Professional Documents
Culture Documents
What is EMV?
EMV is an open-standard set of specifications that ensures functionality between smart chip cards and payment terminals. EMV
originated as a joint effort among Europay, MasterCard® and Visa® to improve payment safety through better card security and
improved standards. Today, EMVco is owned by Visa, UnionPay, MasterCard, JCB, Discover and American Express. Payments industry
organizations participate with EMVco as technical and business associates. Worldpay is a business associate in EMVco. Find more
information at www.emvco.com
How are chip cards different from existing magnetic stripe card technology?
The EMV “chip” is a secure microprocessor built into a card or other payment devices (e.g. mobile wallet on smart phone). The chip
generates a unique number for each sales transaction, making it extremely difficult to use a cloned card fraudulently on a card-present
transaction. Magnetic stripe cards use static cardholder data that remains the same for every transaction, which makes them attractive
targets for theft, cloning and use in card fraud.
In addition to strong security features, chip technology includes other capabilities—like Near Field Communications (NFC)
technology—which lets merchants accommodate both contact and contactless payments.
Why are EMV chip cards being promoted as a payment standard in the US?
EMV chip cards are already well-established outside the US, particularly in Europe. Crime migrates to the easiest targets, which right
now includes the US. Upgrading to the EMV standard is anticipated to greatly reduce card fraud here in the US.
Chip and PIN payment devices are deemed most secure for card-present transactions. Ask Worldpay if you need help making decisions
about EMV POS device purchases.
What does the financial liability shift mean and how will that affect my business?
Merchants who don’t use EMV capable—and enabled—POS equipment after October 1, 20151 will be responsible for card-present fraud
losses in the following instances:
• Counterfeit EMV card: Visa, MasterCard, Discover and American Express move liability to the merchant
• Lost or stolen card: American Express, Discover and MasterCard move liability to the merchant; Visa keeps liability with the issuer
Please note a chip and PIN terminal provides the most secure transaction environment available today.
© Worldpay 2014. All rights reserved. Worldpay, the logo and any associated brand names are trademarks of the
Worldpay group of companies. Worldpay US, Inc. is a registered ISO/MSP of Citizens Bank, N.A.
10/14
EMV Frequently Asked Questions
Card Authentication: Is the card real? Unique data for each transaction travels between card, the POS device and issuer to ensure
authenticity. EMV transactions also create unique transaction data, making captured transaction data incapable of being used to
execute additional, new transactions.
Cardholder Verification Method (CVM): This step validates the cardholder as the legitimate owner of the card, using
verification parameters set up by the issuer. The issuer of the card determines which of the following four methods will be required for a
particular transaction: online PIN, offline PIN, signature or no CVM required. EMV supports each of these four verification methods.
Transaction Authorization: Like today’s magnetic stripe transactions, transaction information is sent to the issuer for approval.
What’s different is a transaction-specific cryptogram (code) is also sent to the issuer who then either approves or declines the
transaction and sends a unique response cryptogram back to the POS device for the card to interpret and validate the transaction.
The dynamic exchange of information needed to execute each transaction provides the extra security missing from the static, old
technology used in magnetic stripe transactions.
When can US businesses expect customers to begin presenting EMV chip cards
for payment?
Now. The Smart Card Alliance/EMV Migration Forum in May 2014 estimated chip cards in the US total between 17 and 20 million. It’s
important for businesses to develop EMV POS equipment adoption plans now.
Should merchants upgrade or buy new POS hardware and PIN pad devices?
Review existing POS equipment or systems to learn if upgrades are possible or whether new EMV-compatible POS hardware must be
purchased.
Standalone POS. The only job of stand-alone POS is to authorize and clear payment card transactions and it is the easiest EMV
solution to implement.
• Is your POS device EMV compatible? (Does it have a slot for EMV cards? EMV-compatible terminals have a slot, typically located
at the bottom of the terminal, into which the EMV chip card is inserted and read; this slot is different from the side swipe used
with magnetic stripe cards.)
• If POS EMV compatible, will you need to schedule a service call to have EMV software installed or will a remote software download
be available? (Ask your payment processor—which is Worldpay if we do your payment processing)
• Worldpay’s standalone EMV solutions: POS VX 520 terminal and VX 680 wireless terminal. A remote EMV software download will
be scheduled before the October 1, 2015, liability shift.
© Worldpay 2014. All rights reserved. Worldpay, the logo and any associated brand names are trademarks of the
Worldpay group of companies. Worldpay US, Inc. is a registered ISO/MSP of Citizens Bank, N.A.
10/14
EMV Frequently Asked Questions
Should merchants upgrade or buy new POS hardware and PIN pad devices? (Cont.)
Integrated POS systems. Merchants using an integrated POS system should contact the independent software vendor (ISV) that
supports the merchants’ business applications and POS system.
• Learn if the ISV has contacted the merchant’s payment processor (like Worldpay) to do EMV testing and certification
• The processor will inform ISVs or POS vendors what testing tools they will need to obtain before testing can occur
• Worldpay is currently working with its POS vendors and ISVs on testing and certifications for every currently certified POS method
• We anticipate Worldpay’s major certifications will be completed by the end of 2015. Worldpay will continue to work with all our
supported ISVs to add EMV functionality as quickly as possible. In some instances, EMV support may not be available until after
the October 1, 2015, deadline. Worldpay customers may contact a Worldpay representative to determine the exact roadmap of the
POS system used at their location.
• Signature
• Online PIN
• Offline PIN
• No CVM
Determine if the new POS device that you’re considering will have contactless payment capabilities. Many POS devices bundle EMV-
capable and contactless (NFC) payment features. This may allow you not only more secure transactions but also more ways to accept
payments in the manner your customers want to pay.
We recommend that businesses upgrade their POS equipment to a version that is EMV “future ready.”
• For most merchants October 1, 2015, is the deadline for EMV acceptance capabilities
• For petroleum merchants using automated fuel dispensers (AFDs) October 1, 2017, is the deadline for EMV acceptance capabilities
Is PCI DSS compliance still necessary after EMV POS devices are implemented in my
business?
Yes. PCI DSS examine the payment environment and evaluate how your business accesses, transports or even stores cardholder data.
PCI DSS compliance will remain a requirement.
© Worldpay 2014. All rights reserved. Worldpay, the logo and any associated brand names are trademarks of the
Worldpay group of companies. Worldpay US, Inc. is a registered ISO/MSP of Citizens Bank, N.A.
10/14
EMV Frequently Asked Questions
Is end-to-end encryption (E2EE) still relevant with the introduction of EMV chip
cards?
Yes. The chip in an EMV card protects individual transactions by adding a secret number only the card issuer knows, which verifies
that the transaction is legitimate through an EMV-compatible POS device. However, EMV is not designed to encrypt the sensitive card
information (Account Number, Exp. Date, etc.). Therefore, it is still possible for thieves to duplicate card data and create counterfeit
cards that can be swiped for use at businesses that haven’t upgraded to EMV-compatible or EMV-enable POS devices or could be
used with online retailers. Encryption removes this cardholder data for your POS device, which simplifies the scope of your PCI DSS
obligations.
Merchants who participate in Worldpay’s E2EE program receive an indemnity waiver of up to $100,000 in total—which includes up
to $30,000 in approved compromise associated costs, such as forensic audits and fines, as part of Worldpay’s PCI Program , plus an
additional $70,000 if you experience a compromise as a result of the failure of Worldpay’s E2EE equipment to encrypt when used
properly. Note, not all card transaction types are available for the E2EE service, and additional terms and conditions apply so contact
your Worldpay representative if you are interested in learning more.
EMV capabilities along with E2EE are a great combination for highly secure payment acceptance.
What role will EMV have in payments for the online, card-not-present environment?
(Internet purchases)
Currently, the EMV standard exists solely for the card-present, face-to-face environment. Worldpay will work closely with the card
associations to monitor any new requirements for card-not-present transactions.
If you have additional questions, contact a Worldpay representative. We’re happy to help.
1
For petroleum merchants using automated fuel dispensers (AFDs), October 1, 2017, is the deadline for EMV acceptance capabilities. ATMs have different
deadlines from the card networks, the earliest of which is MasterCard’s liability shift deadline in October 2016.
This content is not intended to provide a complete explanation of applicable laws, rules, or regulations. It should not be considered legal or compliance
advice. Individual situations will differ, and any questions or concerns should be discussed with your own lawyers and advisors.
© Worldpay 2014. All rights reserved. Worldpay, the logo and any associated brand names are trademarks of the
Worldpay group of companies. Worldpay US, Inc. is a registered ISO/MSP of Citizens Bank, N.A.
10/14