The US shifts nationwide to new smart cards – EMV cards or chip cards – and this marks the end of a 40 years era of magnetic stripe cards. The new EMV standard reduces significantly the chances you’ll receive a counterfeit payment. It’s nearly impossible for a fraudster to copy the EMV chip, but it is easy for them to copy the information from the magnetic stripe.
Since October 2015, merchants without an EMV-compatible POS system are responsible for chargebacks and fraudulent card acceptance. It’s important to note this only applies when an EMV card is presented at the POS. If a merchant doesn’t have an EMV terminal, there’s no way to detect if they’re accepting what should be an EMV card. EMV-enabled terminals will signal that the card should be dipped instead of swiped.
How to use EMV to your benefit? Mobile payments and contactless payments are one option. They can speed up the EMV processing time — EMV terminals are NFC and mobile ready, so your customer’s card data is more secure.
 And remember that smart criminals avoid businesses with upgraded equipment.
 What do you need to know about secure payments? Just take your time and find out more from Erply’s overview.
   

What is EMV?

EMV is the gold standard in credit card security – EMV reduced fraud by 66 percent in less than two years, according to Visa, and that number is only increasing.
EMV chip technology is now the best global standard for credit card and debit card payments.
 New Era Of Smart Cards All That You Need To Know About Secure Payments blog post image EMV is named after its original developers, Europay, MasterCard and Visa, and its technology features payment instruments (cards, mobile phones, etc.) with embedded microprocessor chips that store and protects cardholder data.
 This standard has many names worldwide and may also be referred to as: "chip and PIN" or "chip and signature."
 Chip-enabled cards are standard bank cards that are embedded with a microcomputer chip. Some may require a PIN instead of a signature to complete the transaction process.
 A chip transaction adds another layer of security to cards by requiring the chip to produce a single-use code to validate the transaction – this process makes your chip card information more difficult to steal.
  

The most widely known chips of the EMV standard

 

 

EMV Technologies


Contact.
These cards support cryptographic functions to prevent counterfeiting of cards and additional functions that make them more secure than traditional magnetic-stripe cards.
 
Contactless.
These devices allow transactions to be made by waving or tapping on a contactless-enabled terminal. A chip card communicates with a reader through a radio frequency interface. Similar to contact chip cards, they also support cryptographic functions for more secure transactions than with traditional magnetic-stripe cards.
 
Mobile.
This includes mobile devices augmenting or replacing contactless cards as well as an increasing number of mobile devices, with, or without, attachments for card reading and PIN entry, replacing traditional counter based POS devices. In addition to mobile contactless, there is also growing adoption of optical capture solutions for payment which lend themselves to mobile payment as well as remote commerce using mobile devices.
 
Payment Tokenization.
A global ecosystem that overlays and interoperates with existing payment ecosystems to support digital commerce and new methods of payment.
Payment Token is a surrogate value that replaces a primary account number (PAN) in the payment ecosystem. Tokenization has a similar goal to encryption but works differently. It substitutes card data with meaningless data or a token that has no value to a hacker. Merchants can use tokens to submit subsequent transactions, process a refund, etc. without needing to store the actual payment card details.
 
QR codes.
The two dominant QR Code payment use cases:

2nd Generation.
The terminal design supports various transaction environments, transaction flows, and communications protocols, including Interface ID, Cardholder Verification (CV) Method ID, Cardholder Verification Entry Device (CVED) Data Encryption Algorithm ID, Cryptographic Algorithm Suite ID.
 
Secure Remote Commerce.
This mode offers an approach to promote security and interoperability within the card payment experience in a remote payment environment. SRC facilitates checkout through information stored and managed by a payment network in the digital commerce environment. Content includes defined data elements, messages, UI and API guidance.
 
3D Secure.
3D Secure specification would support app-based authentication and integration with digital wallets, as well as traditional browser-based e-commerce transactions. Supports specific app-based purchases on mobile and other consumer devices, specifies the use of multiple options for step-up authentication, including one-time passcodes, as well as biometrics via out-of-band authentication.
 Also enhances functionality that enables merchants to integrate the authentication process into their checkout experiences, for both app and browser-based implementations.
  

How does chip technology work?

EMV-enabled device communicates with the chip inside the customer's chip card to determine whether or not the card is authentic. The terminal will prompt the customer to sign or enter a PIN to validate their identity.
 Payment data is more secure on a chip-enabled payment card than on a magnetic stripe (magstripe) card – data from a traditional magstripe card can be copied/skimmed.
 Today, there are more than 1 billion chip cards used around the world.
  

What is EMV offline payment?

EMV cards contain microprocessors that can interact with terminals, enabling them to perform offline transaction verification and offline cardholder verification without requiring an online connection to banking sysbr />tems.
It means that if you do not have any access via an
online connection to your banking systems
, the microprocessors interact with the terminals in the EMV cards to verify and accept PIN codes offline.
 For an online authorization, transactions proceed as they do with magnetic stripe cards. The transaction information is sent to the issuer, along with a transaction-specific cryptogram, and the issuer either authorizes or declines the transaction.
 In an offline EMV transaction, the card and terminal communicate and use issuer-defined risk parameters that are set in the card to determine whether the transaction can be authorized. Offline transactions are used when terminals do not have online connectivity (e.g., at a ticket kiosk).
 Offline PIN is a cardholder verification method, unique to EMV cards (magnetic stripe cards do not support offline PIN). When the EMV card is programmed, the offline PIN code is stored within the card’s microprocessor. During an offline PIN cardholder verification, the PIN entered into the terminal or PIN pad is sent to the card. The card’s microprocessor then returns the answer. If the entered PIN and the stored PIN are different, the card sends a failure signal.
  

What is EMV fallback?

For failed EMV transactions there is an established backup process – “falling back” to a magnetic stripe transaction, or fallback.
 A fallback transaction occurs in retail settings when t
he terminal detects that chip is not being read
.
Then terminal prompts to swipe the card and the transaction will be processed as magstripe transaction, without chip data and a fallback indicator.
 EMV provides three levels of security:
Once the chip is damaged at least card authentication and issuer authentication is not performed. Whereas cardholder authentication is still possible for PIN-based transactions only. Card with a damaged chip is as good as holding a magnetic stripe card. Merchants should reject transactions on damaged chip even in the fallback mode, says payment consulting company PayHuddle.
 According to EMV-connection.com, in some situations, a fraudster may create a counterfeit card with an intentionally damaged chip in order to invoke this scenario. For this reason, fallback transactions are deemed risky by the payments industry.
 Not all fallbacks are related to fraud. They can occur for valid reasons such as a damaged chip, a dirty card reader or staff untrained on processing a chip card correctly.
 Damaged chips are a big red flag. You don’t want to lose the sale, but when you bypass the proper EMV procedure, you open your business up to a chargeback.
  

How EMV helps to reduce chargebacks?

The technology behind EMV is designed to not only cut down on consumer fraud but also limit credit card and bank issuers’ liability for fraudulent payment chargebacks when the payer fraudulently recalls bank transfer after having received goods or services from the payee.
 After the adoption of EMV, merchants who have not upgraded to EMV technology usually become liable for chargebacks received (unless others in the payment chain have also not upgraded) even in cases where prior to EMV adoption the merchant would not have been liable.
It is the huge win for EMV technology users cause the chargeback process can take up to six weeks or six months.
 Taking part in the EMV switch is voluntary, but failing to do so exposes businesses to fraud liability and the loss of customers who prefer to interact with businesses that offer more secure technology.
  

Why are card-present transactions still vulnerable?

The answer lies in terminals where these cards are used – some merchants have not yet installed a chip-enabled terminal (gas stations have until 2020 to completely move from swiping cards to inserting chip cards). There are small to medium businesses, for which the investment can be a tough hurdle.
 Some merchants that have installed a chip-enabled terminal, some have failed to activate all of the chip security features, which is equivalent to letting customers insert their chip card, but then not closing and locking all the gates that would keep that number from reaching the dark web.
 According to CreditCards.com, the U.S. market is the No. 1 target for credit card thieves, accounting for 79 percent of the stolen numbers. That’s 60 million American card numbers out of the 75.9 million that were for sale globally during the 12-month period.
 Sources: emvco.com, creditcards.com, chase.com, nerdwallet.com, pcisecuritystandards.org, merchantmaverick.com
 

How to Choose a Payment Terminal?

A payment terminal is a device which interfaces with payment cards to make electronic funds transfers. It is also known as a POS (Point of Sale) terminal, credit card terminal, EFTPOS terminal or a PDQ (Process Data Quickly) terminal.
 The basic functions of POS terminal:
Higher end models, not only process credit and debit cards but also serve as a comprehensive customer engagement screen at the checkout: features include gift cards, cheques, contactless and mobile wallet payments.
 
Data transferring
 The majority of card terminals transmit data over a standard telephone line or an internet connection.
 Some have the ability to cache transactional data to be transmitted to the gateway processor when a connection becomes available; the major drawback to this is that immediate authorization is not available at the time the card was processed, which can subsequently result in failed payments. Wireless terminals transmit card data using Bluetooth, Wi-Fi, cellular, or even satellite networks in remote areas and onboard airplanes.
 New Era Of Smart Cards All That You Need To Know About Secure Payments blog post image


Key Vendors

You can always buy a credit card machine from
Amazon or eBay, but the machine itself is not enough. It is wiser to purchase a device from a third party, the merchant service provider – with
the hardware for processing credit card transactions
, and with all the services.
 The market is dominated by Ingenico and Verifone, they process 80% of all card machine payments in the world. The companies are very similar and competing fiercely:
here you can read the overview

.
 Other players on the market are Fujian, PAX, BBPOS, Bitel, Castles, Centerm, Dspread, Hangzhou Sunyard, Ne18pxxgo, New POS, et al.
 Sources: Wikipedia, arizton.com, prnewswire.com, verifone.com, merchantservisesltd.com, mobiletransction.org
 

What do You Need for Accepting Payments?

New Era Of Smart Cards All That You Need To Know About Secure Payments blog post image 
For equipment
  
For system
  
When you sell products or services online, you need to understand eCommerce payment system. For this you must have:


Credit Card Processing Services


NB!
Erply doesn't support
Apple Pay
directly. It depends on what the merchant (Vantiv, Cayan etc) supports Sources: pcisecuritystandards.org, towson.edu, barclaycard.co.uk, worldpay.com, vantiv.com, slideshare.net
  

Erply's integrated payment options save time and streamline sales


Erply allows your business to accept any payment type, from anywhere. Choose from credit card, cash, check, on-account
, store credit, or gift cards. You can also choose layaway or split payment options. Erply even supports the newest contactless technologies like Apple Pay, Google Pay, and NFC.

 Erply offers an easy plug-and-play set up and quick installation and support for iPad, Mac, and PC devices. This integrated payment system provides the most robust option for retail payments.

Non-dual entry increases accuracy.

Integrating your card reader with Erply means no more double-entry. Human error and manual end-of-day reconciliations will be significantly reduced. Plus, payments will appear quickly in your bank account.

Provide quality customer experiences.

Integrated payments mean you can serve customers with your full attention, even when it’s busy. You can also use a mobile POS solution to complete customer transactions right where they are - a touch they are sure to appreciate. Don’t step back behind a register and miss sales - assist customers while you’re talking to them and you can make the most of the customer service experience!

Accept online payments 24/7.

Ever dream of making money while you sleep? Our secure payment gateway makes it possible to accept payments from your eCommerce store at any time. Get paid quickly from online sales, with the confidence that comes from working with an established partner.

Really love your bank?

You might be able to stay with them! We know it’s hard to find business partners you can trust and we want to help you stay with the ones you do. We work with many preferred merchant service providers.
Contact us
to see what’s available to you.

Request a Free Demo.

Get in touch with us
and we’ll show you a better way to manage your business.

Mobile Payment Options

The fastest-growing segment of credit card use is in card-not-present or CNP transactions. Implementing a contactless payment option, such as Apple Pay or Android Pay, provides customers with another payment option that can speed up the process. Mobile payments mean quicker lines — especially with the implementation of EMV.
 There are five primary models for mobile payments:

 

Mobile wallets

A mobile wallet stores payment info in an app. It utilizes technologies such as Near Field Communication (NFC) and QR codes and allows to make payments on the web and card terminals and make in-app purchases.
 According to
Deloitte
, there are major benefits to mobile wallet acceptance:
Mobile wallets are accepted through a near field communications (NFC)-enabled POS system. If you have upgraded your magnetic stripe POS to accept chip cards (EMV-ready cards), your system has NFC technology and can accept mobile wallet payments.
 New Era Of Smart Cards All That You Need To Know About Secure Payments blog post image

NFC payments

Near Field Communication (NFC) phones use radio frequency identification to communicate with each other and with NFC-enabled points of sale. The phones have to be within four inches (ten centimeters) of each other.
 Every mobile OS maker has their own apps that offer unique NFC functionality. Android users have the widest variety to choose from: the most well-known option is Android Pay. Samsung Pay is available for Samsung phone users. Apple's phones from the iPhone 6, and Apple Watch, also have NFC functionality, usable for Apple Pay.
 NFC-enabled devices can support three modes of operation:

Security for contactless payments is the same as for a credit card.
Fraud protection laws all apply, and secure channels and encryption are used for sending credit card information and PIN numbers. For high-priced purchases or several purchases within a short period of time, the user is asked to manually enter her PIN number to ensure theft has not occurred.
 Smartphones let a customer store multiple credit cards and other payment methods all in one device that the customer is likely to carry everywhere with them already. NFC can evolve into a one-step payment method that works anywhere the customer wants to make a purchase. Typically contactless payments are faster because the PIN number or a signature is not needed. It also, however, can cause the customer to spend more since paying is so quick and easy.

QR Codes

QR code payment is a contactless payment method where payment is performed by scanning a QR code from a mobile app. This is an alternative to doing electronic funds transfer at point of sale using a payment terminal. This avoids a lot of the infrastructure traditionally associated with electronic payments such as payment cards, payment networks, payment terminal, and merchant accounts.
 To use a QR code payment the consumers scans the QR code displayed by the merchant with their phones to pay for their goods. They enter the amount they have to pay and finally submit. This is a more secure card-not-present method than others.
  

Card-based payments

A simple mobile web payment system can also include a credit card payment flow allowing a consumer to enter their card details to make purchases. This process is familiar but any entry of details on a mobile phone is known to reduce the success rate (conversion) of payments.
 In addition, if the payment vendor can automatically and securely identify customers then card details can be recalled for future purchases turning credit card payments into simple single click-to-buy giving higher conversion rates for additional purchases.
  

SMS billing

The consumer sends a payment request via an SMS text (or MMS) message to a short code and a premium charge is applied to their phone bill or their online wallet. The merchant involved is informed of the payment success and can then release the paid for goods.
This method is ideal for users who don’t have a smartphone.
 Many cloud-based payment systems continue to use SMS for presentment, authorization, and authentication, while the payment itself is processed through existing payment networks such as credit and debit card networks. These solutions combine the ubiquity of the SMS channel, with the security and reliability of existing payment infrastructure.
 Since SMS lacks end-to-end encryption, such solutions employ higher-level security strategies known as tokenization and target removal, whereby payment occurs without transmitting any sensitive account details, username, password, or PIN.
  

Direct transfers

Direct operator billing, also known as mobile content billing, WAP billing, and carrier billing, requires integration with the mobile network operator.
 
Benefits it provides:

Direct operator billing is being deployed in an in-app environment, where mobile application developers are taking advantage of the one-click payment option that Direct operator billing provides for monetizing mobile applications. This is a logical alternative to credit card and SMS billing.
 Sources: nfc-forum.org, wikipedia.com, everything.explained.today, wikivisually.com, wikizero.com, wikipediam.org, nearfieldcommunication.org,
  New Era Of Smart Cards All That You Need To Know About Secure Payments blog post image

How to Understand Credit Card Processing Fees?


Transactional Fees
 The biggest cost of operating a merchant account, come in two forms:
Often, both forms are charged on a given transaction.
   
Scheduled Fees
 Vary by name, value, and applicability, some of them will show up on your monthly statements. Always charged.
  
Incidental Fees
 Only appear per occurrence (when a chargeback occurs, for instance). Some months have not any chargebacks. Chargeback fees usually cost $15 or $20 per incident, but may be as much as $45.
   
Other common fees
  
Fees to avoid
  
The financial “middlemen”
Sources: merchantmaverick.com, business.com
 

Payment Security

The U.S. market is the No. 1 target for credit card thieves, accounting for 79 percent of the stolen numbers, shows new data from Gemini Advisory. That’s 60 million American card numbers out of the 75.9 million that were for sale globally during the 12-month period (from November 2017 to October 2018).
 Merchants really need to do their homework, and at least try to be prepared. And the vendors must be prepared for both – for data theft and for criminals using stolen data in the stores.
After the October 2015 EMV (Europay, MasterCard and Visa) deadline, the financial burden lies solely with the retailer if they are not EMV compliant and cannot receive chip and PIN cards.
 The card networks also offer their own customer verification products – including Verified by Visa, Discover’s ProtectBuy, Mastercard SecureCode and American Express's SafeKey – to consumers and merchants.
 New Era Of Smart Cards All That You Need To Know About Secure Payments blog post image

What is out of scope?

In short, it means eliminating sensitive cardholder data from the POS software, passing only non-sensitive data.
 If the data is going from one system or server to another then it is being transmitted and must be encrypted. It does not matter if the networks are not internet or public facing. The intention is that data is in clear only in memory for the minimum time required for processing.
 The vendor must only decrypt or translate cardholder data on the data-preparation or personalization or cloud-based provisioning network and not while it is on an Internet or public facing network.
 When out of scope, the POS transmits transaction details to an EMV terminal. The terminal securely communicates with the processor, then passes a response back to the POS. Since the POS never receives sensitive cardholder data, it is less exposed to cybercriminals.
 Choosing your POS system it’s wise to consider out-of-scope solution – that takes the POS system completely out of the payment authorization process. No cardholder data is ever sent to the POS, and staying out-of-scope keeps your business safe and secure.
  

Tokenization

Tokenization is a method of card protection utilized for card storage. Credit card data is transmitted to the processor’s gateway where it is converted into a code or token. The token is transmitted to the POS software application where it can be stored for future access.
 The benefit of tokenization is that if a merchant’s system is breached by hackers, tokens have no real value to criminals because they do not contain any card information that can be used for fraudulent transactions.
 Point to point encryption can be combined with tokenization to accomplish this level of security.
 Remember, that tokenization only solves the second half of the transaction life cycle: the initial transmission of the card data to the gateway needs to be secured.
  

Online fraud

The impact of launching EMV-technology is that fraudsters shifted their efforts to online fraud: card-not-present losses surpassed card-present losses for the first time in 2017.
 To protect themselves the merchants can require users to enter a CAPTCHA verification process proving they’re a real human rather than a bot, and require a card verification value (CVV) – the three or four-digit code printed on the back of your card.
 According to the EMV Migration Forum, a pro-EMV industry group, there are several precautions designed to deal with the expected onslaught of CNP fraud, including:
And there are more sophisticated fraud prevention options which include software that monitors the location, device and IP address of the purchaser – to make sure they match that of the card’s true owner. Monitoring for purchases that do not comport with the purchase patterns of the true card owner is also helpful.
  

How to secure my data?

According to the Payment Card Industry (PCI),
71 percent of cybersecurity attacks are aimed at small businesses
. So it is very important to understand the risks.
 The PCI provides in its
Data Security Essentials for Small Merchants
: Guide to Safe Payments

security basics to protect these highly-targeted small businesses against payment data theft and to help small merchants simplify their security and reduce their risk.
  

How is your business at risk?

Think carefully about whether you really need extra features such as Wi-Fi, remote access software, Internet-connected cameras, or call recording systems for your business. If not properly configured and managed, each of these features can provide criminals with easy access to your customers’ payment card data.
 If you are an e-commerce merchant, it is very important to understand how or if payment data is captured on your website. In most cases, using a wholly outsourced third party to capture and process payments is the safest option.
  

Use trusted partners

 

What is PCI DSS?

If your organization handles credit or debit card information, you likely need to follow the Payment Card Industry Data Security Standard –
PCI DSS
.

This is a set of requirements designed to ensure that all businesses that process, store or transmit credit card information maintain a secure environment. That means if you accept card payments, you must be compliant with these requirements.
 Shortly, PCI DSS is a reference source for security requirements designed to ensure the confidentiality of bank cards and credit cards when used in IT systems.
 Small merchants may be familiar with validating their PCI DSS compliance via a Self-Assessment Questionnaire (SAQ).
PCI DSS standard defines a common security level that covers the vast majority of requirements - this has become a benchmark in electronic payment security.
 PCI DSS is edited and maintained by the PCI Council, a professional association of credit card companies that includes VISA, Mastercard, American Express, JCB and Discovery.
  

The PCI Data Security Standard

PCI Security Standards are technical and operational requirements adopted by the payment card brands for all entities that process, store or transmit cardholder data and/or sensitive authentication data. Although compliance is technically voluntary, a failure to comply usually results in undesirable consequences. Sometimes a business that is not PCI DSS compliant lowers its industry standards and increases the likelihood of credit card fraud or security breaches. Moreover, a non-compliant business can be penalized by fines.
 The PCI standard

is divided into requirements:
For a vendor to continue to accept payment card services, it must implement and monitor how its system applies the PCI DSS. Large organizations are usually audited annually, smaller businesses are allowed to simply report their compliance.
  

Control your vulnerability

PCI External Vulnerability Scanning service

shows if you have security holes and an open door into your network for cybercriminals. This is a cloud-based service, so there's no hardware or software to install and maintain. Just subscribe and login to experience an easy-to-use scanning solution that gives you complete visibility and control.
  

Utilize firewall

One of the primary requirements of the PCI DSS is to have a
properly configured firewall

in place
because for businesses with an Internet connection, firewalls are the first line of cyber-defense.
 If your business utilizes Internet-facing Web applications – in particular, an eCommerce site that accepts card payments – the PCI DSS requires that you either utilize a Web Application Firewall (WAF) or have your website reviewed annually (or after any changes). Most merchants don’t have the resources to engage a technical expert to review their site after changes, so a WAF is an optimal alternative.
 Source: pcisecuritystandards.org
 

Payment Frauds

Identity thieves are now targeting card-not-present (CNP) transactions – purchases made online, over the phone or by mail or fax. Chip technology makes it hard to counterfeit a credit card, but it’s even harder to stop criminals.
 The vendor must prevent direct access to cardholder data from outside the cloud-based provisioning network or the personalization network, and ensure that Permanent Account Numbers or PANs are masked when displayed or printed.
 Chip cards or EMV cards decrease the chance of a data breach before hackers can get into your system and steal card information to make fraudulent cards. Chip cards store data in a more sophisticated, secure way than the magnetic stripe.
 If a hacker broke into your business’s EMV-enabled system, they would only obtain an encrypted version of the data — completely useless to fraudsters.
 Even if fraudsters take the magnetic stripe information from a stolen EMV card and create a non-EMV forgery, the magnetic stripe information still identifies the card as EMV. If one of these forged cards is presented and swiped on an EMV-enabled terminal, the magnetic stripe data tells the terminal that this is an EMV card and notifies the cashier to dip the card in the EMV slot. The cashier would then attempt to dip the card and notice the absence of the chip. Fraud averted.
 With an EMV reader, fraud is virtually impossible unless your terminal tells you to override and swipe, confirms
payments company Heartland.
 New Era Of Smart Cards All That You Need To Know About Secure Payments blog post image

Precautions

According to the EMV Migration Forum, a pro-EMV industry group, there are several precautions designed to deal with the expected onslaught of CNP fraud, including:
More sophisticated fraud prevention options include software that monitors the location, device and IP address of the purchaser to make sure they match that of the card’s true owner.
  

How can businesses protect themselves?

If you have any questions about compliance or what you can do to protect your business, contact
PCICompliance@e-hps.com

.
 Sources: pcicomplianceguide.org, heartlandpaymentsystems.com, morpho.com, wikipedia.com
 

Short Glossary of Payment Terms

AMOP
– Alternative Methods of Payment
or payments other than cash
, including
using a credit or debit card, loyalty program points, digital wallets like Google Pay or Apple Pay.
 

APR
– Annual Percentage Rate or the interest rate charged on credit card balances expressed in a standardized, annualized way.
 

ARQC
– Authorization Request Cryptogram or online authorization or a digital signature of the transaction details, which the card issuer can check in real time.
 

AVS
– Address Verification Service is a tool to detect suspicious credit card transactions and prevent credit card fraud. AVS checks the billing address, and the credit card processor sends a response code, depending on which the credit card transaction may be accepted or rejected.
 

BIN
– Bank Identification Number is the first six digits of a Visa or MasterCard account number. BIN is used to identify the card-issuing institution.
 

Chargeback


fraud

occurs when a consumer makes an
online shopping
purchase with their
credit card
and then requests a
chargeback
from the
issuing bank
after receiving the purchased goods or services. Once approved, the chargeback cancels the
financial transaction
, and the consumer receives a refund of the money they spent. When a chargeback occurs, the merchant is accountable, regardless of whatever measures they took to verify the transaction.
 

CNP
– Card Not Present occurs
when neither the cardholder nor the credit card is physically present at the time of the transaction.
It is most commonly used for payments made over the
Internet
, but also over the phone or by fax, or mail.
 

CVM
– Cardholder Verification Method, used to authenticate that the person presenting the card is the valid cardholder. EMV supports four CVMs: offline PIN, online PIN, signature verification and no CVM.
 

CVV
– Card Verification Value is the three or four-digit code printed on the back of your card.