What Is EMV?
EMV® Chip started as a jointly developed global standard that allows interoperability between the cards with computer chips and terminals used by the largest financial services companies. Today, EMV is a technology toolbox that enables globally interoperable secure payment across face-to-face and remote environments.
The standard is now managed by EMVCo, a global technical body that facilitates worldwide interoperability and acceptance of secure payment transactions by managing and evolving the EMV Specifications and related testing processes.
- EMV is a technology toolbox that enables globally interoperable secure payment across face-to-face and remote environments.
- EMV Chip Specifications describe the requirements for global interoperability between chip-based payment applications and acceptance terminals to enable secure contact, contactless and mobile transactions, and other emerging payment technologies (such as QR Code-based payments).
- EMV was developed in the 1990s in Europe because card authorization was prohibitively expensive for European card issuers.
- While EMV Chip has reduced fraud related to some credit card activity, it is limited in protecting card-not-present transactions.
POS terminals that meet EMV standards typically require the cardholder to use a personal identification number (PIN) rather than providing a signature, which adds an additional layer of security. EMV cards also contain an integrated circuit chip, which encodes every transaction differently. If a criminal intercepts data from a chip card's transaction, the data cannot be reused to make another purchase.
Historically, credit and debit cards only used a magnetic strip to manage cardholder data. The cardholder would then sign a receipt at purchase. This system did not provide a high level of security, as a signature can be forged, and the magnetic strip has proved relatively easy to hack—revealing the cardholder's private information to criminals.
In the 1990s, companies began developing chip-based solutions to address the problem of credit card and payment fraud among cardholders. The wide variety of technologies used, however, created problems of interoperability that were challenging for both consumers and businesses. The result was that less-effective magnetic strip technology remained widespread despite the availability of more secure chips.
EMVCo’s formation in 1999 provided a set of uniform standards and specifications for the use of chips in cards and payments, finally allowing this more secure measure to take hold. Designed to reduce fraud in retail settings, the EMV chip and its new set of standards made it nearly impossible to counterfeit a card or fake a transaction.
U.S. card issuers did not migrate to EMV Specifications until much later, with issuers setting an initial Oct. 2015 deadline for merchants to shift to the new technology. The prevalence of high-profile data breaches and rising identity theft ultimately motivated U.S. issuers to make the shift to EMV. EMVCo currently has six members:
- American Express
- China Union Pay
Limitations of EMV
When initially introduced, EMV-equipped chip cards created some confusion and delays for consumers and merchants due to longer transaction times compared to swipe cards and the need to enter a PIN, in some marketplaces, instead of a signature. However, consumers and merchants soon adapted to chip cards, and since their introduction card usage has significantly increased across the world. There are now nearly ten billion EMV Chip payment cards worldwide and 83.1% of all card-present transactions conducted globally used EMV Chip technology.
While the EMV Chip Specifications reduce the chance of fraud and nullify counterfeit cards for card-present transactions at point of sale terminals, they are limited in protecting card-not-present transactions. The accelerating growth of e-commerce and online purchases makes this a significant vulnerability that security experts expect will be the focus of credit card fraud going forward.
To meet this growing challenge, the EMV® Specifications have now evolved beyond EMV chip. EMV Specifications for card-not-present payments include EMV 3-D Secure (EMV 3DS), EMV Secure Remote Commerce (EMV SRC) , and EMV Payment Tokenisation.
Additionally, EMV technology is only as good as the merchant payment processing systems it is used on. Merchants that lack encryption or have weak encryption on their POS terminals are leaving payment data vulnerable.
EMV® is a registered trademark in the U.S. and other countries and an unregistered trademark elsewhere. The EMV trademark is owned by EMVCo, LLC.