PCI COMPLIANCE
November 3rd, 2015 by Elma Jane

While EMV represents a significant improvement in the way credit/debit card fraud is detected and prevented, some have confused EMV’s capabilities with the concepts of data security and PCI compliance.

Does EMV override PCI?

The answer is NO, EMV technology does not satisfy any PCI requirements, nor does it reduce PCI scope.

  • EMV is counterfeit card fraud protection – it makes it more difficult to make use of stolen card data.
  • EMV is not encryption – EMV does not encrypt the Primary Account Number (PAN) and therefore the card data must still be protected according to PCI guidelines.
  • EMV only works for card present transactions.

If your business accepts credit or debit cards in a physical store or other face-to-face setting, you will need to implement the EMV technology and PCI standards. If you upgrade your terminals for EMV, consider adding point-to-point encryption (P2PE) capabilities to reduce PCI scope and protect data end to end. In addition, using tokens after authorization can prevent the card data from being used, should it be stolen.

 

Posted in Best Practices for Merchants, EMV EuroPay MasterCard Visa, Payment Card Industry PCI Security Tagged with: , , , , , , , , , , , , , , , , ,

EMV
August 13th, 2015 by Elma Jane

The credit card processing industry, have been working towards including EMV technology in all of the point of sale systems.

Many processors have sent out EMV capable devices that will need to be adjusted before they can start accepting EMV card transactions.

See which category you fall into so you are prepared when October 1 rolls around.

First, check and see if your credit card machine has the slot to accept EMV cards (it’s either a slot in front, or on the top of, the unit). If you don’t, you need to contact your processors or sales agent to update your equipment .

If you do have the slot for EMV cards, you’ll need to contact National Transaction to see if your EMV capable machine has been enabled to accept EMV cards.

What is the difference between EMV capable and EMV enabled?

  • EMV Capable – EMV capable means that your credit card machine is equipped with the hardware (i.e. the slot) and has the capability to do a transaction, but first you’ll have to update the application to enable you to process the cards.                                                 At National Transaction, we have a support specialist to assist you with step-by-step instructions to switch your credit card Point-of-Sale System, from EMV capable to EMV enabled.
  • EMV Enabled – When your machine is EMV enabled, your terminal is ready to accept EMV transactions.                                                                                                               According to MasterCard, 73 percent of consumers say owning a chip card would encourage them to use their card more often. In addition, 75 percent of consumers expect to use their chip card at the merchants where they shop today.                     Keeping these numbers in mind, it only makes sense to equip your business with an EMV enabled credit card POS system.

What makes EMV technology so important?

EMV is a global payment system that adds a microprocessor chip into credit cards and debit cards, and reduces the chance a transaction is being made with a stolen or copied credit card. Unlike traditional magnetic-stripe cards, anytime you use an EMV card, the chip in the card creates a unique transaction sequence that can’t be replicated. Because the number will never be valid again, it makes it hard for hackers to fake these cards. If they attempt to use the copied EMV card, the transaction would be denied.

The rollout of EMV technology is ongoing, but even with the October 1 deadline, it’s estimated that only 70 percent of credit cards and 40 percent of debit cards in the U.S. will support EMV. Despite these numbers, that doesn’t mean you shouldn’t update your equipment.

Following the deadline, card present fraud liability will shift to whoever is the least EMV compliant party in a fraudulent transaction.

Make sure that’s not you!

 

 

Posted in Best Practices for Merchants, Credit card Processing, Credit Card Reader Terminal, Credit Card Security, EMV EuroPay MasterCard Visa, Point of Sale Tagged with: , , , , , , , , , , , , , , , , ,

February 3rd, 2014 by Elma Jane

The migration to cards that use chips instead of magnetic strips, known as EMV technology, is well underway in the U.S. No government regulation is needed to make it happen. But the EMV migration and the Target breach are different things. It’s true that EMV chip cards can prevent criminals from producing counterfeit cards using stolen account numbers. But EMV doesn’t stop criminals using stolen cards online. So innovators are deploying new technologies to deter other forms of fraud.

Headline-grabbing events inevitably lead to calls for new laws. But in the case of our nation’s electronic payments systems, new government mandates would stifle marketplace innovations that hold great promise for providing consumer benefits and reducing criminal activities.

Financial institutions compete for customers by providing consumer protections even beyond requirements of current law. Many retailers also offer customers speedy transactions, such as “sign and go” and “swipe and go” for small transactions, while the payments industry ensures consumers still have zero liability. These protections and flexibility are why U.S. consumers are going cashless and carry more than one billion debit and credit cards. More than 70% of retail purchases are made with electronic payments, and our member companies process more than $4 trillion in electronic payments each year.

Fraud accounts for fewer than six cents of every $100 spent on payments systems – a fraction of a tenth of a percent. U.S. companies have made significant financial and technological investments, building sophisticated fraud tools that insulate consumers from liability. To build on this, Congress should foster greater international law enforcement cooperation to fight cybercrime, particularly in countries that harbor crime rings, and replace 46 divergent state breach notification laws with a uniform national standard.

The private sector is best positioned to address the constantly shifting tactics of criminals, and it is doing so without government mandates. Do Americans really want the government in charge of the security and monitoring of our payments?

Posted in Best Practices for Merchants, Credit card Processing, Credit Card Security, Electronic Payments, EMV EuroPay MasterCard Visa, Financial Services, Visa MasterCard American Express Tagged with: , , , , , , , , , , , , , ,