EMV Transactions: What You Need to Know

With Europay, MasterCard and Visa (EMV) rapidly approaching the U.S. markets, consumers, businesses and software developers may start hearing other buzz words regarding certain form factors associated with this alternative payment type.

EMV has traditionally been referred to as Chip and PIN as implementations in Europe and around the world. Chip and PIN typically requires the consumer to enter a PIN (personal identification number) with every transaction. That may change with the US implementation based on overall payment infrastructure and consumer expectations.

Similar to traditional mag-stripe and contactless payments where a payment may require a PIN or signature for verification, EMV can support multiple cardholder verification methods (CVM) for a transaction. These are set by the card issuer and may vary based on the amount of the transaction with the example being no CVM required for low value transactions, as has been the case with mag-stripe transactions that don’t require a signature.

With EMV the following verification methods are considered valid:

  • Online PIN. This is consistent with how the transaction works for PIN debit transactions today, where a consumer enters their code on a PIN pad and that data accompanies the transaction and validated at the issuer. The thing to take note of is PIN can now accompany Credit transactions as well, so this will require some bit of training for cashiers and consumers.
  • Offline PIN. Once again this could be for credit or debit with the code being entered on a PIN pad, but the PIN is not sent as part of the transaction. Rather it is matched locally to a value stored on the chip. This was typically used in countries with a less developed technology infrastructure than the US, so this was used to validate low value transactions when connectivity to the host was not working or cost prohibitive.
  • Signature. Identical to process today, where a consumer signs the receipt or signature capture device.
  • No verification at all. Identical to how it works today with mag-stripe, where certain low-risk merchant verticals isn’t required to do any additional verification based upon an issuer set transaction amount. If the amount of the transaction is less than the set amount, then no additional verification is required.

These methods will be the same whether the EMV card is presented in a contact or contactless manner, though the issuer may set different CVMs based on how the consumer presents it (e.g. Online PIN for contact, but signature or no CVM for Contactless). It will take acquirers, POS providers, merchants, consumers, card brands and issuers all working together on proper messaging to ensure that the rollout is as streamlined as possible with everyone understanding the various ways a transaction may process, but there are ongoing efforts by groups such as the EMV Migration Forum working to ensure education and training materials are available.

As the U.S. approaches the liability shift deadline (October 2015), it is important for businesses to understand the complexities and different form factors for accepting EMV. The main purpose for installing EMV is to reduce fraud at the point-of-purchase. Understanding the difference between these transaction types is one of the first steps businesses can take to prepare for EMV.