EMV Compliance Requirements

EMV is an acronym for its developers Europay, MasterCard and Visa. EMV is the world’s standard for ensuring interoperability between chip-based payment cards (“smart” cards) and terminals. The cards were originally developed to address authentication issues caused by weak telecommunications networks in Europe; however, the microprocessors embedded in EMV cards have proven to be an effective weapon in the fight against counterfeit card fraud in card present (CP) scenarios.

EMV cards are the same size and thickness as standard magnetic-stripe cards. The card is inserted into a slot on the POS terminal and remains until completion, rather than being swiped through a reader. This “contact” method enables the card to communicate with the terminal.

EMV cards can also support “contactless” payments where the cards can either tap the machinery or be waved by the POS terminal to transmit transaction information. A card capable of performing both transactions is called a Dual Interface Card. EMV technology can also be built into smartphones equipped with NFC (Near Field Communication) chips. To help ensure wider payment acceptance, nearly all EMV cards also have a magnetic stripe for use at terminals that have not been upgraded to the EMV standard.

EMV is not an absolute mandate, it is a liability shift. Today, regardless of where a breach takes place, the card issuer accepts liability for fraudulent activity. With EMV, the liability will shift to the ATM operator or POS operator if the compromised device was not running the EMV standard. MasterCard is the first to impose a deadline for theliability shift for U.S.-based acquirers as of October 2016. Visa’s deadline is October 2017.

Migration to Windows 7

Microsoft will discontinue extended support for XP effective April 8, 2014. After this date, Microsoft will no longer provide regular security patches, technical assistance or support for XP. Financial institutions, TSPs and other third parties that use XP on personal computers, servers, and purpose-built devices—such as automated teller machines (ATM)—or that are dependent on applications that require use of XP could be exposed to increased operational risk. Although Windows XP will continue to function after that date, there is one important reason why you will want to upgrade your ATM to a new operating system: PCI compliance. The Payment Card Industry Data Security Standards outline twelve important principles for securing payment type applications and platforms. Requirement 6 mandates that all software be updated to the latest release. When Microsoft ends support for Windows XP, you will no longer be able to patch the O/S to handle future attacks.

Potential problems include degradation in the delivery of various products and services, application incompatibilities and increased potential for data theft and unauthorized additions, deletions and changes of data.

ADA Compliance Requirements

On September 15, 2010, the U.S. Department of Justice published the final rule adopting revised ADA Standards for Accessible Design (2010 ADA Standards) in the Federal Register. The new regulations impact ATM accessibility and communication-related elements, and will require the majority of ATMs in the country to be upgraded or replaced in order to comply. The communication-related elements (speech output requirements) of the new Standards do not qualify for safe harbor and will not be grandfathered. Thus, every ATM must provide voice-guided transactions as of March 15, 2012.

Dolphin Debit Access has compiled several resources to help you navigate new regulations and make sense of how they impact your business. Avoid costly litigation and follow the links below for valuable tools that help assess your current ATM situation and determine a path to ADA compliance.

Click on the links below to open each file:

Other helpful links: