EMV® global standards are managed by EMVCo, which was founded by EuroPay, MasterCard and Visa. The standards govern smart payment cards and the technology used for payment transaction authentication.
Unlike magnetic stripe cards that store read-only data, EMV cards use an embedded integrated circuit (IC), also referred to as a chip, to read and write card data. The chip allows for dynamic data exchange and cryptograms for payment transaction security on a per transaction basis. Because the data changes with each new transaction, EMV cards are harder to successfully counterfeit. Learn more by watching one of the Conexxus webinars on EMV or download this reference guide on EMV resources.
Like magnetic stripe cards, EMV employs methods to help verify the cardholder, authenticating that the person using the credit card, debit card or other chip embedded payment instrument is an authorized cardholder. It is an added layer of protection against payment card fraud. Payment card issuers are responsible for determining the available cardholder verification methods associated with each EMV card issued. CVMs for a chip card include none, a signature, or a Personal Identification Number (PIN) in both online and offline forms.
Did you know?
In the United States, the vast majority of EMV cards are issued without a PIN; instead relying on a signature, which can easily be forged.
The move to EMV is a payment fraud liability shift, not a mandate. However, if you own a branded site, your fuel supplier may require EMV. The shift in payment fraud liability occurs:
The liability shift means that in some circumstances, merchants may now be liable for fraudulent transactions. In general, the least sophisticated link in the transaction chain determines liability.
For example, in counterfeit card situations, if a merchant is incapable of accepting a chip card (so the transaction processes uses magnetic stripe data) and the card is EMV capable, the merchant would be liable. If the merchant is capable of processing EMV cards, but the card is not EMV (only mag stripe), the card issuer remains liable.
Even though the liability shift for automated fueling dispensers is 2020, merchants can be held liable for fraudulent transactions immediately if the fraudulent card is from a non-domestic issuer or if the site has experienced excessive fraud.
Certainly, the petro market has its fair share of unique requirements, especially when it comes to card payments and payment processing. EMV is no different.
Conexxus, as a non-profit, member-driven technology organization dedicated to the development and implementation of standards, technologies innovation and advocacy for the convenience store and petroleum market, helps to meet this challenge. The organization is committed to help the retail fueling industry identify and find solutions to the unique challenges we face in implementing EMV: from pay at the pump at automated fueling dispensers (AFD) to full service to fleet fueling.
Specifically, Conexxus is a sponsoring member of the US Payments Forum Petroleum Working Committee and all of the co-chairs, as well as a majority of the members of the group, are Conexxus members. Their collective expertise in the petroleum payments industry provides innovative solutions to migrating to EMV.
Conexxus is also sponsoring the work on a petroleum industry initiative to define fleet card prompting using EMV tags (as opposed to track two equivalent data). This will allow for solutions that use point-to-point encryption to determine prompting requirements without sacrificing the security requirements for sensitive track data (where prompt data has historically existed).
The convenience store retailer will most likely have to upgrade or replace existing in-store and forecourt hardware and software technologies to exchange payment and transaction data with chip cards. Gas station and convenience store operators should work with their POS and forecourt dispenser vendors to understand the benefits, costs, and timelines for migrating to EMV certified solutions.
Conexxus is committed to helping gas station merchants who want to become EMV compliant understand the requirements. Conexxus sponsors regular webinars that are of interest to the convenience store industry. These free webinars bring subject matter experts together to present on a variety of topics, including data security, tokenization, point-to-point encryption, and EMV. Past webinar slide decks are available here. To receive notices of future webinars, send an email to email@example.com.
If you can make it work in a gas station, you can make it work anywhere.