To give a precise answer, I would not waste time to say no.
Don’t confuse the EMV compliance movement with the PCI DSS compliance. By accepting EMV does not, in any case, remove the necessity for PCI Compliance. The most imperative thing that you should understand is that EMV does not have a direct effect on any organization’s PCI compliance requirements. Therefore, the adjustment to the EMV doesn’t condense PCI`s scope and does not change any entity’s liability to be PCI compliant. Thus, the reason one can comfortably argue that all merchants have to adhere to the PCI Compliance requirements even after shifting to the EMV compliance. In a closure look, you will understand that the Compliance is not an either/or proposition. What do I mean by this? If you are a merchant, and you accept credit cards, it is of much benefit and mandatory for you to be both PCI compliant as well as EMV compliant.
What is the difference between the EMV and PCI compliance?
The PCI and EMV have different requirements as each protect some distinct aspects of cardholder data. The main purpose of the PCI Data Security Standards is to ensure that the card data is not stolen and is always secure to begin with. On the other end, the EMV assures that if at any case the credit card data gets into the hands of fraudster its content is rendered useless.
- EMV’s ensure global interoperability and security of chip-based payment cards.
- It prevents cards from any possibility of being duplicated. This is achieved through the use of its chip that produces a unique encrypted output at the different time the card used in a transaction. This is a measure to prevent card skimming.
- The EMV card compliance specifications are managed by the EMVCo LLC (Visa, Europay, and the MasterCard).
- There is the requirement of an EMV certification between EMV-capable hardware and the processor.
- It also ensures the protection of strong cardholder verification data (chip and pin, chip and signature).
- PCI’s main goal is to protect cardholder data since it is processed, stored and transmitted by the merchants hence protecting the consumer from business exploitation.
- The PCIs follows some common sense steps that reflect best practices in a two party transaction. This includes building and the maintenance of a secure network, regularly monitoring and testing networks maintenance of the vulnerability management program that protects cardholder`s data, and also maintaining an information security policy.
- The PCI specifications are managed by the PCI Security Standards Council. This was founded by the American Express, Discover, JCB International, MasterCard Worldwide and Visa Inc.
- The PCI also requires habitual vulnerability scanning by the Approved Scanning Vendor (ASV).
So the EMV is not an alternative for PCI compliance neither is it a PCI replacement. The PCI is not a catchall for EMV. The two works together to improve overall credit card security