VictoriaF wrote:
Marbat,
Thank you for offering to answer our questions. I am taking you up on your kind offer:
1. Is "Chip and PIN" the same thing as EMV?
2. You wrote: "A combination of Chip and Signature and "No CVM" (No Cardholder Verification Method - essentially, the terminal doesn't prompt for a PIN or Signature) is." I am confused, because "No CVM" means no PIN and no Signature, whereas "Chip and Signature" includes signature.
3. At attended terminals I will use Chip and Signature.
3.a What happens at old unattended terminals? Do they take the card with a Chip and do not ask for PIN? That would seem to pose some security risks.
3.b How are new unattended terminals different from the old unattended terminals?
4. I can tell SDFCU when I will be in Europe. But I may be using the card in several countries and not know in advance all of them. How important is it to be specific?
Victoria
Victoria, let me know if this answers your questions:
1. NO! Definitely not. Chip and PIN is a type of EMV implementation. The other major type is Chip and Signature (and by extension, Chip and No CVM). Kind of like how a square is rectangle, but a rectangle isn't necessarily a square. It would be more accurate to say that EMV is Chip, but that's also technically wrong since the EMV standard also covers Contactless.
2. No CVM means no PIN and no Signature, however in our industry, it's typically lumped in with Chip and Signature because Chip and Signature cards almost always have NO CVM enabled. Note that a Chip and PIN card will always have Signature and typically No CVM enabled, in addition to PIN.
3. Correct! If an attended merchant refuses to accept your Chip and Signature card and you report them, they will be hit with massive fines.
3a. Some old unattended terminals may not accept a Chip and Signature/No CVM card because they may not be enabled for either Signature or No CVM. Some may be enabled for Signature via a Signature pad, others may be enabled for No CVM. Whether or not it poses a security risk shouldn't really matter to you. With US issued cards, you are not liable for fraud by law - banks are very, very good about Credit disputes. I've never heard of anyone losing a reasonable fraud dispute, ever.
3b. New unattended terminals should have No CVM, which essentially guarantees compatibility with a Chip and Signature/No CVM card.
4. Since I don't work for a bank, it's hard to say. Every bank has different customized fraud monitoring systems. I'd be as specific as possible about counties and dates to avoid issues. This issue is completely unrelated to EMV.