Non Cash payments are increasingly making up a bigger portion of all the transactions conducted. This isn’t only prevalent because of more individuals making purchases online or via their mobile devices. Nor is something specific to certain geographies or income cohorts. There is almost 88% smartphone penetration among teens and adults in the U.S[. Individuals of all social backgrounds, educations, income levels, or ages have a smartphone and most of them use their devices to conduct purchases. In 2020, eCommerce grew an astounding 44% to over $862 billion [. For eCommerce over smartphones, sales are expected to grow to $432 billion, up from $148 billion just three years ago.
With the advent of commerce being carried out online via various devices, data security is top of mind for consumers, merchants, and payment processors alike. As the technologies to do business evolves, so do the types of fraud that various parties are susceptible to. Two technologies emerging as defenses for data privacy and fraud protection are EMV and Point-to-point Encryption (P2PE). There has been confusion regarding which technology should businesses implement, if one is better than the other, or whether they should be used in tandem with each other. Below explore these questions and address what is EMV and P2PE, why you would need them, and which would be best for your business.
What is EMV?
EMV stands for Europay, MasterCard, and Visa, the founders of the security standard in 1994. The security mechanism of EMV is a computer chip embedded into a credit card, in place of a magnetic stripe to process debit and credit card transactions. In the U.S., the majority of EMV card transactions are authenticated with a physical chip card and a signature. Globally, transactions are authenticated with a physical chip card and a 4-digit pin code.
EMV cards come equipped with a complete nano-computer system implanted in the EMV card. Since the EMV chip cannot be tampered with or cloned, unlike a magstripe card, it is the de facto security standard for debit and credit cards today.
What is P2PE?
P2Pe stands for point-to-point encryption and is considered a separate security measure from EMV chip cards. Although the EMV is the preferred global standard for secure credit and debit cards, there are still many merchants that do not have EMV-enabled payment processing terminals. In such scenarios, where transactions are concluded with magstripe terminals, businesses can use point-to-point encryption instead of EMV.
P2PE encrypts data of a debit or credit card from the point of capture, i.e., the point at which card data is captured by the card terminal until the point it reaches its destination of decryption. The process of encryption involved converting the debit or credit card data into an indecipherable form. At the point of decryption, the data is deciphered back into a legible form using a shared key.
During this process of P2PE, the data that is encrypted is no longer usable and holds no value to anyone that may look to intercept the data because of the missing encryption key to decipher the data.
Why do you need either of them?
So the question is why do I need to choose. P2PE offers indecipherable encryption, and for many merchants that is sufficient. However, it is important to keep in mind the mandate of the EMV liability shift.
Although EMV is not required by law, there are specific rules of card networks that require EMV-enabled terminals or the burden of fraud in the event of a fraudulent transaction falls on the card-issuing bank or the business processing the transaction.
American Express, Discover, MasterCard, and Visa have rules defining the liability of fraudulent cards not present transactions carried out on point of sale terminals, not EMV-enabled will be the responsibility of the issuing banks or merchants.
Which is better?
In the end, the question remains about which is the best form of technology to adopt. P2PE is a technological solution that can work not only for in-person transactions but also online and card not present transactions. P2PE technology is accompanied by tokenization of the encrypted data to save the information for future recurring transactions. This capability can be vital for businesses processing payments for subscription revenue.
It’s also hard to ignore the EMV liability shift, which effectively serves as a form of requirement to adopt the EMV technology. This has fueled EMV technology migration over the past few years in the U.S.
As businesses look to cater to all types of customers with varying payment preferences, it is recommended that merchants adopt a unison approach to implement security technologies. Using both EMV and P2PE helps secure transactions and also supports many different types of debit and credit cards.
Businesses are facing a paradigm shift with the fast adoption of eCommerce, mobile commerce, and the general trend towards non-cash transactions. Not only that but consumers are also encouraged to spend more and often and are facilitated with new forms of financial engineering, such as buy now, pay later. So as mobile devices take up a larger chunk of spending habits and as consumers spend more, security and privacy become increasingly vital to conducting business. Technologies such as EMV and Point-to-point Encryption (P2PE) are becoming the first line of defense against data hacks and fraud. Nonetheless, confusion is commonplace about what these technologies have to offer and how they can be used in unison. Businesses should invest in learning more about them and adopting compliance with these technologies immediately to counter the threat of rampant potential of fraud and to thrive in business today.