What Is EMV?
EMV stands for Europay, Mastercard, and Visa. It is a standard in the credit card industry for integrated circuit cards, point-of-sale (POS) terminals, and automated teller machines (ATMs). EMV started as a jointly developed global standard that allows interoperability between the cards with computer chips and terminals used by the largest financial services companies. The standard is now managed by a group of financial companies and is known as EMVCo.
POS terminals that meet EMV standards typically require the cardholder to use a personal identification or PIN number rather than only providing a signature, which adds an additional layer of security. EMV cards also contain an integrated circuit chip, which encodes every transaction differently. If a criminal intercepts data from a chip card's transaction, the data cannot be reused to make another purchase.
- Europay, Mastercard, Visa (EMV) is a standard for credit cards with computer chips and the technology used to authenticate card transactions.
- It applies to cards that are swiped and also cards used in card-not-present transactions.
- EMV was developed in the 1990s in Europe because card authorization was prohibitively expensive for European card issuers.
- Today, the standard is called EMVCo and includes a consortium of financial companies.
- While EMV has reduced fraud related to some credit card activity, it is limited in protecting card-not-present transactions.
The EMV standard covers the physical aspects of cards and terminals, as well as technical capabilities and data management. It applies to cards that require swiping (called contact cards) and to cards that do not (contactless cards), as well as to new standards being developed for ecommerce and online transactions.
Historically, credit and debit cards only used a magnetic strip to manage cardholder data. The cardholder would then sign a receipt at purchase. This system did not provide a high level of security, as a signature can be forged, and the magnetic strip has proved relatively easy to hack—revealing the cardholder's private information to criminals.
The EMV standard was first implemented in Europe in the 1990s due to phone line card authorization being prohibitively expensive for European card issuers. International call rates caused the cost to authenticate cards to be up to 80% to 90% higher in Europe than in the U.S.
U.S. card issuers did not migrate to the EMV standard until much later, with issuers setting an initial Oct. 2015 deadline for merchants to shift to the new technology. The prevalence of high profile data breaches and rising identity theft ultimately motivated U.S. issuers to make the shift to EMV. Some of the chips and credit card companies in EMVCo today are:
- VIS: Visa
- Mastercard chip: Mastercard
- D-PAS: Discover/Diners Club
- AEIPS: American Express
- UICS: China Union Pay
- J Smart: JCB
- Rupay: NPCI
Limitations of EMV
When initially introduced, EMV-equipped chip cards created confusion and delays for consumers and merchants due to longer transaction times compared to swipe cards and the need to enter a PIN instead of a signature.
While EMV reduces the chance of fraud and nullifies counterfeit cards for card-present transactions at point of sale terminals, it is limited in protecting card-not-present transactions. The accelerating growth of ecommerce and online purchases makes this a significant vulnerability that security experts expect will be the focus of credit card fraud going forward.
Additionally, EMV technology is only as good as the merchant payment processing systems it is used on. Merchants that lack encryption or have weak encryption on their POS terminals are leaving payment data vulnerable.