Need An Upgrade?

Contact our Inside Sales Department for information regarding your system needs.

EMV Overview

What is Chip & Pin EMV?

EMV stands for Europay, MasterCard and Visa, a global standard for inter-operation of integrated circuit cards (IC cards or “chip cards”) and IC card capable point of sale (POS) terminals* and automated teller machines (ATMs), for authenticating credit and debit card transactions.

mandate is something the payment network expects compliance with, e.g. a requirement, without which you cannot accept credit cards. EMV IS NOT A MANDATE.

So what is EMV?  It is actually a liability shift.

By liability shift the payment networks mean that a non-EMV compliant party will be liable in the event that an EMV chip card is used at a non-EMV-capable terminal, and the resulting transaction is determined to be counterfeit fraud. In plain English, if you accept a counterfeit chip card, you, the merchant, may be liable for that charge. What determines who is liable for the counterfeit charge is who is the least compliant. If you as a merchant don’t have the ability to accept EMV cards, and someone fraudulently uses a card at your location, then you are liable for the funds and any fees or fines associated. However, if you do have the capability, but the cardholders bank hasn’t issued them an EMV card, or the processor hasn’t adopted EMV standards, then the liability switches back onto the issuing bank or processor.

Each acquirer (an acquirer is generally seen as the bank or entity that the merchant uses to process their payment card transactions) must assess their situation to determine if and when it makes sense for them to migrate to EMV. Not all banks/processors (acquirers) are going to make the immediate switch to EMV. If, for example, they deem that fraudulent transactions are an extremely small percentage of an acquirer’s transaction volume, the acquirer may decide to defer upgrading until a later date; they therefore accept the risk that they may accept a transaction initiated by a counterfeit EMV chip card and as a result they may be liable for that counterfeit fraud.

Does Aloha have an EMV Solution?

The short answer is ‘Yes’. NCR, Aloha’s parent company, is working on a new gateway called NCR Connected Payments for Hospitality to provide our customers greater flexibility and choices regarding payments. NCR will be utilizing its cloud-based Connected Payments platform to implement point-to-point encryption, EMV and mobile wallet capabilities for AlohaPOS customers.Connected Payments is currently in use in more than 17,000 NCR Retail customer locations.

What Does EMV Mean for Me?

The good news is the sky is not falling as some would have you believe. The biggest risk is not from being on the wrong side of the liability shift when the October 2015 deadline comes; rather it is from data being stolen directly from your point of sale system. Being able to accept chip cards is important, but EMV only protects a restaurant from fraud related to someone using a counterfeit card for an in-store transaction. It does not protect the restaurant from data security-related breaches.  According to the 2014 Trustwave Global Security Report, 18% of electronic payment system attacks in 2014 targeted food and beverage establishments.

There is a huge backlog from credit card providers transitioning to, and shipping out, chip-embedded cards. Then it will take time – some estimate as many as seven to 10 years – for chip-based cards to become fully integrated into the marketplace.

In the meantime, as NCR Connected Payments for Hospitality gets closer to market ready in the coming months, we will post updates to our web page as well and other means of communication to get the word out to our valued customers. Continue to check back often or feel free to contact your SDCR sales representative for alternative options.

EMV Myths

Myth #1: Implementing EMV in your restaurant is required and will be enforced by a government regulation or council.

If you are a U.S. restaurant operator, no government agency or industry association is requiring you to implement EMV. You will not be fined if you do not implement EMV by the often referred to “deadline date” of October 1, 2015. This is not a deadline. It is your decision whether or not you want to implement EMV – there is no requirement.

Myth #2: EMV is a requirement for complying with PCI Data Security Standards

You don’t need to implement EMV in order to be compliant with PCI Data Security Standards. While EMV can be one component of your data security strategy, it is not required nor mandated by PCI Data Security Standards, nor will implementing EMV make you PCI compliant.

Myth #3: Once you implement EMV, you will no longer be able to accept credit cards with magnetic stripes

Believe it or not, magnetic stripes on credit cards are going to be with us for quite some time. If you’re EMV- ready, when a customer pays with an older magnetic stripe credit card you’ll simply swipe it through your new payment terminal’s card reader. So regardless of whether or not you have implemented EMV, you’ll be able to take all credit cards in your restaurant.

Myth #4: EMV protects your restaurant from a data security breach

Remember – implementing EMV alone will not protect your restaurant from being hacked. While EMV helps protect you from counterfeit card use, it’s not the end-all, be-all of restaurant data security. There are measures that you can put into place that are not provided by EMV – such as encrypting credit card data as it passes through your network – that will safeguard your restaurant from a data breach as well as give you greater peace-of-mind.

Myth #5: EMV will rapidly achieve mass adoption by both credit card issuer and other restaurants

Estimates are that only 20 to 30 percent of cardholders in the United States will have new EMV-ready cards by October 1, 2015. Meanwhile, industry experts are saying that it will take at least 3-5 years in order for EMV to reach full acceptance in the U.S., and in Europe the adoption took much longer. So know that it’s going to take a while for everyone to finally make the transition to EMV.

Myth #6: If you don’t implement EMV, you won’t be able to accept credit cards after October 1, 2015

Even if you don’t implement EMV-enabled payment devices by October 1, your business will still run the same as it did on September 30, aside from the liability shift. Both older magnetic stripe cards and newer EMV cards can be accepted by non-EMV merchants, as the new chip cards will also have magnetic stripes available for that very reason.

Myth #7: Transitioning to EMV is as simple as plugging in a new payment terminal

Making your restaurant EMV-ready can involve lots of discussions, questions and planning about many different things: your POS system, your payment processor and the right kind of payment terminal devices. It’s also crucial that you understand the impact that EMV technology will have on your operation; be prepared to train your staff appropriately and assist customers with using their EMV credit cards.

Myth #8: You do not need to worry about PCI Data Security Requirements if you use EMV

This statement is not true. EMV chip technology improves the security of processing credit card transactions, but does not remove your requirement to comply with the Payment Card Industry Data Security Standard.

EMV FAQs

What is EMV?

In short, EMV is the chip technology that has been rolled out in Europe and Asia basically across the world with the exception of the United States.

EMV “Chip Technology” provides card issuing banks the ability to issues credit cards with an embedded chip.  The new chip technology allows a merchant to accept a credit card sale by simply waving the card in front of an EMNV capable credit card terminal*.  In essence it is a contactless sale.

How does EMV chip technology work?

EMV-enabled hardware will communicate with the processor chip inside the customer’s credit card to determine whether or not the card is authentic. Generally, the EMV hardware will prompt the customer to sign or enter a PIN to validate their identity. This process enhances the authentication of both the card and cardholder, effectively reducing the possibility that your business will accept a counterfeit card or be held liable for a fraud-related chargeback.

Will my integrated card reader on my front of house point of sale read EMV chips?

No. The EMV chip reader is specific to your credit card processing company. Point of sale software companies are writing their code to be able to communicate with third party credit card reader hardware providers, like Ingenico and Verifone.

Why is EMV being implemented in the United States?

Credit Card fraud continues to increase in the United States. Current magnetic stripe cards can be easily copied (skimmed) with inexpensive card reading devices allowing criminals to reproduce counterfeit cards. The use of EMV cards is expected to significantly reduce credit card fraud. This benefits both the merchant as well as the card holder.

What is the advantage of the new EMV technology?

According to the experts in security, this is a much more secure way of transacting a credit card sale.  Once this technology is rolled out, it will be much, much harder for cyber thieves to use stolen credit card data.

Am I required to support EMV?

No, you are not required to support EMV in the United States at this time. While EMV cards will continue to have a magnetic stripe to ensure customer can continue to pay on existing hardware, you need to consider that even if your organization hasn’t been targeted by high levels of card present fraud in the past, you may be putting yourself at risk in the future, as fraud will migrate to the weakest technology (magnetic stripe) Therefore, you may want to ensure that your payment processing application and hardware can support EMV card acceptance.

What happens I choose not to upgrade to an EMV terminal?

If you are worrying if your credit card processing rates will go up, they shouldn’t.  However, there will be a shift in liability from the banks to the merchant for fraudulent credit card activity.  What does that mean?  If you have fraudulent credit card sales processed through your business, and you don’t have an EMV terminal*, the liability for accepting that card may fall to you, the merchant.

Will chip cards be swiped the same way as magnetic-stripe cards?

No. The term “swipe your card” will be replaced by “dip your card”. Chip cards are inserted, or “dipped,” into the payment device and left in place for the entire transaction as the reader and card talk back and forth. In the event the card does not have a chip, you can still swipe the card.

How does EMV impact PCI requirements?

Merchants are still required to maintain on going PCI compliance, but may be eligible for a waiver of the annual PCI Validation process currently being offered by American Express, Discover, MasterCard, and Visa.

What merchants are eligible for the PCI validation waiver?

MasterCard’s program is open to PCI DSS Level 1 and Level 2 merchants. American Express, Discover, and Visa do not call out specific levels, but the annual validation is only required of Level 1 and Level 2 merchants. In addition, 75 percent of the merchant’s transactions must be processed through EMV enabled terminals*. However, this does not mean that 75 percent of the transactions must be EMV transactions. The transactions whether EMV or magnetic stripe just have to process through EMV enabled terminals*. The terminals* must also support both contact and contactless transactions.

Is there a new PCI SAQ version for merchants with EMV compliant terminals?

At this time, there is no unique Self-Assessment Questionnaire (SAQ) for EMV.

Will I still be able to accept traditional credit and debit cards?

Yes, any hardware you currently have will allow you to continue to accept payment cards that are not EMV-enabled.

Does EMV stop hackers from breaching my point of sale system?

No. The biggest risk is not from being on the wrong side of the liability shift when the October 2015 deadline comes, but is from data being stolen directly from their networks.  Being able to accept chip cards is important, but EMV only protects a restaurant from fraud related to someone using a counterfeit card for an in-store transaction. It does not protect the restaurant from data security-related breaches.

So what do I do next?

As NCR Connected Payments for Hospitality gets closer to market ready in the coming months, we will post updates to this page.