It might be a surprise to some that EMV (Europay, MasterCard, and Visa) compliance is not associated with Payment Card Industry Data Security Standard (PCI DSS) compliance. EMV is a standard for fraud prevention technology (embedded chips) included in payment cards and chip readers in payment terminals, while PCI DSS is a set of security guidelines to be used across credit card merchants and service providers for processing, transmitting, or storing credit card data.
It might be a surprise to some that EMV (Europay, MasterCard, and Visa) compliance is not associated with Payment Card Industry Data Security Standard (PCI DSS) compliance. EMV is a standard for fraud prevention technology (embedded chips) included in payment cards and chip readers in payment terminals, while PCI DSS is a set of security guidelines to be used across credit card merchants and service providers for processing, transmitting, or storing credit card data.
EMV Compliance
EMV was instituted because embedded chips on credit cards add an additional layer of physical security and are more difficult to counterfeit than simple magnetic stripe technology. EMV attempts to protect credit cards that are physically stolen, rendering them useless to the thief. This technology only protects transactions that require the card to be physically read and has no effect on e-commerce security.
PCI Compliance
The EMV chip does not satisfy any PCI compliance requirement, nor does it reduce PCI scope for the merchant. PCI compliance is required regardless of whether EMV is implemented.
All merchants and service providers should comply with both EMV and PCI standards, where applicable, to more fully protect customer information for card-present transactions. Even in combination, following these standards are not 100 percent effective against fraud, but they do provide the cardholder and merchant with better protection than either standing alone. EMV and PCI work together to ensure that card-present transactions are safe and secure for the merchant, for the customer, and for the card issuer.
SIDEBAR: Merchant-specific requirements for PCI and EMV compliance can be determined through a compliance assessment. Level 1 and Level 2 merchants and service providers must annually validate their adherence to the 12 PCI DSS requirements. Only a Qualified Security Assessor Company (QSAC), like TRUE, who has met rigorous requirements set forth by the PCI Security Standards Council may perform these assessments. The QSAC can also assist in completing the merchant’s Self-Assessment Questionnaire (SAQ). To discuss how PCI affects your unique environment and speak to one of TRUE’s PCI experts, please email TRUE at sales@truedigitalsecurity.com.
