Common merchant questions about EMV card-present transactions
As the card processing landscape is changing from mag-stripe to EMV chips with new regulations and technologies, merchants are seeking to understand the impact of these changes on their businesses. Here are two common merchant questions about EMV card-present transactions.
Question 1: Will accepting EMV chip cards prevent data from being stolen at my business?
EMV chip technology adds a layer of security to card-present transactions. Therefore, merchants installing EMV card readers would be limiting liability for fraudulent card transactions. This EMV technology protects against one type of credit card fraud, often called counterfeit fraud. EMV-chip cards are designed to decrease credit card counterfeiting by making them more difficult to copy. Unlike magnetic-stripe cards, which store unchanging data in their stripes, EMV-chip cards generate a new code for every transaction.
While thieves and dishonest employees may still steal the credit card data, they will not be able to forge fake smartcards or clone the card. EMV chips need to be programmed with the right data and keys, which are only available at the issuing bank. So even if criminals obtain the data, they can't do anything with it. However this is a different story for using stolen card data by swiping mag-stripes or key entering card numbers, so protecting data with proper PCI compliance is still required.
Question 2: Will EMV chip card transactions take longer to complete than swiping mag-stripe?
Yes, because instead of swiping the card, a customer would insert the card and the reader will take a few seconds to process.
"The chips and the terminal are having a conversation," said Carolyn Balfany, who's leading the EMV rollout in the U.S. at MasterCard. "They're exchanging data and creating new data. The EMV reader then generates a unique code for the transaction and uses it in place of your card number. This way, if someone were to hack into the store's records and use the payment data again, red flags would be sent up at the payment networks, and the fraudulent transaction wouldn't go through."
To be more technical, when an EMV-enabled payment card is inserted into the chip reader, dynamic security information is used in the authorization request. This dynamic data changes for each transaction and is validated against what is expected at the card issuer host.
For this reason, the chip must be inserted into the terminal and remain there until the transaction is completed and approved, otherwise the transaction will terminate prematurely. We recommend training employees to remind customers to take their cards once their payment has been processed so they don't forget given this is a new process for customers to get use to.
If you are looking for answers to other EMV questions, visit www.vantagecard.com/emv or please email your questions to us at [email protected].