While EMV represents a significant improvement in the way credit/debit card fraud is detected and prevented, some have confused EMV’s capabilities with the concepts of data security and PCI compliance.
Does EMV override PCI?
The answer is NO, EMV technology does not satisfy any PCI requirements, nor does it reduce PCI scope.
- EMV is counterfeit card fraud protection – it makes it more difficult to make use of stolen card data.
- EMV is not encryption – EMV does not encrypt the Primary Account Number (PAN) and therefore the card data must still be protected according to PCI guidelines.
- EMV only works for card present transactions.
If your business accepts credit or debit cards in a physical store or other face-to-face setting, you will need to implement the EMV technology and PCI standards. If you upgrade your terminals for EMV, consider adding point-to-point encryption (P2PE) capabilities to reduce PCI scope and protect data end to end. In addition, using tokens after authorization can prevent the card data from being used, should it be stolen.