Payment security goes beyond EMV

by ZootBlog

by. Karen Gordon

The Target breach of 2013 has created an urgency to respond to credit and debit card fraud. The clear contender in this move for change is the implementation of EMV technology, but there’s more to consider. The Target breach would have occurred even if EMV had been in place. The breach was in the systems that stored their card data and the company has acknowledged that their computer security system had alerted them to suspicious activity long before the problems surfaced. Additionally, countries that have adopted the EMV standard have seen a marked increase in card-not-present fraud after doing so. The problem is pervasive—even Bitcoin is facing new types of attacks. Fraud won’t stop just because the United States upgrades to EMV. Fraudsters will simply migrate to the next chink in the armor.

There is no shortage of recent news about EMV migration. Some large retailers and banks are moving quickly. Target has partnered with MasterCard to bring EMV technology to its store branded cards. Wells Fargo announced that all new commercial cards it issues will feature microprocessor chips compliant with EMV standards. However, Javelin Strategy & Research reports it could be 2018 before EMV-enabled card usage is universal in the United States.

There are multiple benefits that will come from implementing EMV, including improved security and cardholder satisfaction. Magnetic stripe cards can be captured and copied easily, while EMV chip cards cannot. U.S. citizens without EMV-enabled cards are unable to make many transactions internationally. Conversely, international visitors can’t use their EMV cards at many locations in the U.S. because of the lack of terminals equipped to accept them. Additionally, in October 2015 liability for fraudulent charges on non-EMV POS terminals at merchant locations will be shifted to the stores.

However, in conjunction with EMV adoption there needs to be a focus on card-not-present channels, vendor security, insider fraud, and multiple other vulnerabilities. Mobile and online transacting are growing in popularity with consumers. While there hasn’t been mass adoption of mobile payments for reasons ranging from security concerns, usability, and merchant ability to accept new payment types, the movement is on its way. EMV does not address mobile and e-commerce risk so as that sector continues to grow, fraud prevention efforts must also keep up.

continue reading »

Featured