If you’ve been watching the news lately you’ve probably heard about the credit card security breach at Target and all the buzz around “Chip and PIN” or “EMV.” In the case of Target, while hackers could have stolen the information from EMV capable cards the data would have been worthless. This is because EMV cards contain a microprocessor which produces unique output each time the card is used, unlike traditional magstripe cards. This makes the EMV cards difficult to replicate and removes the incentive for hackers to steal information from EMV card transactions.
If you operate a self-service kiosk which accepts credit card payments then you’ll want to learn more about the security benefits of EMV designed to prevent fraud. There are some mandates coming in October of 2015 which you’ll want to pay attention to also. Read on to learn more.
What is EMV?
EMV is designed to help prevent credit card fraud through the use of robust cardholder verification (i.e. Chip and PIN), card authenticity verification and issuer risk management parameters. EMV provides multiple cardholder authentication options for card issuers (Chip and PIN, Chip and Signature, etc..) and also prevents EMV cards from being replicated by card skimming.
The EMV specifications are managed by the organization EMVCo.
“EMVCo exists to facilitate worldwide interoperability and acceptance of secure payment transactions. It accomplishes this by managing and evolving the EMV® Specifications and related testing processes. This includes, but is not limited to, card and terminal evaluation, security evaluation, and management of interoperability issues. Today there are EMV Specifications based on contact chip, contactless chip, common payment application (CPA), card personalization, and tokenization.
This work is overseen by EMVCo’s six member organizations—American Express, Discover, JCB, MasterCard, UnionPay, and Visa—and supported by dozens of banks, merchants, processors, vendors and other industry stakeholders who participate as EMVCo Associates.”
How does EMV affect my self-service kiosk?
If your kiosk accepts credit card payments then you will be affected by the fraud liability shift in October 2015. In layman’s terms, if credit card fraud occurs at your kiosk through the use of an EMV capable card and your kiosk does not support EMV then you will be responsible for the fraud. In case you’re wondering how an EMV capable card could be used at a kiosk that doesn’t support EMV then look no further than the magstripe on the back of the card. EMV capable cards still have a magstripe for backwards compatibility.
“Visa intends to institute a liability shift in the U.S. for domestic and cross-border counterfeit transactions effective 1 October 2015. Visa’s global POS counterfeit liability shift policies are designed to encourage EMV chip card issuance and acceptance in participating geographical regions, effectively creating a more secure environment for transactions within and between each participating Visa region. Note: The liability shift encourages chip transactions because any chip-on-chip transaction (i.e., a chip card read by a chip terminal) provides dynamic authentication data, which helps to better protect all parties.
With this type of liability shift, the party that is the cause of a chip-on-chip transaction not occurring (i.e., either the issuer or the merchant’s acquirer) will be financially liable for any resulting card-present counterfeit fraud losses. When a transaction occurs using chip technology, any liability for counterfeit fraud, though unlikely, would follow current Visa Operating Regulations.
The policy assigns liability for counterfeit fraud to the party that has not made the investment in EMV chip cards (issuers) or terminals (merchants’ acquirers). The policy encourages wider deployment of EMV cards and terminals.”
How can my kiosk become EMV compliant?
In short, by using kiosk EMV capable hardware and by completing an EMV certification at each kiosk. There are payment gateways like CreditCall which can shortcut this certification process for you. The payment gateway acts as a proxy and allows you to select from a wide variety of credit card processors (i.e. FirstData, Chase, etc…) and EMV hardware. When selecting EMV hardware for your kiosk you’ll want to use EMV hardware designed for an unattended environment. If you’re a KioskSimple user you can take advantage of our kiosk software support for EMV coming in early 2015.