Regulatory, Resources, Technology

The Most Comprehensive guide to EMV Compliance

EMV compliance is a global technology standard for credit card processing. It helps protect cardholders from fraud while reducing liabilities for merchants that process fraudulent transactions.

To become EMV compliant, Verifee must have upgraded point-of-sale hardware that meets EMV standards—meaning credit and debit cards can be processed using the most secure method.

Are you breaking the law if you don’t have an EMV chip terminal? Does EMV compliance cost money? These are some common EMV questions I hear on a regular basis.

This guide explains everything you need to know about EMV compliance, including what it is, how it works, why it matters, how much it costs, and the steps required to become EMV compliant.

EMV Compliance Explained EMV is an acronym for the three pioneers of EMV payment technology—Europay, Mastercard, and Visa.

EMV compliance is the global payment technology standard that was established by EMVco. These companies built “chip” technology as a method to protect consumers and merchants from credit card fraud.

To be EMV-compliant, a merchant must update their credit card processing hardware and POS software to support chip technology and meet EMV standards.

While EMV compliance in the US was originally enacted back in 2015, many merchants have been hesitant to make the switch.

Lots of small business owners have questions about EMV compliance and how it works. A quick web search makes it clear that there are lots of misconceptions about this technology.

EMV Compliance “Laws” Some of you may have heard of the EMV compliance law. But it’s not actually a “law” in the legal sense of the word, meaning you cannot be fined or jailed by the state or federal government if you fail to comply.

The law is more of an industry-specific mandate issued by the credit card processing companies.

Even though you’re not breaking any laws, EMV compliance is something that needs to be taken seriously. That’s because merchants that aren’t EMV-compliant assume full liability for fraudulent charges. We’ll discuss this in greater detail shortly.

The liability shift went into effect in October 2015. Although the EMV deadline for some merchants (pay at pump gas stations) wasn’t enacted until October 2020.

In short, no—the police, feds, or IRS won’t come knocking down your door to haul you away in cuffs if you break the EMV compliance laws. But you could be subject to fines, fees, and other costs associated with fraud or a data breach. The credit card companies and payment processors enforce these regulations.

How EMV Technology and Chip Cards Work As you probably know, chip credit cards are “dipped” into a credit card processing terminal as opposed to being “swiped.”

Even if you haven’t made the switch to EMV compliance just yet, I’m sure you’ve used EMV chip cards in your personal life as a consumer. All of the cards in your wallet will have a chip in them by now.

Chip technology is a superior alternative to the magnetic stripe predecessor.

Magstripe data is static, meaning the same sensitive payment information is used for each transaction. So if a thief steals this data, they can continue using the information to make fraudulent charges.

A chip won’t necessarily stop criminals from stealing information. But the anonymous tokens assigned to each transaction are only used once. This makes any stolen transactional data useless since it cannot be used again.

Chip technology makes it harder for criminals to clone credit cards and prevents thieves from using a skimmer to copy card data during a swiped transaction.

Why Does EMV Compliance Matter? So if non-compliance isn’t illegal, why does it matter?

I can sum this answer up for you in one word—liability.

Basically, EMV compliance protects merchants against the costs associated with credit card fraud. For example, if you accept a fraudulent charge at a non-compliant POS terminal, you’ll have to eat the cost of the sale, the cost of goods sold, and any chargeback fees associated with the transaction as well.

If you haven’t been burned by this yet, you’re extremely fortunate. I know plenty of merchants that lost thousands because of non-compliance.

Here’s a visual representation to explain which party is liable for certain fraudulent transactions.

Since magstripe-only credit cards have essentially become extinct, the top two examples don’t really apply anymore. But I still like this table because it explains how the liability shift started back in 2015 before consumers all received new chip cards.

Here’s a hypothetical scenario. Let’s say you haven’t made the switch to EMV compliance yet, and a customer comes into your brick-and-mortar location.

The customer has an EMV chip card, but you’re forced to swipe it since your technology doesn’t support a chip reader. If the customer disputes that charge for whatever reason, they’re going to win it. The merchant is 100% liable, and the credit card issuer will side with the customer.

But if you accepted a fraudulent chip card that was dipped in an EMV-compliant terminal, the card issuer is liable for the fraud.

Credit card issuers tend to side with consumers during disputes under normal circumstances. But if you don’t accept EMV cards, you’ll never have a fighting chance in these disputes. You’re really exposing businesses to fraudulent payment chargebacks, consumer fraud, fraudulent purchases, and other forms of consumer fraud for point-of-sale transactions.

3 Steps to EMV Compliance 

Every merchant that accepts credit or debit cards has heard of EMV compliance. Whether or not you’ve implemented this technology for payment processing is another story.

If you’re not EMV compliant right now, you’re already late to the party. You need to make the switch immediately.

Fortunately, EMV compliance has never been easier. These are the steps you need to take:

Contact your payment processor and POS provider (assuming they are different companies). Make sure all of your credit card terminals can accept EMV chip cards and pin credit cards. Upgrade your POS system and software to meet EMV compliance standards. Note: Shopping around for a new POS provider? Check out our guide on how to choose a POS system for your small business.

If you’re using a mobile card reader, you also need to get one that accepts chip cards.

How Much Does EMV Compliance Cost? The costs associated with EMV compliance are marginal. You’ll only have to pay for the new terminals and initial software updates. In most cases, the POS software might even be free.

Not getting EMV hardware because you want to save a few hundred dollars could end up costing you thousands down the road. So the price is no excuse to avoid compliance.

All of your credit card processing fees for card-present transactions on an EMV chip terminal will stay the same, whether the card is dipped or swiped.

EMV Compliance vs. PCI Compliance

 I want to quickly take a moment to clear up discrepancies between EMV compliance and PCI compliance, as these are two of the most important terms in the credit card industry. If you accept credit cards, you need to be familiar with both.

PCI Compliance is actually short for PCI DSS, which is an acronym for Payment Card Industry Data Security Standards.

In short, PCI Compliance is a set of security standards for payment processing. Every credit card company and the bank expects businesses to apply PCI standards when processing card transactions. This holds true for pin cards, signature cards, EMV-enabled cards, in-person transactions, online transactions, and more.

Most merchant service providers will offer PCI compliance with your processing service. But as a business owner, it’s still your responsibility to ensure these standards are being upheld.

EMV compliance and PCI compliance work hand-in-hand. Both protect against fraud, protect your business, and protect your customers. So you need to implement both. Businesses worry less about fraud when PCI compliance and EMV compliance are both being met.

Final Thoughts on EMV Compliance EMV compliance has become a must in credit card processing.

Merchants who fail to comply won’t be able to fight against chargebacks and are 100% liable for fraudulent transactions. Upgrading to EMV chip readers is one of the best ways to fight credit card counterfeit fraud.

Costs and liability aside, using outdated technology is a poor reflection of your business. With so many companies making the switch to EMV terminals, customers expect to dip their cards during transactions.

You won’t pay extra credit card processing fees for EMV chip transactions. But what if I told you those fees could be reduced without having to switch payment processors? Set up a consultation with us here at Verifee, and we’ll help you save money on credit card processing.

 

Ready To
Start Saving?