PCI and EMV: A Car Washer’s Guide

July 16, 2019 | Richard Carpenter

Just when car wash operators were starting to get a handle on PCI compliance, along comes EMV. And with it comes a whole new host of questions. What is EMV? Does it replace PCI? Is it mandatory?

First things first, EMV is NOT a replacement for PCI. While both work towards the same goal, they are not connected. They serve different purposes and have different requirements.

Let’s see how they differ and how both help protect merchants and customers.

PCI

pci-logo-IZHo.pngThe Payment Card Industry Security Standards Council (PCI SSC) was formed in 2006 by the five major credit card companies to create standards that ensure the secure handling of credit card information. There are 12 broad PCI requirements and 300+ sub-requirements, but here are the key points:

  • Your payment software must be validated as PCI-compliant by a qualified security assessor (QSA). You can search the list of validated applications on the PCI website.
  • A self-assessment questionnaire (SAQ) provided by your acquirer must be completed annually. The SAQ is complex, but a simpler version can be used if PCI-compliant Point-to-Point Encryption (P2PE) is in use. This technology securely encrypts card data from the card reader and decryption (to clear text) occurs at the processor. Merchants must use a product that has been validated to PCI standards to use the reduced SAQ.
  • A quarterly network scan must be completed. This service is typically offered by the acquirer (using a 3rd party) who remotely accesses the car wash location to ensure there are no security vulnerabilities. The scan identifies weak points in your network externally (firewall) and internally (malware). 

Compliance requirements are defined by the payment card brands and are applied by acquirers. As such, your merchant account acquirer is the best resource for compliance questions and guidance.

EMV

EMV stands for Europay, Mastercard, Visa, the three companies that created the global standard for chip-based debit and credit card transactions. While an EMV transaction uses the same card data as a magnetic stripe transaction, it also includes an encrypted data element (or cryptogram) which changes in every transaction. The cryptogram is generated by the chip on the EMV card and cannot be produced by a fraudulent card.

EMV is optional. However, not deploying EMV technology can put you at greater risk for financial loss from chargebacks. Also, you should consider consumer perception. Consumers are now familiar with EMV and may consider magnetic stripe processing as unsafe or outdated.

Better Together

PCI compliance helps protect credit card data that is stored, processed, and transmitted, but it doesn’t do anything to validate a specific card transaction. EMV prevents businesses from accepting counterfeit cards but doesn’t do anything to protect credit card data after the swipe. Consequently, EMV isn’t a substitute for PCI compliance, and PCI isn’t a replacement or catchall for EMV. The two combine to improve overall credit card security.

When selecting a point-of-sale system for your car wash, payment security should be top of mind. Ask any vendor you are considering how their system will help you maintain PCI compliance. Be sure to verify through the PCI website that the software has been validated. Additionally, you’ll want to consider EMV and whether your POS provider can support it. Taking the time to do the proper due diligence from the start can save you from compliance headaches and financial losses in the future.

About Richard Carpenter

Rich has spent his career bridging the gap between customers and product development. He works closely with car wash operators, C-Stores, distributors and manufacturers to help DRB develop powerful solutions to meet their needs and drive ROI. LinkedIn

More posts by Richard

Related Content

Credit cards

Blog Post

Harness the Benefits of EMV at Your Tunnel Car Wash

August 22, 2024

EMV technology has emerged as a global standard for credit card transactions, offering fast, smart and secure transactions.

Read more
upward bar graph overlay in front of a man pointing

Blog Post

Maximizing Car Wash Revenue: 4 Key Tactics for Sustainable Growth

May 30, 2024

If you're looking to achieve growth at your car wash but not interested in expanding, check out these tactics for boosting revenue.

Read more
Exterior of Time to Shine car wash

Case Study

Considering Switch to Patheon? Time to Shine Says “Jump Now!”

April 11, 2024

The Time to Shine team needed a more modern, flexible and user-friendly solution.

Read more
Translucent arrow decoration

Don't Miss a Post

Subscribe to our monthly Soapbox newsletter that includes all of our latest blog articles, plus events, news and more.

Air bubbles in blue water