Chips, Mags, Sigs and PINs

  • By Manu Sharma
  • Published 7/8/2015

If you are a small business owner with a physical location that accepts credit or debit cards, the way your customers pay is changing in the near future. Below find the updates that you need to know.

What is the fuss about?

Have you recently traveled abroad (say, to Europe) and found that your U.S. credit card doesn’t work? Or, if you accept credit or debit cards at your physical business location, have you heard of the “EMV fraud liability shift” effective October 1st, 2015?

Here’s what is behind both: Most credit and debit cards issued in the U.S. use a magnetic stripe on the back of the card to store personal and card account information, and card terminals in stores require customers to swipe the card to read it. EMV technology (EMV stands for “Europay, MasterCard, and Visa,” the three groups who began this initiative) is the new paradigm, where this information is instead stored on a small electronic chip embedded in the card, allowing EMV-enabled terminals to read it. The U.S. is one of the last countries in the world to upgrade to EMV technology, whereas Western Europe has almost completely migrated.

Why EMV? And how does it work?

Simply put, EMV is a much more secure way to store information and complete in-person transactions.

  • First, data on the chip is more difficult to copy and clone than the data on a magnetic stripe.
  • Second, instead of swiping the card and handing it back to the customer, the chip card must be inserted into the EMV-enabled terminal and left there until the transaction is complete (contact method), or waved over the terminal if the card and terminal are both radio frequency (RF)-enabled (contactless method). In either method, the chip and terminal exchange data dynamically, allowing authentication of the card itself.
  • Third, the chip card plays a central role in the selection of the cardholder verification method (CVM), the two main types being Signature and PIN. The issuer determines its preference for the CVM used for a particular transaction, and the CVM list encoded in the chip stores a combination of CVMs and the rules for their use. A card will not work in an EMV terminal if there is a mismatch between the CVMs accepted by the terminal and those supported by the card. According to industry news, most large card issuers are planning to use Signature as the primary CVM for credit cards, but PIN for debit cards issued in 2015.

Clearly, the extra security and authentication in chip card transactions dramatically reduces the risk of fraud due to counterfeit, lost or stolen cards for in-person transactions. It has been borne out by drastic reductions in this type of fraud where EMV technology has been widely adopted.

What does this mean for my business and my customers?

First and foremost, be aware that you may be held liable for fraudulent in-person transactions if you don’t install EMV-capable terminals by October 1st, 2015. This is because as of that date, the “fraud liability shift” is effective for all major card types (Visa, MasterCard, American Express and Discover), whereby liability for a fraudulent in-person transaction will fall on the least EMV-compliant party. In other words, the card issuer would be on the hook if they don’t provide EMV cards, and the merchant (i.e., you) would be held liable if they don’t have an EMV-capable terminal to process the transaction.

That said, you can continue to do business with non-EMV terminals after October 1st if you are willing to accept the risk, since 100% of cards in the U.S. market will not be chip-enabled by October 1st, and even then, in order to make the transition smooth for their customers, card issuers are likely to continue including magnetic stripes on chip cards in the short term.

Second, be prepared to answer questions and concerns your customers may have as card issuers start to issue chip cards and large retailers start using EMV-enabled terminals. The good news for customers is that they still have zero liability for fraudulent transactions on their cards, but being able to answer their questions should increase customer satisfaction and give you a leg up over your competition.

For example, customers who are confused about moving from magnetic stripe to EMV may ask:

  • Why can’t you swipe my card? Why do you need to keep it in your machine for the entire time?
  • Why can’t I just sign the receipt like I used to? Why are you asking me for a PIN?
  • I have a chip in my card, so why are you swiping it? Is this secure?
  • Can I use Apple Pay at your store (or Google Wallet, or yet another contactless mobile wallet technology)? When will I be able to do that?

Third, do some homework before shopping around for EMV terminals. Due to the complex interaction between EMV terminals and chip cards, the capabilities of the terminal are very important. For example, PIN-only terminals (such as many automated ticket kiosks in Europe) will not be able to accept cards with only Chip-and-Signature capabilities, resulting in many declined transactions.

And finally, be aware that EMV technology continues to evolve, so terminals are not “plug-and-play” yet and their software is likely to require constant updates over the next few years. This may present an even larger problem for your business if your payment terminal is integrated with other systems such as ordering, invoicing or inventory management. If this is the case, it may be worth the investment to hire an EMV consultant who can help you make the right choices for your business.

Additional resources

EMV technology is significantly more complex than current magnetic stripe technology; therefore, some research and planning could go a long way in saving you pain (and money) down the road. While it is not advisable to miss the October 1st deadline, jumping blindly into the fray is not necessarily the best option either. Here are some additional resources that can help you understand more about chip cards and prepare for the transition:

Keep up with our team

Sign up for our Monthly Newsletter

[[ errorMsg ]]

Thank you for joining our community. Please look for an email from