Although the requirement was set for store owners to be EMV compliant years ago, (with an initial deadline of October 2015), Visa's generous extensions meant the legal requirement only came into play during April 2021.
If you're a new or existing merchant without EMV compliance, we're here to help. Read our guide to begin taking the appropriate initial steps towards compliance to ensure your business doesn't get fined and you don't miss out on EMV card customer sales.
What is EMV compliance?
Have you ever wondered what the little chip on the front side of your credit card is, which replaced the silver magnetic strip on the back? Laymen refer to it as just that—a chip. As a retail business manager, petrol store owner, or hospitality manager with a POS system, you're about to start seeing a lot more of these.
This microprocessor chip is more formally known as EMV, which stands for: Europay, Mastercard, Visa. Between them, these three the companies created the regulations for credit card administration.
EMV compliance is the global payment technology standard that was established by EMVco. EMV compliance was designed to prevent fraud by allowing less room for theft by surrounding parties since the card no longer needs to leave the holder’s hand upon purchasing, and by providing a unique code for each transaction.
What is the relationship between EMV and PCI Compliance?
So then, how does EMV compliance associate with Payment Card Industry Data Security Standard (PCI DSS) compliance?
The difference between EMV and PCI DSS
Well, while EMV is incorporated to prevent fraud, PCI DSS is the set of security guidelines to implement alongside the technology. EMV provides protection in the event of theft. It has no effect on e-commerce, or online purchases.
Why the two work well together
PCI compliance is necessary regardless of whether or EMV is implemented in your business. For business protection against fraud and the most secure customer payments, it's best to implement both.
To ensure your organization is PCI compliant, take a business assessment to determine any weaknesses. For a list of frequently asked questions and guidance, visit PCI Compliance Guide.
Which steps should I take to take my business EMV compliant?
In order to be considered EMV-compliant, a merchant must update their credit card processing hardware and POS systems to support chip technology and meet EMV standards.
There are important steps to take in order to maintain compliance and effectively incorporate the new EMV technology. The PCI Security Standards Council breaks down in detail how to properly transition.
Below are a few key steps from PCI Security Standards to consider:
- Talk to your POS vendor to understand how they can support you
- Consider any future Point-to-Point Encryption (P2PE) and tokenization plans and what additional layers of security you may want, to make the best investment.
- Replace any version that has expired – choose a 3.1 version device or higher from the PCI approved PIN Transaction Security (PTS) Devices listing.
Is EMV compliance required by law?
While EMV compliance is not technically required by law, it is an industry standard. EMV compliance works to protect your business, just as much as customer payments.
The long and short of it
As a merchant you cannot be fined or arrested by the state or federal government if you fail to comply with EMV. At least, not yet. As Merchant Consulting advise, "The law is more of an industry-specific mandate issued by the credit card processing companies."
EMV fraud remains a major industry problem. Fraud can lead to a breach in the merchant’s security resulting in significant chargebacks. These are a reversal of funds transferred between the merchant and consumer. Chargebacks can have a significant negative impact on your organization and tarnish your reputation with customers.
How much does it cost to be EMV compliant?
You might have heard grumbles from fellow business owners about the cost for the new software.
In fact, Square POS reports that a survey by iPad POS system review site Software Advice found, "SMB retailers that haven’t adopted EMV were asked why they had yet to transition. Thirty-three percent said that switching everything out was too expensive for their business."
For small businesses, getting set up with EMV terminals can indeed be expensive. On average, it costs between $500 and $1,000.
Merchants must purchase an EMV-ready chip & PIN credit card reader (ranging from $100-$1,000+), and then spend the time training their employees on how to accept payments on the new technology.
This cost varies depending on the size of the organization and number of employees in need of training. The total cost can be several thousands of dollars.
Although EMV conversion can be costly, it is nothing compared to what businesses could be faced with in fraudulent charges. It also makes for easier and less costly PCI audits and will provide your customers with confidence as you evolve with added security.
Although the newer microprocessor chip may seem like an inconvenience at first, it is a necessary change for merchants to avoid unnecessary theft, improve services for their clients, and build trust.
New EMV compliant technology, designed to limit consumer fraud as well as bank issuers’ liability for fraudulent payment chargebacks, is here to stay. To ensure your business doesn't get left behind, it's best to make your business compliant.
According to Fundera, when all businesses were combined that upgraded to using EMV chip readers between December 2015 and September 2017, there was an overall 70% decrease in credit card counterfeit fraud for merchants .
So, in the end, EMV compliance will be the safest bet for your business both financially and practically. There are a plenty of POS systems to support chip technology and meet EMV standards. If you're not sure where to start, we've written a helpful guide on how to choose the best POS system for your business.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
With over 13-years-of-experience in the marketing, public relations and non-profit fields, Erin is a driven copy and content writer, digital designer, strategic planner and public speaker. Throughout the course of her career, Erin has managed multiple teams, bringing sales and marketing success to non-profits and for-profit organizations. She brings empathetic, devoted leadership to the team, drives growth through tactical thinking and a consummate work ethic.
Forget about Nvidia, here's another tech firm that's absolutely loving the AI fest — Supermicro builds AI servers and saw its value rise by 8x in 12 months
IBM has an AI SSD that can detect and eradicate ransomware in 60 seconds — but you'd kid yourself if you think you can buy it and plug it in your PC