CMUSA Card Security Glossary

Keeping Your Customers and Your Business Secure:

A Guide to New Payments Security Technology for Busy Small Business Owners

So many new terms, so little time. EMV, Chip, Chip and PIN, tokenization. What does it all mean?

Most of us small business owners spend the majority of our waking hours running a business. There is not much time left in the day to stay on top of the latest data breaches and all the emerging technology to prevent them.

Recent data breaches at Home Depot, Target and several other big retailers have put credit card security in the headlines. But while the big retailers get the limelight, small businesses are far from immune to a data breach. In fact, according to National Small Business Association, 44% of respondents to a recent survey said they were victims of at least one cyberattack, with an average cost of $8,699.48 for each breach. (See this post on cybersecurity tips for small businesses.)

Given your limited time, we’ve put together the following cheat sheet to help you stay on top of all the new technologies and terms related to payment security:

• Chip Card –Chip cards (also known as EMV chip technology) are payment cards that store the cardholder’s information on a computer chip embedded in the front of the card, rather than on a magnetic stripe on the back of the card. Chip cards add a layer of security to card transactions by turning cardholder information into a unique code for each transaction. This function makes it impossible for criminals to create counterfeit chip cards for in-store use.

Chip cards are already in use in many other countries, and they are currently being introduced in the United States. Some banks are already issuing chip cards to American consumers, and more banks are expected to do so in 2015.

• Liability Shift – Starting on October 1, 2015, businesses that do not have the technology to accept chip cards will be liable for resulting card fraud, if the customer presents a chip card at the point of sale but is forced to use it as a swipe card due to the lack of a chip reader.

• EMV – EMV stands for “Europay, Mastercard and Visa.”  EMV is the common language that chip cards use to communicate with chip readers. When people talk about EMV coming to the United States, they are referring to the transition to chip cards that will take place in this country over the next 12 months.

• “Chip and PIN” –In some other countries, customers are asked to enter a 4-digit PIN when they pay with a credit card, much like U.S. customers already do when they pay with a debit card. The PIN is a way of verifying that the person paying with the card is the legitimate user of the card. In places like the United Kingdom, where both chip cards and PINs are used, this system is referred to as “Chip and PIN.” However, even though the United States is moving toward adopting chip cards, it is still uncertain if PINs for credit transactions will be widely adopted as well.

• Tokenization – Tokenization is another way of securing card transactions and preventing data breaches. In a tokenized transaction, the customer’s account number is replaced with a “token” – a series of unique, random characters that acts as a substitute for the real account number so that sensitive cardholder data is never seen by the merchant and is completely worthless to any criminal who might steal it. Tokenization helps secure transactions that take place online or over the phone.

Some tokenization technologies are already available. For example, Apple’s new Apple Pay system makes use of tokenization to protect customer data.