How does EMV apply to payment gateways?
Some merchants connect to their payment processor through a payment gateway. Gateways used for card-present transactions will also need to undergo EMV testing and certification. Note that eCommerce payment gateways, which operate in a card-not-present environment, will not need changes for EMV.
What should merchants consider before making a POS device purchase?
Merchants should understand EMV-compatible POS device capabilities. POS devices that incorporate the EMV standard will be able to use up to four cardholder verification methods:
- Signature
- Online PIN
- Offline PIN
- No CVM
Determine if the new POS device that you’re considering will have contactless payment capabilities. Many POS devices bundle EMVcapable and contactless (NFC) payment features. This may allow you not only more secure transactions but also more ways to accept payments in the manner your customers want to pay.
What is my timeline for establishing EMV acceptance?
The payment network rules do not require you to switch to an EMV card acceptance process; however, if you do not switch to an EMV card acceptance process by October 1, 2015, you will be held responsible for the costs associated with use of a counterfeit EMV card in a card present transaction at your location.
We recommend that businesses upgrade their POS equipment to a version that is EMV “future ready.”
- For most merchants October 1, 2015, is the deadline for EMV acceptance capabilities
- For petroleum merchants using automated fuel dispensers (AFDs) October 1, 2017, is the deadline for EMV acceptance capabilities
How can a Non-EMV-compatible device accept an EMV card for payment?
EMV cards issued to US cardholders will be hybrid versions, meaning the card will have a magnetic stripe on back and chip on front. As a result, EMV cards presented for payment can still be accepted at a non-EMV-compatible POS device (payment terminal).
Is PCI DSS compliance still necessary after EMV POS devices are implemented in my business?
Yes. PCI DSS examine the payment environment and evaluate how your business accesses, transports or even stores cardholder data. PCI DSS compliance will remain a requirement.
Is end-to-end encryption (E2EE) still relevant with the introduction of EMV chipcards?
Yes. The chip in an EMV card protects individual transactions by adding a secret number only the card issuer knows, which verifies that the transaction is legitimate through an EMV-compatible POS device. However, EMV is not designed to encrypt the sensitive card information (Account Number, Exp. Date, etc.). Therefore, it is still possible for thieves to duplicate card data and create counterfeit cards that can be swiped for use at businesses that haven’t upgraded to EMV-compatible or EMV-enable POS devices or could be used with online retailers. Encryption removes this cardholder data for your POS device, which simplifies the scope of your PCI DSS obligations.
Merchants who participate in Worldpay’s E2EE program receive an indemnity waiver of up to $100,000 in total—which includes up to $30,000 in approved compromise associated costs, such as forensic audits and fines, as part of Worldpay’s PCI Program , plus an additional $70,000 if you experience a compromise as a result of the failure of Worldpay’s E2EE equipment to encrypt when used properly. Note, not all card transaction types are available for the E2EE service, and additional terms and conditions apply so contact your Worldpay representative if you are interested in learning more.
EMV capabilities along with E2EE are a great combination for highly secure payment acceptance.
What role will EMV have in payments for the online, card-not-present environment? (Internet purchases)
Currently, the EMV standard exists solely for the card-present, face-to-face environment. Worldpay will work closely with the card associations to monitor any new requirements for card-not-present transactions.
What is Worldpay’s EMV status?
- Worldpay completed certification with all major card brand networks in 2013 (Visa, MasterCard, Discover & American Express)
- Worldpay back-office systems incorporated EMV updates into the October 2014 Fall Release system updates
- Worldpay’s EMV-compatible standalone POS device solutions are available now and incorporate NFC (contactless) capabilities too: VX 520 and VX 680 (wireless terminal). Soft ware to enable EMV will be released by Worldpay before the October 1, 2015, deadline
- Testing and certification with Worldpay POS vendors is under way
If you have additional questions, contact Novera Payment Solutions. We’re happy to help.