EMV – Let InsightRS help you get a head start.

EMV – it’s what everyone is talking about.  Where do we begin?  Let’s start with a Glossary of Terms.

 EMV-Cardl

Chip and PIN

Chip and PIN is a brand name adopted by the banking industries for the two-part authentication process of inserting your chip card, and entering a PIN while the card is still inserted.

 

Chip and Signature

Chip and Signature is an alternative implementation that requires the cardholder to verify identity by signing a printed receipt, rather than entering a PIN.

 

Chip and Choice

Chip and Choice denotes the choice between Chip and PIN or Chip and Signature.

 

Contactless

Contactless payment is a change to the way debit or credit payment is handled when making a purchase. Contactless payment transactions require little to no physical connection between the card and the checkout device. Instead of “swiping” or “inserting” a card, the contactless card or fob is tapped on or held within an inch of a machine that reads the card, with the payment information is sent to the merchant wirelessly. Contactless credit and debit cards include a smart card chip.

 

EFT

Electronic Funds Transfer (EFT) is a system of transferring money from one bank account directly to another without any paper money changing hands.

 

EMV

EMV, which stands for Europay, MasterCard, and Visa, is a global standard for inter-operation of integrated circuit cards (IC cards or “chip cards”) and IC card capable point of sale (POS) terminals and automated teller machines (ATMs), for authenticating credit and debit card transactions.

 

EMV “Ready” devices vs. EMV Certified/Validated

EMV Ready devices refer to payment terminals that have the hardware capability and are level 1 certified to accept EMV transactions. When referring to EMV certified in context of POS applications, this would indicate that the hardware as well as the software/firmware resident on the hardware are certified as compliant and able to accept EMV transactions. In most cases the hardware and software combination would need to be certified with specific card brands (Visa, MC. Etc.) and with specific payment processors (First Data, Vantiv, Etc.).

 

Encryption

Encryption is the process of translating information into a code that can only be read if the reader has access to the key that was used to encrypt it. There are two main types of encryption—asymmetric (or public key) and symmetric (or secret key).

 

Insert and Pay

Insert and Pay is a term used often when describing a typical EMV payment transaction. Insert refers to the insertion of a chip enabled credit card into the EMV reader, or slot, on a payment terminal.

 

NFC

Near Field Communication (NFC) is a set of close-range wireless communication standards. NFC-equipped smartphones and other devices can exchange information with each other with a simple tap or wave.

 

PAT

An acronym used for Pay at Table. Typically referring to wireless devices accepting electronic payments such as Credit, Debit, etc. pay at table devices allow servers to accept and process payments without leaving the customers view.

 

Payment Unaware/ Out of Scope

The PCI PA-DSS applies to a payment application (as defined by PCI SSC) as follows: “The PA-DSS applies to software vendors and others who develop payment applications that store, process, or transmit cardholder data as part of authorization or settlement.” An out of scope, or payment unaware integration removes the POS application from PCI PA-DSS Scope as card data is never available to the POS application. An ‘Out of Scope’ solution for the integrated 3rd party POS application does not eliminate a merchant’s compliance responsibility to PCI DSS requirements.

 

Semi-Integrated

In a semi-integrated environment, the terminal or peripheral device used to capture credit card data is connected to the POS application, but the application used to actually process card payments is on a separate device.

 

Tap and Pay

Tap and Pay is another term commonly used to describe contactless payments.

 

Tokenization

Tokenization, when applied to data security, is the process of substituting a sensitive data element with a non-sensitive equivalent, referred to as a token that has no extrinsic or exploitable meaning or value.


Thanks to NCC for providing EMV education and Glossary of Terms at the NCC Dealer Conference 2015

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: