Europay, MasterCard and Visa technology is making its way to the mainstream in the U.S. On Oct. 1, 2015, the payment processing industry will undergo a liability shift for all of the parties involved in a customer transaction. The group that isn't compliant with the new industry guidelines will be responsible for any financial ramifications of a data breach.
EMV technology is based on chip-and-PIN systems, which uses encrypted data to complete a payment. EMV chip-based cards have an embedded microchip on the face of the card, which customers use to dip into a payment processing terminal to complete a transaction. The payment information is stored on the embedded microchip and temporarily transferred to the terminal and then to the processor and card company to finalize the payment.
EMV technology is already well-established in most other developed countries but currently lags in the U.S. However, merchants and retailers are beginning to adopt EMV technology for their in-store terminals and online payment gateways to better fight against credit card fraud. The embedded microprocessor will become a part of all new debit and credit cards after the Oct. 1 deadline, with some companies requiring a PIN number or signature from the shopper to complete a transaction.
The new chip-based cards protect well against credit card fraud because of their inherent security measures. EMV uses a technology called point-to-point encryption, which assigns sensitive information unique characters. In doing so, hackers won't be able to turn around and use illegally obtained information since the encrypted data is rendered useless after each individual transaction at the point of sale.
Currently, merchants in the U.S. are using the magnetic stripes to process payments. Magnetic stripes today contain static data, making it easier for hackers to illegally obtain sensitive payment information from customers' cards. EMV differs in that the microchip encrypts data uniquely each time a transaction is made. Even if a hacker were to obtain sensitive customer information, the data is rendered useless because it is unique to that payment.
EMV also helps with card-not-present fraud, which is beneficial for your ecommerce payment gateway. Since the card is not physically present at the point of sale online, cybercriminals have traditionally been able to make fraudulent payments with illegally obtained information. While online payments and EMV aren't 100 percent compatible, there are solutions that your ecommerce business should look into before the upcoming deadline.
The technology for online EMV is already in place, it's just up to you to figure out which makes the most sense for your business. More specifically, MasterCard offers a Chip Authentication Program, while Visa offers Dynamic Passcode Authentication. Both of these solutions require an extra step in the transaction process and ensure the payment is authentic.
If you own and operate an ecommerce store, EMV may not directly correlate to your online payment gateway. Since EMV is used to protect point-of-sale or card-present transactions, it's mainly focused on in-store payments. However, as card-not-present payments continue to grow and the market value of ecommerce rapidly matures, EMV technology may open up the doors for a number of new and improved online security measures for your ecommerce business.
In addition to MasterCard and Visa's passcode authentication and chip authentication programs, 3D secure controls provide an added level of protection for your ecommerce transactions. When a customer makes a transaction online, they are redirected to the issuer's website and have to enter a passcode to authenticate the payment. Consumers are required to set up a passcode with their issuing bank, so you may want to encourage your clients to do that to ensure a more secure transaction.