The Latest on EMV

The U.S. continues to see a slow implementation of EMV. Well beyond the October 2015 deadline, only 17% of small to medium businesses using an integrated POS have upgraded to EMV.1 The card brands, too, have taken a step back to evaluate the EMV rollout with both Visa and American Express modifying chargeback policies for merchants not ready to accept chip cards. Changes include blocking all U.S. counterfeit fraud charge backs under $25 and limiting Visa and American Express issuers to charging back 10 fraudulent counterfeit transactions per merchant account. Issuers will assume liability for all fraudulent transactions after the limit is reached. These changes to the EMV chargeback policies are designed to give merchants more time to upgrade systems for chip cards while limiting merchant fraud losses.

[1] Piper Jaffrey

Watch the OpenEdge EMV Solution Video

Why EMV? Why Now?

EMV has been the credit card standard in most industrialized nations for years. The United States is among the last hold-outs, and technically-advanced criminals have exploited that situation. EMV is a much more secure model for processing payments, so thieves have naturally gravitated toward the easier-to-steal data on magnetic stripe cards. The result has been a series of high-profile and damaging card data breaches. In fact, while the U.S. accounts for only a quarter of the world’s transactions, about half of all credit card fraud happens in the United States. EMV will correct that disparity and help make digital commerce safer.

EMV Liability Shift Fast Facts

  •  When? October 2015
  •  This is a card network mandate (not a law)
  •  U.S. is the last major market adopting EMV
  •  Card-present security improvement

Who is Affected by EMV?

OpenEdge EMV Solution


Part of the Edge Shield Security Bundle

Edge Shield is a collection of security-related components designed to eliminate existing vulnerabilities within the payments chain. When integrated into systems that accept payments, the bundle can protect credit card data while at rest and in transit. Edge Shield includes:

OpenEdge EMV Solution This fraud-reduction technology seeks to protect card issuers, merchants and consumers from losses due to the use of counterfeit and stolen payment cards at the point-of-sale. The technology helps insulate our developer partners from complex device driving and card brand certifications.

Point-2-Point Encryption. OpenEdge’s proprietary encryption is designed to render cardholder data virtually unreadable, encrypted at the device. Merchants are unable to view card numbers after the swipe or hand-key.

Token Vault. Cardholder data is replaced by digital “tokens” based on this technology. Sensitive data is stored in the more secure OpenEdge vault rather than in the merchant environment.

PA-DSS 3.0 Out-of-Scope. Payment applications are rendered out-of-scope with EdgeShield, eliminating cumbersome PCI validation requirements.

PCI ASSURE. Merchants can simplify PCI compliance with online access to security self-assessment questionnaires, network scans and custom security profiles generated from the business’ processing activity. PCI ASSURE includes breach protection to help merchants secure their businesses.

OpenEdge Solutions for QIR™

The latest requirements from the PCI Security Standards Council state that small businesses must have their payment applications and terminals installed by Qualified Integrators and Resellers (QIRs). These security professionals are trained and certified to install and maintain PA-DSS validated payment applications. OpenEdge will help you navigate the QIR™ requirements, whether you need access to certified installers or plan to get your staff certified.

OpenEdge: QIR Certified
The security experts at OpenEdge have achieved QIR certification and can ensure your small business merchants are using payment applications installed and serviced in accordance with PCI standards.

QIR Blob OnlyGet Certified: QIR ASSIST
For developers who wish to pursue QIR certification, OpenEdge offers QIR ASSIST, a support program to get your staff certified and ensure you have access to payments security best practices. QIR ASSIST includes:

  • Consultation with PCI security experts
  • Education on topics such as: secure remote access, malware prevention, encryption and tokenization
  • QIR exam preparation
  • Post-certification marketing assistance to promote your new status as a Qualified Integrator and Reseller