Laigle Business Group

PCI vs EMV Compliance

PCI vs EMV Compliance

A recent report published by the Federal Reserve revealed that 60% of consumers in the United States prefer using credit cards instead of cash. Paying with credit card is easier, more convenient, and it often comes with additional perks like included insurance on specific purchases. But small business owners need to choose their payment processors carefully due to recent liability shifts regarding PCI and EMV compliance.

EMV Compliance

Short for “Europay, MasterCard and Visa,” EMV is the new global security standard for credit card processes. It involves the use of special EMV chips embedded into credit cards to protect against fraudulent activity. Also, known as a “smart card,” they create a unique four-digit PIN for each transaction; thus, adding an additional level of security to the transaction. This is in stark contrast to the previous magstripe cards, which use a static number. Business owners should take note of the transition to EMV. Effective October 2015, U.S.-based businesses that do not have an EMV processing device could be liable for fraudulent transactions. In other words, if a breach occurs at a business that hasn’t upgraded to an EMV processing device, that business could be liable for the cost of the fraudulent activity.

PCI Compliance

Short for “Payment Card Industry Data Security Standard,” PCI is a specific set of guidelines governing the credit card data. Its primary purpose is to promote a safe and secure environment in which credit card transactions can be processed Originally launched September 2006 by major credit card companies like Visa, MasterCard, American Express, Discover and JCB, the Payment Card Industry Security Standards Council (PCI SSC) is the organization that manages the ongoing development of the PCI security standards. PCI compliance falls into one of four different levels, depending on the business’s Visa transaction volume over the course of a year. The business’s PCI level dictates which Self-Assessment Questionnaire (SAQ) it must complete for compliance. Furthermore, to remain compliant with PCI, businesses must perform quarterly or annual vulnerability scans to identify weaknesses in their network. Additionally, businesses must monitor and test their networks, and maintain a security policy. While there’s no law requiring business owners to comply with PCI, failure to do so could leave them subject to heft fines, audits, fraudulent activity and other related problems. The purpose of this is to promote a secure environment among businesses that accept credit card payments.