As a result of security concerns and point of sale data breaches at companies like Home Depot and Target, U.S. credit and debit card companies are releasing EMV cards that are much more secure than traditional magnetic stripe cards. Card companies have pushed businesses to update their card processing equipment to accommodate the new EMV cards that are being released, and businesses are now liable if they don’t.
Below is some information that should help you understand what you need to do to be compatible with EMV and NFC.
What is EMV and NFC?
EMV stands for “Europay, MasterCard and Visa”, and it is the global standard for credit and debit card payment processing. EMV cards are debit or credit cards with a chip installed in them, and the chip adds more security to the transaction than a traditional magnetic stripe card.
The chip communicates with the payment terminal to ensure that it is not a fraudulent transaction. Every time an EMV card is used, the chip creates a unique transaction code which can’t be duplicated. Magnetic stripe cards can be copied by counterfeiters because their stored data doesn’t change. EMV technology has been used in Europe for several years, and as a result of it the rate of credit card fraud has declined there.
NFC stands for “near field communication” and it is a technology that allows payment readers, smartphones and other devices to communicate with each other when they are in close proximity. NFC allows payments to be made without physical contact between the card and the payment processor, which adds more security to the transaction. An example of NFC technology is Apple Pay, where an iPhone or Apple Watch can be held up to a NFC payment reader for a payment to be made.
You have to update your business for EMV before NFC
Right now, there is no major push to update your payment processing equipment for NFC, as NFC technology is about three to five years away from being mainstream. However, if you take card payments at a physical location, October 1st, 2015 was the EMV liability shift deadline. Since then, liability for a fraudulent transaction is shifted toward the party that is least EMV compliant.
In other words, if your business receives card payments on site and you don’t have an EMV card reader, and someone pays you with a fraudulent card, you are financially liable for that transaction. If you receive all of your payments online, through mail or over the phone, then you don’t have to worry about EMV at all, even if you use a virtual terminal to manually enter your customers’ information.
EMV does not offer any extra security for these types of transactions, only transactions where the card is physically present and the magnetic stripe on the back has been altered.
How to migrate your business to EMV
If you accept card payments at a physical location, you should strongly consider migrating your payment equipment to be EMV compatible. The cost to do this will vary from one business to another. There are low-priced EMV readers that can be plugged into mobile devices that are available for under $100. Other options are available such as point of sale terminals that can range from $150 to $300 each.
It’s well worth the money and time to switch to EMV compatible equipment because of the liability shift that occurred on October 1st. Although it is totally voluntary, you will have likely already received some information encouraging you to switch to EMV from your current payment processor.
You can choose to upgrade to EMV compatibility with your current payment processor or from a competing vendor. If you decide not to make the switch right now you won’t be fined, but just keep in mind that you will taking on additional liability if you swipe a chip card instead of inserting it into an EMV compatible device.