More often than not, shoppers at brick-and-mortar stores and marketplace stalls are able to make payments by simply tapping or waving their credit cards or smartphones near a contactless payment terminal. These transactions are protected from fraud with a secure EMV system.
EMV is the standard for in-person credit card payment across the world. Whether you’re an established brick-and-mortar retailer or an ecommerce merchant looking to sell in person for the first time, you can benefit from EMV software solutions for secure payment. Read on to learn what EMV is, how it works, and how to choose the right solution for your business.
What is EMV software?
EMV software handles the processing of transactions involving EMV chip-enabled smartcards. “EMV” stands for “Europay, Mastercard, and Visa,” and it’s an international standard for the secure processing of credit and debit cards. EMV technology enables secure data verification between the card, payment terminal, and card issuer. A microchip embedded in the surface of an EMV card communicates with payment terminal hardware at the point of sale to validate the card.
EMV is supported by banks, merchants, processors, and vendors, and regulated by EMVCo, a consortium of six member organizations: Mastercard, Visa, Discover, American Express, JCB, and UnionPay. The first EMV cards were issued in the mid-1990s, but weren’t introduced to the United States until 2015.
How EMV software works
EMV supports two types of chip card technology: contact and contactless.
- Contact: With a contact card, instead of swiping, the customer inserts (“dips”) the card into a point-of-sale (POS) chip reader that reads the card’s data so it can be exchanged with the terminal.
- Contactless: A contactless card uses near-field communication (NFC) to transmit payment information between the card and the terminal securely. This takes place when the customer “taps,” or holds the card near the chip reader. Mobile wallets tied to a smartphone or wearable devices work the same way.
When a customer dips or taps a card or waves a smartphone near the terminal, EMV software produces a one-time transaction code called a cryptogram. The POS terminal receives this code and authenticates the card with the card’s issuing bank. Upon successful authentication, the transaction process is completed. Some EMV software asks for a PIN code as an extra layer of security.
Types of EMV software
There are three main types of EMV software available:
- Software development kits (SDKs): These tools allow developers to create EMV-compliant applications for a business using the kit’s code and libraries.
- Hosted solutions: These turnkey solutions let a business accept EMV payments without having to develop their own system. Hosted solutions include a POS terminal, a payment gateway, and a merchant account.
- Software as a service (SaaS): SaaS solutions live in the cloud. They permit businesses to accept EMV payments without purchasing or maintaining hardware. They usually include a POS terminal, a payment gateway, and a merchant account.
EMV software examples
A number of EMV software solutions are available to help retailers securely process card-present transactions. Here are some examples:
Shopify POS Terminal
The Shopify POS Terminal pairs with your tablet for best-in-class checkouts in-store. The countertop payment device provides buyers with a dedicated customer-facing display. Plus, it allows you to use the same platform for POS and ecommerce, enabling true unified commerce.
Shopify Tap & Chip Card Reader
The Shopify Tap & Chip Card Reader accepts both chip and contactless pay and supports most major payment methods, including mobile wallets. You can connect it wirelessly to your tablet or phone and easily take it with you wherever you're selling—another way Shopify allows all ecommerce and POS transactions to funnel though the same platform for a truly unified commerce approach to retail.
Mastercard Contactless Reader SDK
The Mastercard Contactless Reader SDK is a software development kit that allows businesses to build EMV-compliant contactless payment solutions. It supports NFC-based transactions, allowing retailers to securely accept tap-to-pay payments.
Visa Developer Environment Platform
Visa has its own suite of EMV-compliant payment solutions that help businesses integrate secure chip-card processing into their payment infrastructure. The Visa Developer Environment Platform includes APIs for contact and contactless transactions, tokenization, and fraud prevention.
ENTRUST nShield
ENTRUST nShield is a hardware security module (HSM) that enhances EMV security by managing cryptographic keys and ensuring secure transaction processing. Retailers that require advanced security features, like encryption and authentication, often use ENTRUST nShield to strengthen their payment infrastructure.
How to choose the right EMV software for your business
- Consider your specific business needs
- Ensure the EMV technology integrates with your payment system
- Confirm that the EMV software is compatible with your ecommerce platform
- Ensure that the EMV software meets security needs
- Compare customer support features
Before settling on a working EMV program, research and compare options to ensure they align with your business requirements and budget.
1. Consider your specific business needs
A smaller company might benefit from EMV software that’s easy to use and set up, whereas a larger business may require software with high-volume transaction support. Some companies, like high-volume and high-value merchants, might require enhanced fraud protection. Budget could be a determining factor, too; prices may vary from $100 to several hundred dollars per month.
The main difference between EMV software categories (SDKs, hosted solutions, and SaaS) is the level of control businesses have. With SDKs, you have complete control and can customize as needed, but they’re also the most complex and require specialized programming skills. With hosted solutions, you have less control but fewer worries about developing and maintaining customized software. SaaS solutions lie somewhere in the middle.
2. Ensure the EMV technology integrates with your payment system
The EMV software should support the crucial features your payment system needs, such as contact, contactless, and international payments. See if the software can automatically import EMV data to existing accounting software.
Shopify POS, for example, supports EMV chip cards using its Tap & Chip Reader, a portable device that plugs into a mobile device. When a customer swipes, taps, or waves their chip card, transaction data is authenticated, and the payment is processed. The Shopify POS software works alongside Shopify Payments. Payment processing is already integrated with the point-of-sale software, and transactions can be tracked in Shopify admin.
3. Confirm that the EMV software is compatible with your ecommerce platform
All the declared functions of the EMV software should be compatible with your ecommerce platform. It’s possible that your ecommerce platform provider already includes EMV support, and the declared functions work successfully. If not, you may need to purchase new hardware devices or software.
4. Ensure that the EMV software meets security needs
Your EMV software should offer data encryption, prevent fraudulent transactions, and include ongoing security updates. Ensure the software is EMV-certified, meaning it was tested and approved by the Payment Card Industry (PCI) Security Standards Council.
5. Compare customer support features
Your software provider should be available with 24/7 support by chat, email, and phone in case things go wrong. Software bugs or misconfigurations can open the door to fraudulent financial transactions or data breaches.
Supporting documentation, knowledge bases, and tutorials are equally important. Large EMV software providers like Shopify have active user communities that can help troubleshoot problems. Update your software on an ongoing basis to keep up with new features and payment security requirements.
6. Research the product and provider reputation
Read user reviews once you have a list of compatible EMV-certified software solutions. Does the software meet others’ expectations regarding functionality, security, performance, and usability? Consider the provider’s reputation: Do they have a stable track record of performance and support? You can also contact the software provider with specific questions.
Benefits of EMV software
The liability shift and the need to reduce rampant fraud and rebuild the trust of customers combined to make this technology the de facto standard. Here are the three main benefits of EMV software:
1. Enhanced fraud protection
Everyone—except criminals—benefits from the more robust encryption protection in EMV cards. When authenticating the card at a point of sale, the card reader only sees limited data (card number, expiration date, single-use cryptogram). The temporary code EMV software uses only works until the transaction is complete. The next time the card is used to make a purchase, a new code is generated. Some cards add another layer of protection with verification by PIN.
2. Customer trust
You probably know someone who’s been impacted by credit card fraud. According to the Nilson Report, over $33.83 billion is lost to card fraud in a single year. Every time a fraudster wins, it erodes faith in the integrity of business transactions. EMV cards are more secure, which goes a long way toward rebuilding trust in the process. The widespread adoption of EMV technology proves this point: Over 90% of worldwide card-present transactions, and 84% of US transactions, are made with EMV cards.
3. PCI DSS compliance
The Payment Card Industry Data Security Standard (PCI DSS)—created by Visa, MasterCard, Discover, and American Express in 2004—is a set of policies and procedures meant to optimize secure credit and debit transactions and protect customers’ personal information. The PCI DSS established comprehensive security requirements that organizations must adhere to when processing card payments, like maintaining secure network infrastructure, implementing strong access controls, regularly monitoring and testing systems, and encrypting sensitive cardholder data.
EMV technology facilitates compliance with PCI DSS by using dynamic data authentication and encryption techniques. EMV cards make it significantly more difficult for attackers to clone or counterfeit cards, and help protect cardholder data by restricting unauthorized access to sensitive information stored on the chips.
EMV software FAQ
Is EMV software free?
No, EMV software is not typically free. While some payment processors or POS providers may include EMV compliance as part of the service, businesses usually need to purchase or subscribe to EMV-compatible solutions. Costs can vary depending on the provider, the type of EMV software (such as software development kits, hosted solutions, or SaaS-based platforms), and any additional features like fraud detection or encryption.
Is it possible to clone an EMV chip card?
Yes, it is possible to clone an EMV chip card. However, cloning a chip card is extremely difficult. This is due to the advanced encryption and security protocols built into the technology. Unlike traditional magnetic stripe cards, which store static data that can be easily copied, EMV cards generate a unique transaction code (cryptogram) for each purchase. This makes it nearly impossible to duplicate the card and use it for unauthorized transactions.
Is EMV mandatory in the US?
No, EMV technology is not legally mandatory in the United States, but businesses that do not adopt EMV-compliant payment systems face increased financial liability for fraudulent transactions. Since the EMV liability shift took effect in October 2015, merchants that continue to accept non-EMV transactions assume responsibility for fraudulent charges, rather than the card issuer. While businesses aren’t required by law to integrate EMV software, it’s strongly recommended to reduce fraud risk and protect both consumers and merchants.