Blog & Company News

Apr 27, 2015

Liability Shift: The Security Behind the EMV Transition

emv_keyConsumer Data Breach: it’s the phrase that neither a consumer, nor a merchant, wants to hear. Unfortunately, the reports of large scale data breach have increased dramatically over the past few years. Global companies like Target, Sony, and Home Depot have all experienced compromised data. In addition, companies you’d expect would be well protected, like JP Morgan Chase, have had their secure networks exposed, and client data flushed onto the hard drives of nefarious black market peddlers. Credit card fraud has become far too common, putting both consumers and business at risk. According to the U.S. Federal Trade Commission, 37 percent of fraudulent transactions in 2014 originated from counterfeit credit cards, and 23 percent from cards that were either lost or stolen (but not yet cancelled). As debit and credit cards make up the majority of consumer payments, new technology is needed in order to protect the consumer. EMV is here to help. EMV stands for Europay, MasterCard, Visa. EMV adds new advancements in technology, within newly issued debit and credit cards, with the inclusion of a microchip instead of the easily counterfeited magnetic stripe of cards past. This provides stronger security for a reduction in fraudulent transactions. For an example, think of a magnetic stripe credit card as a bank vault. As secure as a bank vault is when it is closed, it is vulnerable when it is open, and thus any decent hacker can simply bide their time until the opportunity presents itself, and before anyone realizes what has happened, credit card data is exposed. Comparatively, the EMV card’s microchip has been described as an M.C. Escher drawing of Fort Knox. Unlike the traditional magnetic stripe card, it is virtually impossible to create a counterfeit EMV Card that can successfully run a transaction. This is great news for both consumers and businesses! The Tech Behind EMV There are three primary components to EMV Security: Card Authentication, Cardholder Verification, and Transaction Authorization. The EMV microchip is encoded with cryptographic algorithms that confirm the validity of a card upon processing. EMV transactions also eliminate cyber trails by creating one-time use transaction data, so any data that is compromised cannot be used to run new transactions. Verification of the cardholder prevents fraudulent activity from lost or stolen credit cards. What’s more is the cardholder is verified to be the true cardholder by PIN and signature safeguards. It uses issuer-specific keys for personalization of the cards, so it learns the transaction patterns of the consumer. How Does This Help Small Business Owners? The technology deployed in newly issued EMV cards provides greater protection for both the business and its customers. However, merchants must also understand this advancement has created a liability shift. Instead of the banks, it will be the merchants who are held accountable for any fraud that occurs from processing magnetic stripe cards. By October 1, 2015, merchants’ equipment will need to be updated in order to accept payments from EMV cards. If the equipment isn’t updated, the business could lose out on business and/or be held liable for any fraudulent activity. Newtek Merchant Solutions is here to help. Newtek Merchant Solutions offers several new terminal options that are EMV-capable, as well as incorporating advanced features like built-in NFC (Apple Pay, Google Wallet, Samsung Pay). These new terminals are from industry leaders like First Data, Verifone, and Dejavoo. They are offered at an affordable purchase price, or can be packaged with NewtekOne’s Merchant Club offering. To learn more about EMV-capable terminals, and how you can protect your business as well as your customers, contact our Sales Team at 1-800-277-6990.