Merchants large and small have a number of strong incentives to ensure their payment processes are as safe and secure as possible. In addition, maintaining regulatory compliance and reducing the threat of financial losses and penalties, making a focused effort to mitigate payment fraud and data theft is simply good business. Rebuilding customer trust and goodwill after a data breach is a more time-consuming and costly process than taking simple preventative steps to avoid the breach in the first place.
EMV – three letters that serve as shorthand for a set of globally recognized payment security standards – provides a number of tools offering powerful protection for both merchants and their customers.
Unique ‘Chip’ Makes Cards More Secure
The primary way EMV (the initials stand for Europay, MasterCard and Visa) improves payment protection is via the EMV specifications for chip-enabled payment cards. These cards, which are in the process of being distributed by the major payment card issuers to U.S. consumers, each contain an embedded smart chip capable of being read by a merchant’s point of sale terminals to initiate and verify a transaction.
Compared to the magnetic stripe cards that U.S. consumers are familiar with, these chip-enabled cards are much more difficult to counterfeit. Simply raising the degree of difficulty involved in counterfeiting cards will discourage many criminals from their efforts as they seek easier targets for their activities. This will drastically reduce the chance that a merchant will find themselves accepting a stolen or counterfeited card for payment – helping to stop potential fraud before it even occurs.
Benefits of Dynamic Data
The EMV chip-enabled cards also provide greater protection than mag stripe cards during each transaction that takes place using a wide range of security protections that are built into the software they use. One of the most effective means of protection for both merchants and customers is that for each transaction the EMV chip generates “dynamic data,” a unique, one-use-only cryptographic code that is “read” by the merchant’s and processor’s payment systems. In contrast, mag stripe card data remains static and unchanging throughout the life of the card – a key reason their data is coveted by criminals.
In the event that data from an EMV chip card is accessed by a thief, losses are limited because the data is uniquely tied to a single transaction. Again, fewer opportunities to use stolen data makes such cards a less appealing target for criminals.
Chip-enabled cards meeting EMV specifications are also designed to work with other forms of user identification, such as a signature or a PIN that the customer enters into a merchant’s POS terminal. Each level of authentication decreases the likelihood that the transaction is bogus, meaning merchants will spend less time and effort dealing with the aftermath of fraudulent payments. All of this encryption and security technology ultimately means that even if a breach occurs, hackers won't be able to readily use the data they uncover.
Think of it this way: the chances of accepting a stolen or counterfeit card are high, but the damage is relatively low (the value of a single transaction); alternatively, the chances of a breach are lower, but if hackers are able to utilize the stolen data from a breach, then the damage is significantly higher and is often enough to shut down small businesses. EMV reduces both these threats.
Payment fraud exacts costs from businesses and consumers, ranging from the inconvenience and lost time to actual financial liabilities. By bringing more secure payment tools into the United States, EMV’s specifications and the chip-enabled cards that meet them offer greater protections for both merchants and their honest customers.