The Latest On EMV

The U.S. continues to see a slow implementation of EMV. Well beyond the October 2015 deadline, only 17% of small to medium businesses using an integrated POS have upgraded to EMV.1 The card brands, too, have taken a step back to evaluate the EMV rollout with both Visa and American Express modifying chargeback policies for merchants not ready to accept chip cards. Changes include blocking all U.S. counterfeit fraud charge backs under $25 and limiting Visa and American Express issuers to charging back 10 fraudulent counterfeit transactions per merchant account. Issuers will assume liability for all fraudulent transactions after the limit is reached. These changes to the EMV chargeback policies are designed to give merchants more time to upgrade systems for chip cards while limiting merchant fraud losses. [1] Piper Jaffrey

Watch the OpenEdge EMV Solution Video

Why EMV? Why Now?

EMV has been the credit card standard in most industrialized nations for years. The United States is among the last hold-outs, and technically-advanced criminals have exploited that situation. EMV is a much more secure model for processing payments, so thieves have naturally gravitated toward the easier-to-steal data on magnetic stripe cards. The result has been a series of high-profile and damaging card data breaches. In fact, while the U.S. accounts for only a quarter of the world’s transactions, about half of all credit card fraud happens in the United States. EMV will correct that disparity and help make digital commerce safer.

Mobile EMV & NFC contactless

For developers who offer iOS or Android native mobile applications, OpenEdge allows your customers to accept mobile EMV transactions using NFC and the Bluetooth-enabled Walker BT. Features include EMV credit, magstripe credit and signature debit, signature capture, email receipts, tip configuration, repeat/recurring payments, the Decline Minimizer automatic card updating service, encryption & tokenization. Optionally, merchants may download the non-integrated OpenEdge Mobile app from the Apple® Store or Google Play.

Who is affected by EMV?

Merchants

The checkout experience changes. Rather than swiping cards, consumers will insert them into a card reader (many are calling this action “dipping”). The user only removes the card after the device prompts that the transaction is complete. Clerks will rarely handle cards, and will need to watch for those forgetting cards after EMV transactions.

Consumers

If you haven’t already received a new debit or credit card with an embedded chip, you’ll get one soon. This “smart chip” enables an authentication process known as Europay, MasterCard, and Visa (EMV) that helps authenticate purchases and reduce card fraud. During checkout, your card won’t leave your hand. EMV is much more secure than standard magnetic stripe technology.

Developer Partners

Developers without an EMV-capable integration will endure a lengthy and costly EMV certification process, independently, with the processor and card brands. OpenEdge, however, offers an EMV-capable integration method for developers to swiftly offer an EMV solution for their customers.

OpenEdge EMV Solution

Part of the EdgeShield™ Security Bundle

EdgeShield™ is a collection of security-related components designed to eliminate existing vulnerabilities within the payments chain. When integrated into systems that accept payments, the bundle can protect credit card data while at rest and in transit. EdgeShield includes:

OpenEdge EMV Solution This fraud-reduction technology seeks to protect card issuers, merchants and consumers from losses due to the use of counterfeit and stolen payment cards at the point-of-sale. The technology helps insulate our developer partners from complex device driving and card brand certifications.

Point-2-Point Encryption. OpenEdge’s proprietary encryption is designed to render cardholder data virtually unreadable, encrypted at the device. Merchants are unable to view card numbers after the swipe or hand-key.

Token Vault. Cardholder data is replaced by digital “tokens” based on this technology. Sensitive data is stored in the more secure OpenEdge vault rather than in the merchant environment.

PA-DSS 3.0 Out-of-Scope. Payment applications are rendered out-of-scope with EdgeShield, eliminating cumbersome PCI validation requirements.

 

PCI ASSURE. Merchants can simplify PCI compliance with online access to security self-assessment questionnaires, network scans and custom security profiles generated from the business’ processing activity. PCI ASSURE includes breach reimbursement to help merchants secure their businesses.

OpenEdge Solutions For QIR™

The latest requirements from the PCI Security Standards Council state that small businesses must have their payment applications and terminals installed by Qualified Integrators and Resellers (QIRs). These security professionals are trained and certified to install and maintain PA-DSS validated payment applications. OpenEdge will help you navigate the QIR™ requirements, whether you need access to certified installers or plan to get your staff certified.

OpenEdge: QIR Certified The security experts at OpenEdge have achieved QIR certification and can ensure your small business merchants are using payment applications installed and serviced in accordance with PCI standards.

QIR Blob OnlyGet Certified: QIR ASSIST
For developers who wish to pursue QIR certification, OpenEdge offers QIR ASSIST, a support program to get your staff certified and ensure you have access to payments security best practices. QIR ASSIST includes:

  • Consultation with PCI security experts
  • Education on topics such as: secure remote access, malware prevention, encryption and tokenization
  • QIR exam preparation
  • Post-certification marketing assistance to promote your new status as a Qualified Integrator and Reseller