What is EMV
EMV is a standard relating to integrated circuit cards, point-of-sale (POS) terminals and automated teller machines, set by Europay, MasterCard and Visa (EMV). EMV is a jointly developed global standard that allows interoperability between the cards with computer chips and terminals used by the largest financial services companies.
BREAKING DOWN EMV
POS terminals that meet EMV standards typically require the card holder to use a personal identification or PIN number rather than only providing a signature, which adds an additional layer of security. EMV cards also contain an integrated circuit chip, which encodes every transaction differently. If a criminal intercepts data from a chip card's transaction, the data cannot be reused to make another purchase.
The EMV standard covers the physical aspects of cards and terminals, as well as technical capabilities and data management. It applies to cards that require swiping (called contact cards) and to cards that do not (contactless cards), as well as to new standards being developed for e-commerce and online transactions.
Historically, credit and debit cards only used a magnetic strip to manage cardholder data. The cardholder would then sign a receipt at purchase. This system did not provide a high level of security, as a signature can be forged, and the magnetic strip has proved relatively easy to hack – revealing the cardholder's private information to criminals.
The EMV standard was first implemented in Europe in the 1990s due to phone line card authorization being prohibitively expensive for European card issuers. International call rates caused the cost to authenticate cards to be up to 80 to 90 percent higher in Europe than the U.S.
U.S. card issuers did not migrate to the EMV standard until much later, with issuers setting an initial October 2015 deadline for merchants to shift to the new technology. The prevalence of high profile data breaches and rising identity theft ultimately motivated U.S. issuers to make the shift to EMV.
Limitations of EMV
When initially introduced, EMV-equipped chip cards created confusion and delays for consumers and merchants due to longer transaction times compared to swipe cards and the need to enter a PIN instead of a signature.
While EMV reduces the chance of fraud and nullifies counterfeit cards for card-present transactions at point of sale terminals, it is limited in protecting card-not-present transactions. The accelerating growth of e-commerce and online purchases makes this a significant vulnerability that security experts expect will be the focus of credit card fraud going forward.
EMV technology is only as good as the merchant payment processing systems it is used on. Merchants that lack encryption or have weak encryption on their POS terminals are leaving payment data vulnerable.