Why didn’t EMV prevent the Arby’s breach?

The breach involved malware placed on payment systems inside Arby’s stores

Very recently another major breach of payment card data was made public, this time by Arby’s. The breach compromised more than 355,000 credit and debit cards at Arby’s 1100 corporate-owned stores nationwide.  The breach, which is estimated to have occurred between Oct. 25, 2016 and January 19, 2017, involved malware placed on payment systems inside Arby’s stores. And this comes at a time when many credit unions are still recovering from the losses and costs associated with the recent Wendy’s breach, which was also large-scale, as well as massive breaches at Target and Home Depot and several others over the last two years.

Many credit unions have been raising legitimate questions regarding the benefit of EMV in light of these breaches, namely:

  • “Why doesn’t EMV (chip cards) prevent this kind of fraud?”
  • “If a credit union has previously issued chip cards, how can a card still be compromised?”
  • “If a credit union has not issued chip cards yet, is this a reason to?”

EMV was intended to prevent counterfeit cards from being used at a POS. U.S. credit unions and banks saw about $4.5 billion in counterfeit card fraud before chip cards started being issued, which accounted for about 72% of all card fraud world-wide, since we were the last developed nation to adopt chip cards. Since then, merchants that have upgraded to chip enabled terminals have seen a 43%-54% decrease in counterfeit fraud. That number should be greater except for the many mag stripe only cards still in use.

continue reading »

More News