By Gavin Lennox, Invenco CEO: There are days in the office when our engineers speak whole sentences in acronyms and just a few joining words. While our team generally understands what is being said, for anyone from outside Invenco it is like an entirely new foreign language. If technical jargon wasn’t enough, the whole EMV transition has sparked another raft of acronyms the industry has had to learn – or in some cases, re-learn. I thought I would do my part in hopefully providing a bit of clarity around five commonly used terms.
EMV® used to stand for the organization formed by Europay Mastercard and Visa. Today it is used more to reference the standard they developed to ensure chip cards and payment terminals operate successfully together. If you’re talking about the organization, it is now generally referenced as EMVco.
Near Field Communication allows data to be exchanged two-ways between devices held close to each other, but not touching. NFC-enabled devices incorporating smart chips (i.e. smart phones) securely store the payment application and customer’s account information to create a “virtual payment card”. NFC is often (if not accurately) used interchangeably with “contactless payment”.
Payment Card Industry Data Security Standard. This is one of the critical standards you want your EMV solution to be certified for. Developed by the Payment Card Industry Security Standards Council this data security process covers the prevention, detection and reaction to security incidents. There are range of PCI certifications that are actively supported at any one time – find out more on the PCI website.
Outdoor Payment Terminal: the self-service payment device into which chip cards are inserted enabling customers to complete a transaction in an outdoor kiosk, booth or dispenser. The EMV standard for outdoor payment terminals has been separated from the indoor payment terminal standard and is usually introduced in the second wave of EMV upgrades. OPTs can also be referenced as CRIND (Card Reader In Dispenser).
Remote Key Injection refers to the “keys” related to the secure downloading of bank, payment and other encrypted data or messages. These “keys” previously had to be inserted manually into an OPT in a secure environment. The advent of secure RKI means the same encrypted key can be downloaded via a PCI DSS certified cloud. As upgrades triggering the requirement for a new key are more frequent in the EMV world, RKI means you have less downtime and fewer costs around maintaining your compliance. Which is a good thing.
Having read this, if someone was to now say to you: “We’ve got RKI so our EMV and PCI DSS certified OPT is constantly enabled for NFC, chip card and magnetic stripe transactions” – you hopefully have a better chance of understanding what they mean. If you are looking for a more complete explanation of EMV related acronyms there is a comprehensive guide available for download from First Data.