Read the AITE Report! Maximizing the Potential of CNP: Collaboration via 3-D Secure is the Key

What Are EMV Payments?

EMV® is a security standard used worldwide for both contact and contactless payments done with credit, debit, and prepaid cards that leverage a smart chip. EMV payments are now central to protecting consumers and businesses from fraudulent transactions.

EMV is short for Europay, MasterCard, and Visa, the companies that originally created the standard. Today, there are nearly 11 billion EMV cards in use worldwide.

How Does EMV Chip Technology Work?

Customers either insert their card into a payment terminal that reads the EMV chip, or hold their card close to a contactless card reader. (When an EMV chip is installed in a non-card form factor such as a mobile phone or smartwatch, contactless EMV payment is the only option.)

Embedded within the chip is an encrypted digital signature that the card reader uses to validate the transaction and ensure the card is legitimate. All EMV cards are required to use a form of encryption to prevent card spoofing and data theft. Card issuers can choose from three different authentication methods to enable EMV on their cards. No matter what authentication is used, merchants only need a single EMV-capable terminal to accept EMV payments.

EMV payment technology uses the internet to communicate, but can still process transactions offline. Of the three authentication methods, Dynamic Data Authentication (DDA) and Static Data Authentication (SDA) can work offline. Since both the card and the card reader are preprogrammed with cryptographic keys, validation doesn’t require a network connection.

How Are EMV Payments More Secure?

While no fraud protection is 100% bulletproof, EMV payments are significantly more secure than magnetic strip (magstripe) transactions. In the past, criminals would steal the information stored magnetically on credit cards and write that information to their own fake card for spending. EMV payment methods prevent this by using cryptography to make cards nearly impossible to clone.

Are Merchants Legally Required to Accept EMV payments?

The short answer is no. There are no legal requirements that enforce EMV payments. However, using outdated magstripe technology dramatically increases the risk of accepting fraudulent payments, placing liability for those transactions on the merchant.

As of October 1, 2015, merchants that only accept magstripe payments are held liable for fraudulent transactions occurring on EMV cards. Effective April 16, 2021, this liability shift was extended to automated fuel dispensers (gas pumps). As technology advances, liability shift occurs to protect card issuers and incentivize merchants to use more secure technology. And it’s working: Today, more than 88% of all card-present transactions worldwide use EMV chip technology.

Will EMV Make Merchants PCI Compliant?

Simply installing an EMV terminal will not make a merchant Payment Card Industry (PCI) compliant. Achieving PCI compliance requires meeting numerous standards and completing either a self-assessment or receiving an official audit from a security assessor.

EMV chips only work for card-present transactions, meaning any business that does e-commerce or accepts card information over the phone will need additional security measures to meet PCI standards. Even with EMV, card data such as primary account numbers (PANs) can be exposed on your POS terminal. Adding additional layers of security such as encryption, antivirus, and individual login accounts can help merchants achieve compliance.

What Do Merchants Need to Accept EMV Payments?

In order to accept EMV payments, merchants need an EMV-enabled credit card reader. Rather than swiping the magnetic strip, customers will insert their card vertically so the terminal can read their EMV chip.

As mentioned some EMV-capable terminals also support contactless payments using Near Field Communications (NFC) technology. If you’ve ever seen anyone pay by waving their phone or smartwatch during checkout, that’s NFC at work. If you’re looking to accept both NFC and EMV payments, ensure your reader can support both methods.

EMV readers can vary in pricing depending on their model and capabilities. Prices range from $50 for small mobile readers to $1000 for larger terminals you see in retail stores.

Is There an EMV Equivalent for Online Payments?

Yes. Over the years, EMV specifications have evolved beyond the original EMV chip standard to cover a wide range of technologies that support card-based payments. With the rapid rise in the volume and value of e-commerce payments, these new specifications have come to include EMV® 3-D Secure (3DS), a global standard for authenticating card-not-present (CNP) transactions made via mobile and online browsers, apps, digital wallets, and more.

Use of 3DS 2.2, the latest iteration of the protocol, has grown 79% over the past 18 months, fueled in part by the massive shift in consumer digital adoption during the COVID-19 pandemic and attendant increases in CNP fraud, which topped $6.4 billion in 2020.

Anti-fraud solutions built upon the features in 3DS analyze hundreds of different risk indicators and share that data with the acquiring and issuing bank. Armed with this data, the issuer’s 3DS providers can assess the risk associated with the transaction.

This process allows legitimate customers to continue uninterrupted, while highly suspicious transactions are directed through a challenge flow. Challenge flows typically require authentication through text or email verification but can also include biometric data and one-time passwords.

But the innovation doesn’t have to stop with the EMV payments specifications themselves.

3-D Secure on Steroids

Outseer 3-D Secure, for instance, is an Access Control Server (ACS) for card issuers and processors. Built upon the features in 3DS, and leveraging the Outseer Risk Engine and enriched by intelligence from our global data network partners, Outsider 3-D Secure transparently evaluates each transaction in real time to prevent 95% of all fraud. Only 5% of transactions ever require intervention—leaving the vast majority of transactions to go through unimpeded. That’s the best performance in the industry.

In fact, Outseer 3-D Secure protected $100 billion in payment transactions in just the first half of 2021.

By seeing what others can’t, we stop fraud long before a transaction ever occurs. To learn how you can protect your customers through the power of EMV payments, request a free demo today.

Jim Ducharme

Chief Operating Officer

Jim is responsible for product strategy and leads the associated product management and engineering teams at Outseer. He has nearly two decades of experience leading product organizations in the Identity marketspace, and has held executive leadership roles at Netegrity, CA, and Aveksa.