What Is EMV?
EMV® Chip started as a jointly developed global standard that allows interoperability between the cards with computer chips and terminals used by the largest financial services companies. Today, EMV is a technology toolbox that enables globally interoperable secure payment across face-to-face and remote environments. The standard is now managed by EMVCo, a global technical body that facilitates worldwide interoperability and acceptance of secure payment transactions by managing and evolving the EMV Specifications and related testing processes.
POS terminals that meet EMV standards typically require the cardholder to use a personal identification (PIN) rather than providing a signature, which adds an additional layer of security. EMV cards also contain an integrated circuit chip, which encodes every transaction differently. If a criminal intercepts data from a chip card's transaction, the data cannot be reused to make another purchase.
- EMV is a technology toolbox that enables globally interoperable secure payment across face-to-face and remote environments.
- EMV Chip Specifications describe the requirements for global interoperability between chip-based payment applications and acceptance terminals to enable secure contact, contactless and mobile transactions, and other emerging payment technologies (such as QR Code-based payments).
- The EMV Chip Specifications cover the physical aspects of cards and terminals, as well as technical capabilities and data management, and applies to both contact and contactless transactions.
- EMV was developed in the 1990s in Europe because card authorization was prohibitively expensive for European card issuers.
- Today, the EMV Specifications are managed and evolved by EMVCo. EMVCo also has an Associates Program, where industry stakeholders have the opportunity to provide input and receive feedback on detailed technical and operational issues connected to the EMV Specifications and related processes.
- While EMV Chip has reduced fraud related to some credit card activity, it is limited in protecting card-not-present transactions.
- However, the EMV® Specifications have now evolved beyond EMV chip. EMV Specifications for card-not-present payments include EMV 3-D Secure (EMV 3DS), EMV Secure Remote Commerce (EMV SRC) and EMV Payment Tokenisation. The EMV® Specifications cover a wide range of technologies that support card-based payments, including Contact, Contactless, Mobile, Payment Tokenisation, QR Code, Secure Remote Commerce, and 3-D Secure.
Historically, credit and debit cards only used a magnetic strip to manage cardholder data. The cardholder would then sign a receipt at purchase. This system did not provide a high level of security, as a signature can be forged, and the magnetic strip has proved relatively easy to hack—revealing the cardholder's private information to criminals.
Throughout the 1990s, companies in countries across the globe began to enhance payment card security by deploying microprocessor chip technology that was designed to meet domestic payment requirements and specifications. These domestic designs were not interoperable across geographic borders, however, and posed challenges to both business and consumers. As a result, although chip technology could be used to protect against fraud in domestic transactions, magnetic stripe technology was the only acceptance method when cardholders travelled outside their home countries.
EMVCo’s formation in 1999 as a global technical body enabled the development and management of specifications to address this challenge by facilitating global interoperability and enhancing payment security. EMV Chip Specifications were therefore designed to reduce fraud at retail store locations, as the payment information stored on an embedded microchip is very difficult to counterfeit. Chip cards offer transaction security that traditional magnetic stripe cards could not provide.
U.S. card issuers did not migrate to EMV Specifications until much later, with issuers setting an initial Oct. 2015 deadline for merchants to shift to the new technology. The prevalence of high-profile data breaches and rising identity theft ultimately motivated U.S. issuers to make the shift to EMV. EMVCo currently has six members:
- American Express
- China Union Pay
Limitations of EMV
When initially introduced, EMV-equipped chip cards created some confusion and delays for consumers and merchants due to longer transaction times compared to swipe cards and the need to enter a PIN, in some marketplaces, instead of a signature. However, consumers and merchants soon adapted to chip cards and since their introduction card usage has significantly increased across the world. There are now nearly ten billion EMV Chip payment cards worldwide and 80.1% of all card-present transactions conducted globally used EMV Chip technology.
While the EMV Chip Specifications reduce the chance of fraud and nullifies counterfeit cards for card-present transactions at point of sale terminals, they are limited in protecting card-not-present transactions. The accelerating growth of ecommerce and online purchases makes this a significant vulnerability that security experts expect will be the focus of credit card fraud going forward. To meet this growing challenge, the EMV® Specifications have now evolved beyond EMV chip. EMV Specifications for card-not-present payments include EMV 3-D Secure (EMV 3DS), EMV Secure Remote Commerce (EMV SRC) and EMV Payment Tokenisation.
Additionally, EMV technology is only as good as the merchant payment processing systems it is used on. Merchants that lack encryption or have weak encryption on their POS terminals are leaving payment data vulnerable.
EMV® is a registered trademark in the U.S. and other countries and an unregistered trademark elsewhere. The EMV trademark is owned by EMVCo, LLC.