October 2015 marks the start date of the EMV Initiative in the US, a massive change affecting merchants, card issuers, and consumers. And with this change comes some new terminology.
As you help your clients to upgrade hardware and software and comply with the new standards, use the following EMV glossary of terms.
Cardholder Verification Method (CVM)
Used to verify the cardholder's identity, this method specifies a preferred hierarchy during a payment transaction. Elements may include a signature, a PIN, or no CVM at all.
The financial institution responsible for distributing a credit or debit card that creates a contractual relationship with the cardholder.
Chip and PIN vs. Chip and signature
Based on card issuer preference, chip and PIN cards require the customer enter a four-to-six digit personal identification number when making a purchase. In this case, the PIN will rank first in the list of possible cardholder verification methods (CVM), with signature allowed as a fallback option.
Chip and signature cards prefer signature to PIN in their CVM list or may be signature-only.
A chip transaction where communication between the card and the terminal does not require contact between the two.
A numeric value, commonly used to validate data integrity, resulting from data elements entered into an algorithm and then encrypted.
Defined by the card issuer, a list in the chip card's payment application profile showing the hierarchy of preferences for verifying a cardholder's identity.
The process of inserting an EMV card into a POS terminal. Unlike the mag stripe "swipe," chip cards remain in the card reader until the transaction is complete.
Unlike static data contained by a traditional mag stripe card, EMV technology creates a one-time use, dynamic transaction code for each payment, preventing fraudsters from copying card data onto a blank card.
The company responsible for creating and maintaining the EMV Chip Specifications, originally a consortium of EuroPay, MasterCard, and Visa.
EMV card, chip card, smart card
A credit or debit card containing an integrated microchip rather than a magnetic stripe. Presenting one of these cards for payment requires it be inserted or "dipped" into the card-accepting terminal, in the same way you'd insert a card into the ATM. The first generation of cards in the US will be hybrids, with both a chip and a mag stripe.
A piece of terminal application software supporting EMV payment application functions. Because the different card brands (Visa, MasterCard, Discover, American Express) have taken different approaches to EMV in the United States, each has a unique kernel to manage card functionality during a transaction.
The date, October 1, 2015 in the US, when Visa, MasterCard, American Express and Discover begin shifting liability for fraudulent charges to merchants and card issuers.
Near field communication (NFC)
Short-range, high frequency wireless communication technology allowing the exchange of data between devices over a distance of about 10 centimeters.
Payment Card Industry Data Security Standard (PCI DSS)
All merchants that process, store, or transmit credit card information must maintain a secure transaction environment based on this standard. Depending on the number of annual card transactions, a business will achieve PCI compliance on one of four levels.
PIN Entry Device (PED)
A secure device cardholders use to enter a PIN.
Point-to-point encryption protects card data from the moment it enters the POS system to the point of secure decryption, usually when it reaches the payment processor. P2PE is a subset of end-to-end encryption (E2EE).
Using a device to illegally collect data from the magnetic stripe of a credit, debit, or ATM card. The harvested data is copied onto a blank card, allowing fraudsters to make purchases or withdraw cash from the account of the original cardholder. Every purchase with an EMV card requires a single-use transaction code, meaning any data gained through skimming will be useless.
Payment tokenization replaces sensitive customer payment information with a unique identifier or token. Often the token will retain the last four digits of the payment card to ensure an accurate match. Tokenization benefits both merchants and customers by eliminating payment data from networks. Data stolen by hackers becomes meaningless and can't be used on counterfeit cards.
What additional terms would you like to see included in the EMV glossary?