More often than not, shoppers at brick-and-mortar stores and marketplace stalls are able to make payments by simply tapping or waving their credit cards or smartphones near a contactless payment terminal. These transactions are protected from fraud with EMV software.
EMV is the standard for in-person credit card payment across the world. Whether you’re an established brick-and-mortar retailer or an ecommerce merchant looking to sell in person for the first time, you can benefit from EMV software solutions for secure payment. Read on to learn what EMV is, how it works, and how to choose the right solution for your business.
What is EMV software?
EMV software handles the processing of transactions involving EMV chip-enabled smartcards. “EMV” stands for “Europay, Mastercard, and Visa,” and it’s an international standard for the secure processing of credit and debit cards. EMV technology enables secure data verification between the card, payment terminal, and card issuer. A microchip embedded in the surface of an EMV card communicates with payment terminal hardware at the point of sale to validate the card.
EMV is supported by banks, merchants, processors, and vendors and regulated by EMVCo, a consortium of six member organizations (Mastercard, Visa, Discover, American Express, JCB, and UnionPay). The first EMV cards were issued in the mid-1990s but weren’t introduced to the United States until 2015.
Popular EMV examples include Mastercard Contactless Reader SDK, Visa Developer Environment platform, ENTRUST nShield, and Shopify Tap & Chip Reader.
Types of EMV software
There are three main types of EMV software available:
- Software development kits (SDKs). These tools allow developers to create EMV-compliant applications for a business using the kit’s code and libraries.
- Hosted solutions. These turnkey solutions let a business accept EMV payments without having to develop its own. Hosted solutions include a POS terminal, a payment gateway, and a merchant account.
- Software-as-a-service (SaaS). SaaS solutions live in the cloud. They permit businesses to accept EMV payments without purchasing or maintaining hardware. They usually include a POS terminal, a payment gateway, and a merchant account.
How EMV technology works
EMV supports two types of chip card technology: contact and contactless.
- Contact. With a contact card, instead of swiping, the customer inserts (“dips”) the card into a point-of-sale (POS) chip reader that reads the card’s data so it can be exchanged with the terminal.
- Contactless. A contactless card uses near-field communication (NFC) to transmit payment information between the card and the terminal securely. Mobile wallets tied to a smartphone or wearable devices work the same way.
When a customer dips or taps a card or waves a smartphone near the terminal, EMV software produces a one-time transaction code called a cryptogram. The POS terminal receives this code and authenticates the card with the card’s issuing bank. Upon successful authentication, the transaction process is completed. Some EMV software asks for a PIN code as an extra layer of security.
EMV chips vs. magstripe cards
Credit and debit cards with EMV chips differ from the traditional magnetic stripe—or magstripe—cards in three key ways:
- Fraud prevention. EMV software was developed to upgrade and replace traditional, more vulnerable magnetic stripe cards, which have an Achilles heel—the customer’s information and bank account number are stored on a magnetic strip as static data, making it easy to read and steal. Criminals can rip the data and clone the card to make fraudulent purchases. EMV software adds a security layer to prevent fraudulent transactions.
- Reliability. EMV technology is more reliable than traditional magnetic strip cards because the one-time code for each transaction makes it nearly impossible to clone. It can’t be used again.
- Liability. In 2015, card networks shifted liability for credit card fraud to businesses to promote EMV technology adoption and enhance payment card security—known as the EMV liability shift. As a result, merchants without EMV-compatible terminals became responsible for fraudulent transactions, driving them to quickly adopt POS terminals with EMV support. Visa saw an 815% increase in EMV card acceptance by merchants from 2015 to 2019.
Benefits of EMV software
The liability shift and the need to reduce rampant fraud and rebuild the trust of customers combined to make EMV technology the de facto standard. Here are the three main benefits of EMV software:
1. Enhanced fraud protection
Everyone—except criminals—benefits from the more robust encryption protection in EMV cards. When authenticating the card at a point of sale, the card reader only sees limited data (card number, expiration date, single-use cryptogram). The temporary code EMV software uses only works until the transaction is complete. The next time the card is used to make a purchase, a new code is generated. Some cards add another layer of protection with verification by PIN.
2. Customer trust
You probably know someone who’s been impacted by credit card fraud. According to the Nilson Report, over $32 billion was lost to card fraud in 2021. Every time a fraudster wins, it erodes faith in the integrity of business transactions. EMV cards are more secure, which goes a long way toward rebuilding trust in the process. The widespread adoption of EMV technology proves this point: Over 90% of worldwide card-present transactions and 84% of US transactions are made with EMV cards.
3. PCI DSS compliance
The Payment Card Industry Data Security Standards (PCI DSS)—created by Visa, MasterCard, Discover, and American Express in 2004—are policies and procedures meant to optimize secure credit and debit transactions and protect customers’ personal information. They establish comprehensive security requirements that organizations must adhere to when processing card payments, like maintaining secure network infrastructure, implementing strong access controls, regularly monitoring and testing systems, and encrypting sensitive cardholder data.
EMV technology facilitates compliance with PCI DSS by using dynamic data authentication and encryption techniques. EMV cards make it significantly more difficult for attackers to clone or counterfeit cards and help protect cardholder data by restricting unauthorized access to sensitive information stored on the chips.
How to choose the right EMV software for your business
- Consider your specific business needs
- Ensure the EMV technology integrates with your payment system
- Confirm that the EMV software is compatible with your ecommerce platform
- Ensure that the EMV software meets security needs
- Compare customer support features
- Research the product and provider reputation
Before settling on a working EMV program, research and compare options to ensure they align with your business requirements and budget.
1. Consider your specific business needs
A smaller company might benefit from EMV software that’s easy to use and set up, whereas a larger business may require software with high-volume transaction support. Some companies, like high-volume and high-value merchants, might require enhanced fraud protection. Budget could be a determining factor, too; prices may vary from $100 to several hundred dollars per month.
The main difference between EMV software categories (SDKs, hosted solutions, and SaaS) is the level of control businesses have. With SDKs, you have complete control and can customize as needed, but they’re also the most complex and require specialized programming skills. With hosted solutions, you have less control but fewer worries about developing and maintaining customized software. SaaS solutions lie somewhere in the middle.
2. Ensure the EMV technology integrates with your payment system
The EMV software should support the crucial features your payment system needs, such as contact and contactless payments and international payments. See if the software can automatically import EMV data to existing accounting software.
Shopify POS, for example, supports EMV chip cards using its Tap & Chip Reader, a portable device that plugs into a mobile device. When a customer swipes, taps, or waves their chip card, data is authenticated, and the payment is processed. The Shopify POS software works alongside Shopify Payments. Payment processing is already integrated with the point-of-sale software, and transactions can be tracked in Shopify admin.
3. Confirm that the EMV software is compatible with your ecommerce platform
All the declared functions of the EMV software should be compatible with your ecommerce platform. It’s possible that your ecommerce platform provider already includes EMV support, and the declared functions work successfully. If not, you may need to purchase new hardware devices or software.
4. Ensure that the EMV software meets security needs
Your EMV software should offer data encryption, fraud detection, and ongoing security updates. Ensure the software is EMV-certified, meaning it was tested and approved by the Payment Card Industry (PCI) Security Standards Council.
5. Compare customer support features
Your software provider should be available with 24/7 support by chat, email, and phone in case things go wrong. Software bugs or misconfigurations can open the door to fraudulent financial transactions or data breaches.
Supporting documentation, knowledge bases, and tutorials are equally important. Large EMV software providers like Shopify have active user communities that can help troubleshoot problems. Update your software on an ongoing basis to keep up with new features and security requirements.
6. Research the product and provider reputation
Read user reviews once you have a list of compatible EMV-certified software solutions. Does the software meet others’ expectations regarding functionality, security, performance, and usability? Consider the provider’s reputation: Do they have a stable track record of performance and support? You can also contact the software provider with specific questions.
EMV software FAQ
Can EMV software completely eliminate fraud?
No technology is entirely failsafe, but EMV software significantly reduces fraud risk for card-present transactions, thanks to dynamic data authentication (DDA), a challenge-response system that verifies the card's authenticity and PINs as an extra layer of protection.
Do I need to upgrade my payment terminals to support EMV software?
Older payment terminals may not support EMV and would require an upgrade. Check to see if you are legally required to upgrade the payment terminals, and if you’re uncertain, contact your payment processor or credit card company for advice.
Is EMV software compliant with industry standards?
Yes. The EMV standard is managed by EMVCo, a consortium of payment card brands (Visa, Mastercard, American Express, and Discover), who set the technical EMV specifications for cards and terminals and provide the certification programs for EMV-compliant technology.
Can I integrate EMV software with my existing ecommerce platform?
Yes, there are several ways. One is to use a third-party EMV provider’s plug-in to integrate functions with the ecommerce platform, or use a payment processor that supports EMV via a payment gateway.