Chip and PIN Crash Course

September 22, 2014

EMV and chip & PIN have become bigger buzzwords lately as more national retailers have reported their credit card data being breached. There’s a lot around EMV and it can be incredibly confusing even if you’re mired waist deep in the card payment industry. I’m only ankle-deep, but hopefully this can help clarify some of the bigger points of the program.

What is EMV?

EMV stands for Europay/MasterCard/Visa and is a series of specifications designed to maximize the security of payment systems. It started in Europe and is beginning to gain traction in the US. The current method uses a chip built onto a credit card that activates when plugged into a special card reader or payment terminal. It won’t release the data unless the user enters a PIN, thereby making it more secure than swiping a magnetic card through a reader.

There are other methods, including contactless payment, but the chip and PIN method is the next to be adopted in the US. You may have seen these types of cards already, they’re often used as smart cards for employee access and other ways to manage use/access of things. For instance, at Western Washington University, their laundry machines used smart cards to run. So the cards themselves have been around for a while.

Why is it awesome?

The main reason EMV is useful is because it’s a multi-step method of authorizing and approving payment. With current credit cards, the proof that you’re you is a signature, and they rarely check it. For reals. I’ve drawn giant smiley faces for signatures and the charge went through no sweat. With debit cards you need to enter a PIN, which is fantastic, but the card can also be used as a credit card so you can circumvent that step.

Secondly, the technology has been adopted pretty much everywhere else, so the hardware exists, it’s been tested, and it’s been optimized to cut down on the hassle for customers. The data on the card changes slightly every use, which provides an added layer of protection. I imagine there’s a checksum involved and if it doesn’t pass, the transaction gets flagged or outright denied.

I own a business, what do I do?

I guess for now, you get to wait. If you accept credit and debit cards, it might be a good idea to get in touch with your merchant services provider to see what their plan is. The major card reader and payment terminal manufacturers have products ready to go, if not already in use, so the transition should be relatively painless.

Hardware:

Since adoption rates are so high outside of the US (Western Europe boasts 73.9% of cards and 89% of Terminals utilizing EMV), there’s a fair bit of hardware already out there. It looks like for now the biggest issue is ensuring that whatever you have to take cards is compatible with every variant on the market.

MagTek DynaPro – MagTek has led the way when it comes to securing card data. From their Dynamag (née Centurion) hardware-encrypted card reader to their check reader platform, you can be sure if your card data falls into the wrong hands, it’ll be useless. The DynaPro incorporates their MagneSafe hardware encryption platform with contact and contactless smart card reading, making it a great option during the transition period.

VeriFone VX 520 – The VX 520 is a standalone payment terminal, like what you might see at a convenience store or places that use an electronic cash register instead of a full POS system. Like the DynaPro, it supports both traditional magnetic cards as well as EMV smart cards. You do gain additional versatility with this terminal; it supports transmitting card data via dialup, Ethernet, and even GPRS cellular networks, so this could be a great fit for mobile POS platforms.

ID Tech Unipay – Mobile POS on smartphones is blowing up, or it blew up. Either way it’s pretty huge. ID Tech has been making various readers that hook in via audio jack, and their new UniPay extends that functionality by supporting EMV cards. It does require the software you run to accept that data, so there are some extra steps required. It’s not out yet, but should be soon.

Ingenico iPP H-Touch 480 – Ingenico, like Verifone, has been making payment terminals for years. They’re usually the ones you see at grocery stores and larger department stores, and are pretty robust. The iPP H-Touch 480 supports magnetic card reading as well as smart card and contactless cards, making it a great transitional tool. It does require integration with your POS system, so you may want to talk with your software provider to make sure this is a compatible solution.

Square EMV – Everyone and their brother loves Square and their 2.75% transaction rates, so it’s good that they’re working on creating a reader that supports chip and PIN. It looks like you can give them your email and they’ll let you know when it’s ready. I bet every news site and blog aggregator will also let you know when it’s ready.

Important Dates:

We’ve already passed a few important dates, mostly with regard to processors adopting the standards and deadlines, but the main two for businesses are October 2015 and October 2017.

October 2015

– Liability shifts to processors if their merchant lacks an EMV-enabled device and is involved in a counterfeit or fraudulent card-present transaction.

October 2017

– Similar liability shifts, but for automated fuel dispensers. They get extra time because replacing gas station systems sounds expensive and complicated.

Conclusion:

Businesses, if they’re not already supporting EMV and chip & PIN, have about a year to get transitioned over and ready to go. Thankfully, it looks like solutions are in development or already available, so it’s a matter of working with your credit card processor to ensure you get the right one. We are working with our merchant account provider partners to make sure we have the hardware ready as soon as possible and will let you know as soon as we have solutions available.

Sources:

http://www.tsys.com/acquiring/engage/white-papers/United-States-EMV-Adoption.cfm – U.S. EMV Adoption: Lessons Learned from a Canadian-Based Value Added Resource (VAR) – TSYS
http://www.idtechproducts.com/products/mobile-readers/176.html – ID Tech Unipay – ID Tech
http://www.magtek.com/V2/products/pin-entry-and-management/DynaPro.asp -DynaPro – MagTek
http://www.ingenico.com/en/products/payment-terminals/retail-pin-pads/ipp-h-touch-480/ – iPP H-Touch 480 – Ingenico
http://www.verifone.com/products/hardware/countertop/vx-520/ – VX 520 – VeriFone
http://www.verifone.com/solutions-services/emv/ – The Key to EMV – Verifone
http://www.emvco.com/about_emv.aspx – About EMV – EMVCo
https://squareup.com/emv – Square EMV Reader – Square
http://masteryourcard.com/blog/2008/04/11/a-prank-to-remember-do-signatures-matter/ A Prank to Remember: Do Signatures Matter – Master Your Card