EMV at the ATM: More reasons to migrate

By : Dena Hamilton

April 29, 2016 01:00 PM

October 1st, 2015 was one of the first significant milestones for the

migration to EMV in the United States. With this milestone came the first

liability shift for point of sale card transactions. The use of EMV has

landed for retailers and it will be the turn of ATM owners and deployers

next to adapt.


MasterCard liability will shift to the ATM deployer starting in October

2016, while Visa liability will shift in October 2017.


“A liability shift is not a mandate; ATM providers and acquirers are not

being forced to migrate to EMV. However, the liability shift provides a

very strong practical incentive to do so,” says the EMV Migration Forum in

detailed report on EMV at the ATM.


There are other reasons why migrating to EMV will be important. In the

point-of-sale space, migration has been based on two things - reducing fraud control and multi-product support

for value-added functions - areas where the ATM is becoming a more important battleground. Always-online

authorization coupled with the use of a PIN has traditionally made the ATM somewhat more secure than the

traditional POS environment where a signature has been all that’s needed to authorize a transaction. However,

increased fraud threats in the ATM space mean deployers cannot afford to be left behind.


The nature of the encryption as part of the EMV transaction process provides protection of the data that is being

communicated between the ATM and the processor. Recently, NCR has alerted on a new form of attack, where

criminals are attempting to capture card data over the network connections.


“Magnetic stripe skimming, combined with PIN capture (via shoulder-surfing, pinhole cameras, and false fronts),

has led to rapid increases in ATM fraud rates. In some markets, this rise in fraud has led to aggressive programs

for chip migration for ATM transactions,” says the EMV Migration Forum in its report.


Meanwhile, the evolution of ATMs from being cash dispensers to acting as a multi-functional self-service channel

increases the potential for value-added functionality. EMV is about much more than fraud prevention - the chip

technology creates the potential for many more functions to be performed securely at the ATM, such as card and

account management.


“ATMs are generally seen as a safer location to change/unblock PINs; to unblock applications; to manage

proprietary applications; and to execute lengthier and more complicated issuer scripts to modify application

parameters,” says the EMV Migration Forum.


There are other reasons why EMV migration is going to be important for ATM deployers, such as the ability to

more easily launch contactless ATM functionality. But whatever the deciding factor, owners and deployers need to

start planning for EMV now.


Dena Hamilton

GM/Director, Enterprise Fraud & Security Software Solutions

Other articles by this author

Dena specializes in fraud, risk, compliance and security with over 35 years in the financial services space. Her focus is in the development and deployment of enterprise financial crime solutions optimized in prevention, detection and back office efficiency.