
financially
liable
for
fraudulent
transac?ons.
71%CREDITCARDS
41%DEBITCARDS
47%MERCHANTS
1.
Shamas,
Megan.
“With
EMV
Chip
Migra?on
on
Track,
U.S.
Payments
Industry
Looks
Ahead
to
Mobile,
eCommerce
and
Tokeniza?on
at
Smart
Card
Alliance
2015
Payments
Summit,”
smartcardalliance.org,
hFp://www.smartcardalliance.org/with-‐emv-‐chip-‐migra?on-‐on-‐track-‐u-‐s-‐payments-‐industry-‐looks-‐ahead-‐to-‐mobile-‐ecommmerce-‐and-‐tokeniza?on-‐at-‐smart-‐card-‐alliance-‐2015-‐payments-‐summit/.
17. 17
Steps
Merchants
Can
Take
to
Avoid
Liability
Keep
Your
Merchants
on
Track
to
Avoid
Liability
Stay
One
Step
Ahead
of
Card
Issuers
Card
issuers
already
plan
to
have
chip
cards
in
consumers’
hands
by
the
end
of
2015
and
once
consumers
start
using
those
cards,
merchants
with
non-‐EMV-‐ready
terminals
will
start
taking
on
the
liability.
Suzi Smith Suzi Smith
Upgrade
&
Process
Transac?ons
Using
an
EMV
Compa?ble
Device
Having
an
EMV
compa?ble
terminal
is
just
the
founda?on
for
EMV;
merchants
will
actually
need
to
process
transac?ons
using
EMV
whenever
possible
to
truly
avoid
liability.
SuziSmith
18. What
is
Our
Plan
to
Support
EMV?
Understanding
Our
Roadmap
for
EMV
What
Applica?ons
Will
Be
Supported?
Which
Processors
Will
Be
Supported?
Which
Devices
Will
Be
Supported?
When
Will
We
Be
EMV-‐Ready?
2015
AUGUST
19. 19
2015
AUGUST+
=
Mark
Your
Calendars
EMV
is
Coming
to
the
Gateway
in
August
We
Will
Be
“EMV-‐Ready”
in
August!
20. 20
EMV
Supported
Applica?ons
Supported
Applica?ons
Roadmap
for
2015
The
Cookie
miniPOS
The
Cookie
Swipe
The
Cookie
Swipe
will
be
the
first
EMV-‐capable
so]ware
applica?on.
SwIPe
is
a
lightweight
POS
so]ware
that
runs
on
Microso]
Windows
32
bit
and
64
bit.
The
Cookie
miniPOS,
is
a
new
product
that
will
include
EMV
support
as
well
as
addi?onal
features.
This
will
be
a
full
stand-‐alone
mobile
POS
(mPOS)
system
for
small-‐
to
medium-‐sized
merchants.
2015
AUGUST
2015
Q4
21. 21
EMV-‐Compa?ble
Devices
EMV-‐Compa?ble
Devices
Roadmap
for
2015
EMV
Value
Device
Ingenico
iCMP
Ingenico
iPP320
&
iPP350
The
Ingenico
iPP320
and
iPP350
are
ideal
for
retail
environments
and
will
work
seamlessly
with
our
SwIPe
applica?on.
They
are
full-‐featured
devices
that
process
EMV
chip
and
PIN,
magstripe
and
contactless
NFC.
The
Ingenico
iCMP
is
versa?le
device
ideal
for
mobile
environments
and
will
work
seamlessly
with
our
iProcess
POS
mPOS
and
with
our
SwIPe
applica?on.
It
has
embedded
bluetooth
technology
and
accepts
EMV
chip
and
PIN,
magstripe
and
contactless
NFC.
We
are
in
the
process
of
evalua?ng
and
tes?ng
several
lower-‐cost
EMV
devices,
like
the
Magtek
eDynamo.
2015
AUGUST
2015
Q4
2015
Late Q4
22. 22
EMV
Cer?fied
Processors
Roadmap
Cer?fied
Processors
Roadmap
for
2015
&
Early
2016
First
Data
Global
Payments
TSYS/Vital
Cer?fica?on
in
progress
and
expected
to
be
complete
in
August
2015
2015
Q4
2015
AUGUST
2015
Late Q4
Cer?fica?on
with
Global
Payments
will
make
our
plaoorm
EMV
ready
for
US
&
Canada
Cer?fica?on
for
EMV
with
First
Data
will
projected
to
be
completed
in
late
Q4.
Van?v
&
Paymentech
2016
will
bring
added
support
for
other
popular
processors
including
Van?v
and
Paymentech.
2016
Q1
23. 23
2015
AUGUST
2015
Q4
2015
Late Q4
2016
Q1
EMV
Road
Map
Summary
Timeline
for
EMV-‐Ready
So]ware
Applica?ons,
Devices
&
Processors
EMV
Ready
Sofware
Applica>ons
The
Cookie
Swipe
EMV
Ready
Devices
Ingenico
iPP320
&
iPP350
EMV
Cer>fied
Processor(s)
TSYS
EMV
Ready
Sofware
Applica>ons
The
Cookie
miniPOS
EMV
Ready
Devices
Ingenico
iCMP
EMV
Cer>fied
Processor(s)
Global
EMV
Ready
Devices
Value
EMV
Device
EMV
Cer>fied
Processor(s)
First
Data
EMV
Cer>fied
Processor(s)
Added
support
for
popular
processors
including
Van?v
and
Paymentech