EMV and P2PE: What are they?
Most of the world has transitioned from traditional magnetic stripe credit cards to EMV chip cards, but the U.S. has been slow to adopt this revolutionary technology. In this article, we will explain EMV devices, Point-to-Point encryption, and provide some reasons why your organization should consider migrating to these technologies.
What are EMV and P2PE
EMV and Point-to-Point Encryption are the two technologies that are used to make the payment process more secure.
EMV stands for Europay, Visa, and MasterCard, the three largest credit card issuers in the world, and the developers of this technology. EMV was developed in the mid ‘90s, but did not see adoption begin in the US until 2010.
EMV cards have a small chip, which looks like the back of a cell phone SIM card, and provides additional security when completing a transaction. These cards are “dipped” into a slot on the device, rather than “swiped.”
The description of how EMV works can get quite technical, so below is a brief list of the main security principles of EMV devices:
- Card authentication is performed by the chip
- Payment data is digitally signed
- Card data is encrypted
- Dynamic Data (a unique one-time-use code is created for every transaction, so if the data is stolen, it cannot be used to make any new purchases)
Point-to-Point Encryption (P2PE)
Not all EMV capable devices are created equal. The most secure solutions feature Point-to-Point Encryption (P2PE). P2PE is a combination of secure devices, applications and processes that encrypt data from the point of interaction (for example, at the point of swipe or dip) until the data reaches the solution provider’s secure decryption environment. Since the data is encrypted from the time the card is read and since only the service provider has the keys to decrypt it, typical P2PE solutions allow merchants to reduce their PCI scope, and make compliance requirements less onerous.
All of the EMV capable devices CBOSS offers feature Point-to-Point Encryption.
Why Should You Switch to EMV?
There are many reasons for switching to EMV devices. Some are discussed in more detail below.
Fraud Liability and Chargeback Prevention
On October 1, 2015 the banks and card networks stopped reimbursing customers for fraudulent transactions made on a swipe only device. Instead, the merchant has to absorb the cost of the transaction and any merchandise that was provided. This is because the merchant is seen as the “weakest link” in the chain of transaction security due to their lack of an EMV device.
The only way to remedy this situation is to upgrade to EMV capable devices, like those offered by CBOSS. Failing to upgrade could result in un-contestable chargebacks due to the lack of an EMV device.
For more tips on preventing chargebacks, we have a blog series on this topic, which can be found here
Mobile wallets that use Near Field Communication (NFC) like Apple Pay and Google Pay are becoming increasingly popular, and many cards also feature NFC technology. NFC allows for “tapped” transactions that do not require a swipe or a dip, by simply holding your phone or card by a designated place on the device.
If you are using older swipe only hardware, it is likely that your devices do not support NFC, so an upgrade to an EMV capable device will be necessary to offer this payment method to your customers.
Calculating the interchange rate for a transaction involves more than just the type of card the customer has, but also the method for completing the transaction. Since swiped transactions are considered a higher risk than EMV transactions, they carry higher interchange rates. Switching to EMV will enable you to reduce processing costs as much as possible.
For more information on interchange and how it is calculated, refer to our blog post here
Why Should You choose PCI Validated P2PE Devices?
Point-to-Point Encrypted devices are the most secure devices available, and will keep you on the forefront of digital security. Below are three reasons that your organization should consider using P2PE EMV Devices.
Customer Data Security
Point-to-point Encrypted EMV transactions are much more secure than ones using traditional swipe only devices. The strong encryption and other security features means that your customers’ sensitive information is safe and secure. If there is a breech and cardholder data is compromised, EMV transactions will not provide any useful data to the hacker due to dynamic data.
“Future Proofing” Your Environment
There is currently no PCI-DSS requirement for using PCI validated P2PE devices, but it is likely that will change eventually. For large organizations with many devices, beginning the migration process now will keep you ahead of the curve, should the compliance requirements ever change.
PCI-Authorized Scope Reduction
Merchants that only use a PCI Validated P2PE Solution and properly segment their network may be eligible to use the SAQ P2PE. This version contains significantly less questions than the standard SAQ. Reducing PCI scope will help ensure your customers’ data stays safe, and save your organization a lot of time and effort.
CBOSS offers Point-to-Point Encrypted EMV capable devices that are compatible with several major processors. If you are interested in learning more about this technology, or other services offered by CBOSS, visit our website .