{"id":1292,"date":"2021-03-28T10:19:25","date_gmt":"2021-03-28T10:19:25","guid":{"rendered":"https:\/\/www.pcidssguide.com\/?p=1292"},"modified":"2023-10-09T16:28:43","modified_gmt":"2023-10-09T16:28:43","slug":"what-you-need-to-know-about-emv-and-pci-compliance","status":"publish","type":"post","link":"https:\/\/pcidssguide.com\/what-you-need-to-know-about-emv-and-pci-compliance\/","title":{"rendered":"What You Need to Know About EMV and PCI Compliance"},"content":{"rendered":"\n\n\n\n\n
EMV is an acronym for credit card giants Europay, MasterCard, and Visa that dominate the industry and develop the global standard for chip-based security. EMV, an international standard for the secure processing of credit and debit cards based on microchip technology, is actively used in many countries worldwide after being introduced in Europe in the late 1990s.<\/p>\n\n\n\n
EMV is sponsored by banks, merchants, processors, vendors, and other industry stakeholders and is facilitated by EMVCo regulated by six member organizations (MasterCard, Visa, Discover, American Express, JCB, and UnionPay).<\/p>\n\n\n\n
See Also: What Are the Parts of a Debit or Credit Card and How Do They Work?<\/a><\/strong><\/p>\n\n\n\n EMV chip cards contain microcomputer technology that provides increased security features for card transactions and your information stored in the small metallic square on the front of the cards. EMV technology guarantees that you have the safest and most convenient shopping experience possible, and it is one of the most powerful tools for preventing credit card fraud.<\/p>\n\n\n\n See Also: How Google Pay, Apple Pay, and Samsung Pay Protect Your Card Details<\/a><\/strong><\/p>\n\n\n\n EMV cards store payment information on a secure chip instead of a magnetic stripe, and the personalization of EMV cards is done using keys specific to the donor. Unlike a magnetic stripe card, it is almost impossible to create a fake EMV card that can be used to execute an EMV payment transaction successfully.<\/p>\n\n\n\n Unlike magnetic stripe cards, EMV chip cards are designed to securely store sensitive data (such as PINs or keys). In this way, it has the processing power to manage risk and perform cryptographic calculations dynamically.<\/p>\n\n\n\n See Also: What You Need to Know About PCI Validated Point-to-Point Encryption (P2PE) Solutions<\/a><\/strong><\/p>\n\n\n\n The rationale behind EMV processing is not radically different from magnetic stripe processing. As with magnetic stripe transaction processing, the EMV transaction process includes multiple steps such as card authentication, risk assessment, fraud detection, and optionally PIN or signature verification, which must be performed before a transaction is authorized.<\/p>\n\n\n\n However, thanks to secure chip technology, EMV processing also brings new features to increase interoperability and security:<\/p>\n\n\n\n The EMV transaction verification process relies on the generation of dynamic data (digital signature) to verify a card or device’s identity. Online and offline signatures are created using both asymmetric and symmetric encryption keys and securely stored algorithms and operated on the card.<\/p>\n\n\n\n The EMV processing authorization process is as follows:<\/p>\n\n\n\n One of the critical features of EMV is authenticating the card to make sure it is not a clone or a counterfeit. In the EMV specification, two methods are defined as offline card authentication and online card authentication.<\/p>\n\n\n\n Offline card authentication uses EMV-defined asymmetric cryptography to allow merchants to replace the physical inspection of a card with electronic card authentication before requesting authorization from the card issuer.<\/p>\n\n\n\n Online card authentication is performed as part of the real-time authorization process, similar to magnetic stripe, allowing the card issuer to verify the card further and authorize the transaction.<\/p>\n\n\n\n The key difference is that the card uses symmetric key technology to generate unique application encryption. This encryption, called the authorization request code (ARQC), is sent to the publisher as part of the authorization request and approved.<\/p>\n\n\n\n These cryptographic processes enable the EMV to protect the card’s transactions from fraudulent fraud and review risk. It generates unique digital signatures and passwords by applying an algorithm to the data provided by the chip, card, and acceptance device, and transaction-specific data.<\/p>\n\n\n\n There are two basic categories of chip technology, contact and contactless. Contact technology requires a physical connection between the card’s chip and a card reader that allows data exchange with the credit card terminal. Contactless technology transfers data via Near Field Communication or NFC, requiring the cardholder to swipe or shake their mobile device or card close to the card reader.<\/p>\n\n\n\n See Also: What do the credit card numbers mean?<\/a><\/strong><\/p>\n\n\n\n There are also two types of EMV chip cards, chip and PIN and chip, and signature. They function the same way but differ in how they are verified at the point of sale. The customer inserts the EMV card into the card reader instead of swiping, as they are used to doing with the magnetic stripe card. The reader collects the account data embedded in the chip, and the transaction is processed.<\/p>\n\n\n\n After obtaining authorization from the processor, the chip and PIN card owners complete the process by entering a four-digit personal identification number (PIN) into a PIN pad. Chip and signature cardholders must sign to confirm the sale.<\/p>\n\n\n\n Understanding PCI compliance and EMV is critical for business owners, but the two standards are often misunderstood. This is partially due to the fact that both require different assessments and certifications, and certain solutions will help ensure that they are compatible.<\/p>\n\n\n\n PCI is a series of security standards aimed at preventing data breaches and card data theft. EMV is a security standard as well, but it focuses primarily on preventing counterfeit cards from being produced and used.<\/p>\n\n\n\n It may be surprising that EMV (Europay, MasterCard, and Visa) compliance is not related to Payment Card Industry Data Security Standard (PCI DSS) compliance. While EMV is a standard for fraud prevention technology (embedded chips) incorporated into payment cards and chip readers, PCI DSS is a set of security guidelines used between credit card vendors and service providers to process, transmit or store card data.<\/p>\n\n\n\n The establishment of EMV is for adding an additional layer of physical security with chips embedded in credit cards. EMV is more difficult to imitate than simple magnetic strip technology. EMV physically tries to protect stolen credit cards, making encryption card data useless to thieves. EMV technology only protects transactions that require a physical read of the card and does not affect e-commerce security.<\/p>\n\n\n\n EMV Compliance;<\/p>\n\n\n\n PCI Compliance;<\/p>\n\n\n\n Generally, PCI DSS tries to take the bigger picture by ensuring that card data is not stolen and reasonably secure when stored, transmitted, or processed.<\/p>\n\n\n\n PCI DSS has specific proprietary standards such as the PA-DSS and PTS standards that are useful for building essential security layers to reduce overall card fraud and risks. Risks such as malicious payment applications, compromised POS terminals, technical return process, card reviewing are met very effectively using Payment Application Data Security Standard (PA DSS) approved applications and PTS compatible devices.<\/p>\n\n\n\n Therefore, although the EMV and PCI DSS specifications are different, they complement each other very well to protect cardholder data and prevent it from being subject to effectively controlling fraudulent use by criminals.<\/p>\n\n\n\n In a nutshell, PCI compliance is required of all companies that accept credit cards. EMV, although highly recommended, is not required by law but by industry standards. All you need to know is that adhering to the rules and guidelines for avoiding data breaches and credit card fraud would benefit your business.<\/p>\n\n\n\n The EMV chip does not meet any PCI compliance requirements, nor does it reduce PCI coverage for the vendor. Regardless of whether EMV is used or not, PCI compliance is expected.<\/p>\n\n\n\n All merchants and service providers must comply with both EMV and PCI standards to fully protect customer information in card transactions. Even in combination, following these standards is not 100 percent effective against fraud.<\/p>\n\n\n\n But they provide better protection for the cardholder and seller than fighting alone. EMV and PCI work together to ensure those card transactions are safe and secure for merchants, customers, and card issuers.<\/p>\n\n\n\nHow do EMV chips work?<\/strong><\/h2>\n\n\n\n
\n
What are the EMV authentication methods?<\/strong><\/h2>\n\n\n\n
\n
What are the Types of EMV Technology?<\/strong><\/h2>\n\n\n\n
What are the Differences between EMV and PCI Compliance?<\/strong><\/h2>\n\n\n\n
\n
\n
Does EMV Use Affect PCI Compliance?<\/strong><\/h2>\n\n\n\n