By : Andy Sirmon
March 31, 2015 12:44 PM
Now that we’ve debunked one myth – that EMV is a requirement and will be enforced by a government regulation or security council - we’re ready to take on our next myth that also pertains to an aspect of data security compliance.
Compliance with the Payment Card Industry Data Security Standards (PCI DSS) is required if you process, store or transmit payment card data. One of the misconceptions in the industry is that implementing EMV-enabled payment devices equals PCI DSS compliance. This is not true. EMV and the PCI Data Security Standards are two separate, but very complimentary, initiatives.
MYTH #2: EMV is a requirement for complying with PCI Data Security Standards.
You don’t need to implement EMV in order to be PCI DSS compliant.
Here’s the reason why. EMV uses technology that authenticates that a card is valid and belongs to the person using it, but PCI Data Security Standards involve a broader set of data security controls that protect cardholder data through the payment transaction process. To put it simply, EMV helps you identify and protect against someone trying to use a counterfeit credit card. Complying with the PCI Data Security Standards help you protect against physical and digital data security-related breaches across your entire payment network.
It can be easy to get the two confused since they both deal with credit card security, but neither one necessarily influences the other. While EMV can be one component to your data security strategy, it is not required nor mandated by PCI Data Security Standards, nor will implementing EMV make you PCI DSS compliant.
The takeaway: While EMV is one component to building an overarching, cohesive data security strategy that helps you reduce your liability risk, implementing EMV is not a requirement to achieve PCI compliance.
To learn more, we found a great EMV and PCI Security Standards comparison piece created by the PCI Security Standards Council. It provides more information on the differences between PCI Security Standards and EMV and how they work together. Also visit the EMV and PCI Security Standards websites for more information.
Keep any eye out later this week for our next EMV Myth: