EMV ADOPTION AND YOU:
WHAT YOU REALLY
NEED TO KNOW
WHAT IS EMV?
EMV specifications are a global set of guidelines developed by Europay, MasterCard® and Visa®
(EMV) in the 1990s to standardize embedded chip card technology. Today, EMV specifications
are maintained by EMVCo−an expanded group comprised of key payment card industry players.
EMV specifications foster interoperability and compatibility between chip-based payment cards
and acceptance devices, and provide guidelines for secure use of new payment types as well,
such as contactless card or mobile payments.
WHY NOW?
While EMV standards are not a regulatory mandate, adoption has been widespread worldwide−
with the exception of the United States. Due in part to extensive magnetic-stripe card infrastructure
in place in the U.S., adoption in this country has been relatively slow.
New shifts in fraud liability are changing that. Soon, the liability for fraudulent transactions will
fall on the party that is least EMV compliant. It is now vitally important to understand not only the
benefits of EMV adoption, but also how to comply with these guidelines and make the transition
as easy as possible for your organization and the people you serve.
EMV ADOPTION AND YOU
WHY ADOPT EMV SPECIFICATIONS?
EMV specification compliance means numerous benefits for you and the consumers you serve. Whether you seek to
overcome rampant card fraud that undermines consumer confidence, improve accessibility to your terminals to create a better
user experience, avoid fraud liability and associated costs, or simply be better prepared for the future to streamline transitions,
there are a number of reasons to adhere to EMV transaction guidelines as soon as possible.
SECURITY
IMPROVEMENTS
LIABILITY
SHIFTS
GLOBAL
ACCEPTANCE
FUTUREPROOFING
REVISED 5/2/2016
WWW.DIEBOLD.COM
3
EMV ADOPTION AND YOU
SECURITY
IMPROVEMENTS
The biggest benefit of EMV adoption is the potential major reduction in card fraud resulting from counterfeit,
lost or stolen cards. What makes EMV transactions so secure? There are a number of factors, but much of it has to do with
the card itself. Chip cards are inherently more secure than the magnetic stripe technology they replace. Magnetic stripe
cards have been around since 1960 and are extremely vulnerable to skimming—a practice where the data on the card
is covertly copied and used to make new, cheaply produced duplicate cards.
The electronic chips in smart cards, alternatively, contain a program that performs operations and holds financial data.
These chips contain unique security keys and transmit unique data for every transaction, making them difficult, if not
impossible to clone. As a result, the risk of card fraud is substantially reduced.
It is worth noting that distributing hybrid cards with embedded chips and magnetic stripes—a popular tactic in
North America currently—means there is still a risk of skimming. Data can still be stolen and reproduced from the magnetic
stripes unless a special skimming-resistant card reader like Diebold’s ActivEdge™ device is deployed. Data stolen from
hybrid cards can then be transferred to counterfeit cards usable anywhere magnetic stripes are still accepted.
OTHER AREAS OF SECURITY IMPROVEMENT WITH EMV TRANSACTIONS INCLUDE:
CARD
AUTHENTICATION
CARDHOLDER
VERIFICATION
RANSACTION
T
AUTHORIZATION
Card authenticity is established
Cardholders are dynamically
Issuer-defined rules or
online using a dynamic
authenticated using transaction-
transaction-specific cryptograms
cryptogram or an offline data
specific data such as a PIN
are used to determine if
authentication process, deterring
or signature based on risk,
transactions are low-risk enough
counterfeiting.
protecting against lost and
to be authorized.
stolen card use.
REVISED 5/2/2016
WWW.DIEBOLD.COM
4
EMV ADOPTION AND YOU
WHY IMPROVED CARD SECURITY MATTERS
Card fraud is still costing companies a colossal amount of money, especially in the
U.S. According to the Nilson Report, fraud losses incurred by banks and merchants on
Card fraud losses
all credit, debit and prepaid general purpose and private label payment cards issued
incurred by banks +
worldwide reached $16.31 billion in 2014. The U.S.—one of the last countries to make
a major move toward widespread chip card deployment, and hence a leading target
merchants worldwide reached
$16.31 billion
for fraudsters—accounted for 48.2 percent of gross card fraud losses worldwide while
generating only 21.4 percent of total card transaction volume. The reason cited for these
in 2014.
disproportionate losses? Lack of EMV-compliant infrastructure in the United States.
1
The impact of EMV adoption on card fraud worldwide has been significant.
For example, after Interac Association switched to chip card technology in 2008,
losses from debit card skimming in Canada fell from CAD $142 million in 2009 to
CAD $16.2 million in 2014—an 88 percent reduction at a time when transaction
volume increased by 24 percent.2 In Europe, domestic issuer ATM losses have fallen
EMV adoption helped reduce
by 66 percent from a high of €62 million during the first six months of 2006 to a low
debit card skimming losses in
of €21 million during the first six months of 2015. It is expected that widespread
Canada by
adoption of EMV guidelines in the U.S. will significantly reduce card fraud, as well.
3
88%
from 2009 – 2014.
1. Nilson Report. 2015.
2. Interac Association. 2015.
3. European ATM Security Team. 2015.
REVISED 5/2/2016
WWW.DIEBOLD.COM
5
EMV ADOPTION AND YOU
GLOBAL
ACCEPTANCE
Another primary benefit of adopting EMV transaction guidelines is to align with a widely accepted worldwide standard.
EMV is currently used in more than 80 countries, and there are more than 3.4 billion chip cards issued across the globe.4
Countries have been adopting EMV guidelines for roughly 20 years at varying rates, and in parts of the world such
Western Europe, practically every transaction is now conducted according to EMV guidelines. As a result, financial institutions
adopting EMV standards now can feel confident knowing they are utilizing a reference specification that is globally accepted.
WHY DOES GLOBAL ACCEPTANCE OF EMV GUIDELINES MATTER?
Most importantly, it means that customers using chip cards can access ATMs and POS terminals in foreign countries, and visitors
to the United States can do the same when accessing domestic networks. Consumers will no longer have to wonder whether
they can conduct transactions easily wherever they travel, knowing the same standards govern every touchpoint. Also, global
acceptance is about more than convenience. U.S. payment card issuers have been missing out on billions of dollars in charge
volume, including tens of millions of dollars in interchange fees, because of problems cardholders had conducting transactions
internationally. Alignment around common transaction governance and global chip card usage can fix this issue.
PERCENTAGE OF CARD-PRESENT TRANSACTIONS THAT ARE EMV5
75.90%
83.77%
AFRICA & THE MIDDLE EAST
19.42%
ASIA
JUL. 2013 –
JUN. 2014
33.55%
CANADA, LATIN AMERICA
& THE CARIBBEAN
96.33%
96.94%
WESTERN EUROPE
50.47%
EASTERN EUROPE
UNITED STATES
JUL. 2014 –
JUN. 2015
83.33%
86.95%
65.41%
.03%
.26%
0%
20%
40%
60%
80%
100%
REVISED 5/2/2016
4. GoChipCard.Com. 2015.
5. EMVCo. 2016.
WWW.DIEBOLD.COM
6
EMV ADOPTION AND YOU
LIABILITY
SHIFTS
EMV compliance may not be mandatory, but high costs of card fraud that have traditionally fallen to
card issuers will soon fall to transaction acquirers who do not comply with EMV specifications.
In October 2015, liability for card fraud shifted from payment card issuers to merchants who accept
EMV chip cards at POS terminals that only read magnetic stripes. Merchants were able to avoid this liability
shift by installing EMV-enabled readers capable of reading chip cards in addition to magnetic stripes.
A SIMILAR LIABILITY SHIFT WILL SOON TAKE PLACE AT THE SELF-SERVICE BANKING CHANNEL
• A
cquirers will assume counterfeit fraud liability if an EMV chip card is used at an ATM that
only reads magnetic stripes.
• Issuers will continue to assume counterfeit fraud liability if non-EMV chip cards are used
at an EMV-enabled ATM.
• Issuers will assume liability if an EMV chip card is used at an EMV-enabled ATM.
MasterCard has set an October 2016 date for this liability shift to take place, and Visa will shift
To avoid card fraud liability,
financial institutions
must comply with EMV
specifications beginning in
October 2016.
liability for transactions performed at ATMs in October 2017. If the security, interoperability and
future-proofing benefits of EMV adoption were not enough, these fraud liability shifts make
it clear that the time to comply with EMV specifications is now.
FUTUREPROOF
Beyond helping you to keep up with global adoption of chip card technology, abiding by EMV guidelines
helps position you for adoption of future advanced payment forms, as well. EMV specifications cover
emerging payment methods using near field communication (NFC) technology, including contactless card
reading and mobile integration. As consumers gradually become accustomed to conducting transactions
without a card, EMV compliance will help ensure those transactions can be conducted safely.
REVISED 5/2/2016
WWW.DIEBOLD.COM
7
WHAT DOES
UPGRADING LOOK LIKE?
EMV specifications are clearly defining the way forward for transactions, and the sooner you start
down the path toward adoption, the better. There are several steps required; however, finding the
right partner to guide you through the process can make a huge difference.
Complying with EMV transaction guidelines requires not only the hardware to read chip cards,
but also the ability to carry and process additional data that is included in chip-based transactions,
such as cryptographic messages that make each transaction unique. Once you’re capable of
handling EMV-governed transactions, you also need to adjust processes and educate consumers
to ensure success.
Diebold has already assisted financial institutions across the globe with this transition, and we can
help you, too. We provide the hardware, software, installation services and know-how necessary to
help you comply with all aspects of EMV specifications—and it’s all carefully customized to suit your
specific organization.
MAKE THE NECESSARY UPGRADE
1
2
ENSURE NEW CARDS WITH EMBEDDED MICROPROCESSOR CHIPS
HAVE BEEN ISSUED TO ALL CARDHOLDERS
EQUIP YOUR ATMS WITH EMVCO LEVEL 1-COMPLIANT CARD READERS
•
EMV-compliant card readers have been available from Diebold since the late 1990s when they were introduced
on iX Series terminals, and Diebold’s latest line of ATMs are shipped with EMV-compliant card readers
•
Diebold’s EMV-compliant card readers are certified according to an EMVCo Level 1 letter of approval
and TQM MasterCard approval
• Most EMV-compliant chip card readers are hybrid in nature, capable of reading chip cards and magnetic stripes
• Upgrade kits are available for both DIP and motorized card readers
•
Because there is always a risk of skimming when a magnetic stripe is present, Diebold’s ActivEdge™ secure card
reader is a strong option, as it defeats all known forms of skimming, fishing and trapping
•
Contact your Diebold account manager with information about your ATM to determine if an upgrade is required,
or to request letters of approval
3
INSTALL THE LATEST EMV SOFTWARE UPDATES ON YOUR ATMS,
INCLUDING THE LATEST EMV KERNEL
• D
iebold’s software kernel supports all major payment networks and the US Common Debit AID, and is fully certified
according to an EMVCo Level 2 letter of approval
EMV compliance requires:
c hip-reading hardware
• new cardholder
verification process
• operational adjustments
• consumer education
•
•Diebold’s Agilis® 3 91x and Phoenix VISTA applications are delivered with full EMV support, along with our certified
kernel, ensuring terminal software will interact appropriately with all EMV-compliant chip cards and applications
•Prior to starting any testing/certification processes, it is highly recommended to install the latest updates for your
software stack available from the Global Engineering Support organization
•Contact your account manager with information about your software stack to determine the best migration path
for you or to request letters of approval
4
ENSURE ATM PROCESSING ENTITIES (HOST/NETWORK) ARE CAPABLE
OF HANDLING EMV TRANSACTIONS
• Integration tests must be conducted by each card issuer before that payment brand can be accepted
•
Note that you do not need to wait for network state flows to be loaded to begin installing EMV card readers
that can be used as magnetic stripe readers in the interim
•
Diebold has customers certified with Visa, MasterCard, Interac, National Standard Indonesian Chip Card,
China UnionPay, JCB International, Discover Financial Services and American Express
• Diebold representatives are ready to answer any network certification questions you might have
REVISED 5/2/2016
WWW.DIEBOLD.COM
9
EMV ADOPTION AND YOU
CONSIDER PROCESS-RELATED
IMPLICATIONS OF EMV ADOPTIONS
EVALUATE YOUR FLEET FROM A HARDWARE, SOFTWARE AND NETWORK PERSPECTIVE:
•
Will you support fallback to magnetic stripes if chips cannot be read?
•Will you support non-EMV transactions, such as balance inquiries, transfers and cash deposits,
using EMV functionality?
•
Will you support PIN change functions at the ATM?
•If there are multiple EMV applications installed on chip cards, will the correct one be automatically
selected, or can cardholders choose?
•
Do you have the appropriate state flows and screens prepared?
TELL CONSUMERS WHAT
CHANGED, AND WHY
Every ATM EMV
migration will require
different considerations,
so contact your Diebold
representative for
guidance on ensuring
your EMV adoption
process goes smoothly.
A SUCCESSFUL TRANSITION TO EMV REQUIRES SEAMLESS CONSUMER ADOPTION:
•Explain to consumers what behaviors must change. If you use dip card readers on your terminals,
consumers must understand that cards must remain in the reader for the chip to be activated and that they
will be prompted to remove the card at the appropriate time. If consumers are used to motorized readers
immediately returning a card, inform them that their cards will now be returned at the end of the transaction.
•Make it clear to consumers that the switch to EMV-compliant transactions is in their best interest. Explain that
you are protecting their assets by fighting card fraud with more secure technology, and you are making it
easier for consumers to access their money around the world.
•Signage, ATM screens with directions, staff training and marketing collateral can help customers
understand required behavior. To help with consumer adoption of EMV-compliant technology,
visit www.GoChipCard.com for reference material ideas.
REVISED 5/2/2016
WWW.DIEBOLD.COM
10
EMV ADOPTION AND YOU
WE’VE GOT YOU COVERED
EMV adoption may be inevitable, but the hardware, software and consumer education requirements
mean it isn’t necessarily simple. Diebold offers everything you need to make the transition seamlessly
through our extensive solution portfolio, however. Look to our organization for:
HARDWARE
SOFTWARE
• Opteva or Diebold Series Terminal
• VISTA 5.x
• EMV Contact Card Reader
• VISTA 4.x
– Dip Card Reader
• XPRESSION 5.x
– Motorized Card Reader
• XPRESSION 2.x
– ActivEdge Card Reader
• Agilis 3 91x SP3 or SP4
• Additional Security Options (for Card readers)
• Agilis 3 NDx SP5 or SP6
– Advanced Skimming Detection (ASD)
• EMV Kernel Upgrade
– Foreign Device Detection (FDD)
– EMV Solution 5.1.1/Windows 7
(LoA – valid until Oct 2018)
– EMV Solution 5.2.0/Windows 7
(LoA – valid until April 2019)
• PCI Approved EPP
– EPP5 or EPP7
REVISED 5/2/2016
WWW.DIEBOLD.COM
11
WHAT IF YOU NEED HELP?
No problem. Diebold representatives can help you determine the precise steps you’ll need to take,
and our Professional Services team is well equipped to handle all necessary upgrades to your systems.
Keep in mind, however, that many others are upgrading to EMV compliance, so the sooner you start
a conversation with your Diebold representative about meeting your needs, the better.
For more information on EMV adoption, contact your Diebold representative today.
© Copyright 2016 Diebold, Incorporated. All rights reserved.