EMV is a standard for fraud prevention technology (embedded chips) included in payment cards and chip readers in payment terminals. PCI DSS is a set of security guidelines to be used by credit card merchants and service providers in processing, transmitting, or storing credit card data. PCI and EMV are vital for business owners to understand, but are often confusing due to the various assessments and certifications required as well as solutions presented by vendors solving for one or both. Business owners taking payments need to have a good understanding of both.
In the US, EMV-enabled businesses continue to grow. This trend is significantly reducing fraud. EMV technology encrypts all information between the card and the reader used during a transaction. Older magstripe technology contains analog data that’s easy to intercept, steal, and spoof. Although EMV compliance is not mandatory, it is strongly encouraged not only in the ongoing efforts to reduce card fraud but also to avoid expensive fees and chargebacks. A chargeback can lead to the loss of a transaction amount as well an additional fee.
It’s often easiest to think of PCI standards as the minimum defense requirements against hackers. Having a firewall to protect data, a process for changing your passwords on a regular basis, keeping your antivirus updated, ensuring your POS and other computer software and hardware are also up to date, and regularly reviewing all of your security processes are a few of these standards. Ultimately, it’s every business owner’s responsibility to look at his/her own environment to understand where vulnerabilities may exist. PCI compliance is mandatory for all businesses that accept card payments.
Being familiar and comfortable with the tools and information available at https://www.pcisecuritystandards.org/ is highly recommended for all business owners and operators.