EMV Integration

EMV Chip Technology has become more widespread in the United States and has already become the standard in most other developed nations. Companies need to ensure integration with this technology while maintaining security of cardholder data.

EMV chip technology has become the global standard for credit card and debit card payments. In 2014, about one-third of global transactions used EMV technology, and EMV deployment has climbed since then. Motivators to switch to the new technology include decreased liability, increased protection of cardholder data, and overall cost savings. However, the switch requires a solid business implementation plan which SecureState can help develop.

Benefits

Upgrading from traditional “card swipe” terminals introduces a higher level of security for payment card processing and may prevent a potentially costly shift in breach liability. As of October 2015, the party with the lower level of security (effectively, which would cause a contact chip transaction to not occur) is now financially liable for any resulting card-present counterfeit fraud losses. At the discretion of your merchant bank, you may also have reduced PCI reporting requirements if greater than 75% of your card-present transactions are processed through EMV-capable devices.

Over 80% of card-present transactions in South America, Western Europe, Africa, and North America (not including the U.S.) used EMV technology in 2014. The United States is very far behind this trend, with less than 1% of transactions using EMV technology. But since liability officially shifted in October 2015, more and more American companies are finding it necessary to adopt EMV technology.

Expertise

The PCI Council recognizes SecureState as validated to perform a variety of PCI services, including Qualified Security Assessors (QSA), Payment Application QSAs (PA-QSA), Approved Scanning Vendors (ASV), and PCI Forensic Investigators (PFI). Our assessors have deep experience across a wide variety of industries, including financial, government, retail, IT, healthcare, insurance, and more. SecureState maintains a number of other industry-recognized certifications such as CISA, CRISC, CISSP, GCFE, and ISO 27001:2015/2013 Lead Auditor, and is supported by additional internal experts in risk management, incident response, forensic investigation, ethical hacking and penetration testing, social engineering, as well as leading edge research and innovation. We partner with our clients to achieve security over compliance and maximize the return on your security investment.

Detailed Approach

Depending on the structure of your organization and current resources, implementing EMV can be a daunting task. To help our clients be successful and achieve the best return on investment, SecureState follows a three-phase approach. 

In the first phase, Discovery, data is collected via whiteboard sessions to determine current state. A number of things must be considered, such as solutions offered by your bank and other vendors, the feasibility of integrating into your current environment, business drivers, and a clear definition of your overall PCI scope. It is common in this phase for us to assist you in communicating with upper management and boards of directors to ensure full support from the top down. SecureState’s experienced management consultants can assist with both short and long-term budget planning if a phased implementation is indicated.

In the Evaluation phase, our network defense experts and QSA team can assist in reviewing proposed solutions and design a secure network solution based on available encryption, data flow and potential business/network segmentation. As decisions are being made, access to experienced QSAs and PA-QSAs is invaluable to ensure continued compliance throughout implementation and beyond.

Post-Implementation testing and ongoing PCI program monitoring ensures the continued safety of your customers’ data. In this phase, penetration testing may be performed to validate segmentation and Continual Compliance offers quarterly meetings to take stock of compliance activities and provide you with information about industry trends or changes to the PCI-DSS.

Get Started!