Kiosk EMV Compliance vs. Kiosk PCI Compliance

By | September 27, 2016

PCI Kiosk

What’s the difference between EMV compliance and PCI compliance?  The short answer is they’re both guidelines for protecting cardholder data for the purpose preventing fraud, but they focus on different elements of the credit card transaction.

“To clarify it even further and more simply, PCI is about making sure the card data doesn’t get stolen and is secure in the first place and EMV is making sure if the data IS stolen that the content is rendered useless.” – CPI PCI and EMV: What’s the difference?

My goal for this article is to give a brief overview of each of these standards for protecting cardholders so you have an idea how they impact how you accept credit card payments at your self-service kiosk or POS.

EMV Compliance:

  • The goal of EMV is to ensure the security and global interoperability of chip-based payment cards.
  • Includes robust cardholder verification (i.e. Chip and PIN).  The particular verification method that is used depends on the card issuer as well as the POS where you make a purchase.
  • Prevents cards from being cloned through the use of microprocessor on the card which produces unique encrypted output each time the card is used to defeat card skimming.
  • Requires EMV certification between EMV capable hardware and the processor.
  • President Obama signed an executive order that requires all government-issued credit cards and readers to come equipped with EMV technology starting 2015.
  • Has a US liability shift coming in October 2015
  • The EMV specifications are managed by the privately owned corporation EMVCo LLC and was first published in 1995 through a joint effort by Europay, MasterCard, and Visa (hence EMV).

PCI Compliance:

  • The goal of PCI is to protect cardholder data that is processed, stored or transmitted by merchants.
  • Follows common sense steps that mirror best security practices including building and maintaining a secure network, protecting cardholder data, maintaining a vulnerability management program, implementing strong access control measures, regularly monitoring and testing networks and maintaining an information security policy.
  • Requires regular vulnerability scanning by an ASV of Internet-facing environments of merchants and service providers.
  • Allows organizations to “self-assess” in many cases.  Different Self-Assessment Questionnaires (SAQs) are specified for various business situations.
  • The PCI specifications are administered by the PCI Security Standards Council, which was founded by American Express, Discover Financial Services, JCB International, MasterCard Worldwide and Visa Inc.

 

 

Andrew Savala

CEO at RedSwimmer Inc.
Andrew Savala is the CEO of RedSwimmer Inc., creators of the kiosk lockdown software KioskSimple. Andrew has been developing kiosk software since 2007, with an emphasis on self-service retail payment applications.

More Posts

Author: Staff Writer

Craig Keefner -- With over 40 years in the industry and technology, Craig is widely considered to be an expert in the field. Major early career kiosk projects include Verizon Bill Pay kiosk and hundreds of others. Craig helped start kioskmarketplace and formed the KMA. Note the point of view here is not necessarily the stance of the Kiosk Association or kma.global