On October 1, 2015, a liability shift is occurring as it relates to who is responsible for paying for chargebacks for counterfeit cards that are used at a retail store. Between the bank that issued the credit card, the retail store and the payment processor, whoever is least prepared to accept EMV-enabled payment cards will now be responsible to pay for the chargebacks.
In this blog post series, we'll help make you aware of common EMV myths and help you stay in control of when and how you want to implement EMV in your store.
Myth #8: EMV provides P2PE capabilities.
EMV and Point-to-Point Encryption (P2P) are two separate technologies that address different security concerns and require independent implementations. EMV focuses on securing credit card counterfeit fraud while P2P focuses on securing track and account information in store systems. EMV transactions without P2P will expose track equivalent data and account information in the clear to payment applications.
As a merchant you must decide if you want to implement P2P capabilities in addition to EMV and confirm that both your host and pin-pad provider support a common encryption scheme required for implementation.
Myth #9: Debit cards cannot be processed unless US Common AID (US Debit) is implemented.
To comply with Durbin’s routing requirements, debit cards for the US market will include two or more AIDs. The cards will include Global AIDs that will enable cards to be processed with the card brand (e.g. Visa, MC, Amex, Discover) and US Common AIDs that will enable cards to be routed to the merchant’s debit network or choice. Until support for the US Common AID is implemented, POS systems may process these cards using the Global AID that is specific to a single processor. This will still allow cards to be processed, but will not enable cards to be routed to the merchant’s processor of choice.
Further, in most cases the Global AID will result in the cards being processed as Credit transactions, which will restrict the ability to offer cash back or fuel using debit specific pricing.
Myth #10: EMV is a requirement for complying with PCI Data Security Standards.
Even if you don’t implement EMV-enabled payment devices by October 1, your business will still run the You don’t need to implement EMV in order to be compliant with PCI Data Security Standards. While EMV
can be one component of your data security strategy, it is not required nor mandated by PCI Data Security Standards, nor will implementing EMV make you PCI compliant.
As with most things that concern payment security, EMV sparks many questions and can be confusing at times. Ensuring you know the difference between fact and myth can help you navigate through this new milestone in payment processing.