What You Need to Know About EMV

What is a Smart Card?

A smart card resembles a credit card in size and shape, except that the inside of a smart card contains an embedded microprocessor. The microprocessor is under a gold contact pad on one side of the card. This microprocessor replaces the usual magnetic stripe on a credit card or debit card.

A ‘smart card’ has many different names. The following terms all mean about the same thing:

Smart card	Chip-and-choice card
Chip card	(PIN or signature)
Smart-chip card	EMV smart card
Chip-enabled smart card	EMV card

Smart cards can help your processors reduce risk and losses from fraud in several ways:

Chip can be updated post issuance
Card can be programmed with spending and usage limits

How Are EMV Transactions Processed

Chip & Pin

The smart card is inserted into a slot on the payment terminal, which keeps the card until a customer enters a PIN number using the terminal’s pin pad. This is the most secure method, as the PIN number should be a secret code known only by the user. Chip and PIN helps the processor validate the cardholder.

Proves cardholder is legitimate
PIN eliminates fraud from lost or stolen cards

Chip & Signature

Instead of providing a PIN to complete a purchase, this process just requires a signature. Signature can be obtained via an electronic signature capture pad on the terminal, or via a signature on the paper receipt. The chip and signature helps prove that the card is authentic.

Proves to issuer that this card is valid
Avoids counterfeit cards
Very difficult to copy

Magnetic Stripe

Many EMV devices also include a traditional magnetic stripe reader that provides the ability to read and process magstripe cards in addition to those utilizing a smart chip. Signatures can be obtained via a signature capture device, or via paper receipt.

Chip Only

If a transaction is under specific floor limit, neither PIN nor signature may be required. This simplifies the transaction process.

Contactless

NFC-enabled card users can tap the card in front of an NFC-enabled POS device and then provide either a PIN or signature.

How Else Can You Secure Your POS System?

EMV is only one of several actions merchants can take to reduce exposure to payment fraud and security breaches. MicroBiz, along with its payment partners, will offer the following components as part of the EMV update to eliminate existing vulnerabilities within the payments chain. When using integrated payments with your MicroBiz POS system, these components can protect credit card data while at rest and in transit.

EMV. This involves use of EMV-compatible payment terminals to authenticate a card using a computer chip embedded in the card. This fraud-reduction technology protects card issuers, merchants and consumers from losses due to the use of counterfeit and stolen payment cards at the point-of-sale.

Point-to-Point (P2P Encryption. This technology encrypts card data at the point the card is swiped or read at the terminal. Encrypted data is then transmitted over the network to the card processor, where it is de-encrypted behind the processor’s firewall using a matching algorithm. As a result, merchants are unable to view card numbers after the swipe or hand-key – so have no exposure to security breaches and are kept outside of the scope of PCI. P2P encryption is designed to render cardholder data virtually unreadable while being transmitted.

Token Vault. In the event that you want to retain cardholder data in order to facilitate recurring payments, rather than retaining actual card data in your systems, this data is replaced by digital “tokens.” To process a transaction, a merchant submit a token to its payment processor, which then matches the token to the cardholder’s card data securely maintained behind the processor’s firewall. The processor uses the card data to process the transaction, and sends the merchant a confirmation which does not contain any sensitive card data. As a result, sensitive data is stored in the more secure data center of the processor instead of in the merchant’s environment.

PCI 3.0. Current versions of MicroBiz POS and its payment partner’s services are considered out-of-scope of PCI requirements, eliminating cumbersome PCI validation requirements.