What is EMV compliance law and should your business worry about it?

3 min read
1

Just like other forms of payment, using a credit card comes with an inherent level of risk. After all, hackers and thieves make a career out of figuring out ways to steal your credit card details so they can run up fraudulent charges. This is true for in-person purchases, as well as those made online.

Fortunately, many credit cards come with zero fraud liability, meaning you’re not on the hook for fraudulent charges posted to your account. Further, protection afforded by the Fair Credit Billing Act (FCBA) ensures you could never be liable for more than $50 in fraudulent charges posted to your account, anyway.

Another layer of protection you can expect with most credit cards comes in the form of a chip. With chip and pin credit cards, the embedded chip holds your payment data, providing a unique code for each purchase you make. The code generated is only good for that single transaction and the codes are always changing, meaning credit cards with chip technology are considerably more difficult to hack for in-person purchases.

Remember that, before chip technology, all credit cards used a magnetic stripe to store your data. Where magnetic stripe credit cards can be “skimmed” by hackers and thieves, chip credit cards make this type of theft impossible.

What does EMV stand for?

Chip-enabled credit cards are also called EMV-enabled credit cards due to the EMV technology that was used to create them. EMV stands for “Europay, Mastercard and Visa” and signifies the three major credit card providers.

While EMV technology intends to help cut down on the amount of consumer credit card fraud, this technology also helps businesses cut down on chargebacks resulting from fraudulent purchases.

What is EMV compliance?

Major credit card issuers asked for most U.S. businesses that accept credit cards to move toward an EMV-compliant credit card point of sale system by October 1, 2015. This deadline also instituted a shift in liability in terms of who took responsibility for fraudulent charges.

Prior to October 1, 2015, either the merchant or card issuer could be liable for losses due to fraud. After this date, however, the shift in liability began depending on which party — the merchant or card issuer — was the least compliant with EMV requirements.

In theory, this deadline would have been enough to motivate businesses to change their payment systems in order to reduce fraud and avoid financial losses.

According to recent figures from Visa, the number of U.S. retailers who accept EMV-enabled cards increased 825 percent from September of 2015 until June of 2019, growing from 392,000 to 3.7 million. This is good news overall, but not all businesses have upgraded their payment systems as some had hoped.

Fortunately, businesses haven’t had to worry about EMV compliance law or being fined for not upgrading their payment systems. If you’re a business owner who has not yet upgraded to accept EMV-enabled credit cards, you should probably do so — but you won’t be on the hook for penalties if you don’t make this change.

What are the two types of chip credit cards?

There are two main types of EMV-enabled credit cards, both of which offer the same underlying EMV technology protection:

  • Chip and pin credit cards require cardholders to use a numeric PIN in order to authenticate the purchase
  • Chip and signature credit cards use the same chip technology but still require a signature at the point of sale

Chip and pin cards are more secure than chip and signature cards since anyone can forge a signature, but it’s unlikely a hacker could accurately guess your PIN number.

Be aware that not all payment terminals will accept chip and signature credit cards. For example, you may be unable to use a chip and signature card for a purchase where a cashier isn’t present to ask for your signature, such as buying a train ticket from an automated teller.

How do I use an EMV card to make a purchase?

Where you once swiped your card using a magnetic stripe that held your information, EMV-enabled credit cards with chips require a different process for in-person transactions.

Specifically, both chip and pin and chip and signature credit cards require you to dip your credit card into the terminal, at which point your card is read and a unique token is created for the transaction. From there, you enter your PIN (if you have a chip and pin credit card) or provide your signature (if you have a chip and signature credit card).

Will my chip card work everywhere?

Your EMV-enabled credit card is usable anywhere credit cards are accepted, but you should also know the United States is actually somewhat behind when it comes to EMV technology. In Europe, for example, countries made the transition to EMV technology years ago, and chip and PIN cards are the norm.

If your credit card doesn’t have a chip and you plan to travel abroad, you may want to pick up an EMV-enabled credit card that can provide another layer of protection against fraud.

In addition to credit cards with chip technology, also look for credit cards that don’t charge a foreign transaction fee.