The recent Target and Neiman Marcus
breaches have left people scrambling for answers to better security
solutions. Some tout EMV technology (also called chip-and-pin) as the
answer to security woe and even claim that this technology could have
prevented these retail breaches from happening. However, security vendor
Easy Solutions begs to differ.
What is EMV?EMV is the product of a joint effort by Europay, MasterCard, and Visa to ensure security of credit cards by adding a smart chip. In addition to a magnetic strip to provide customer identifiable information like account numbers or CVVs, EMV cards have smart chips and require the user to enter in a PIN number to access this information. After the correct PIN is entered, the transactional process is the same as any other credit card.
EMV can serve as a good security measure for card transactions. It makes it harder for criminals to clone cards because it's much harder to duplicate the microprocessors in the chip on EMV cards than the information stored on other cards' magnetic strips.
EMV Isn't The SolutionSo why couldn't EMV have saved Target and its customers a whole lot of trouble? The malware that attacked Target was looking for account information inside point-of-sale (POS) devices' memories, where data is unencrypted. This information would have been compromised regardless of whether or not it came from PIN cards because it was not taken directly off the cards themselves.
In order to prevent fraudulent card-present transactions, the EMV standard has to be implemented successfully and thoroughly. Consumers are still vulnerable to 'card present' fraud attacks where criminals steal information from cards that were swiped on a POS terminal. Merchants in the US don't have to adopt the EMV system until next fall, leaving not only U.S. customers but also foreign customers with EMV cards vulnerable to fraud attacks. Victims' information will be compromised if attackers monetize stolen card information via online transactions or use cloned cards in a non-EMV country.
Even if you do have additional protection with an EMV card, this doesn't make you immune to credit card fraud in transactions online or via phone calls. In fact, two-thirds of the incidents involving card fraud happen in situations like these where no physical card is presented to the merchant. Customers have no place to enter in a PIN, or scan the chip that their card contains. EMV won't stop security breaches or fraud, but it might change fraud perpetration patterns. Fraud involving the physical presence of cards may drop but online card-not-present attacks will probably rise.
Tips For CustomersA good first step to ensuring your credit card safety is to keep track of your financial transactions and protect your financial details. If you know or think you're a victim of card fraud, cancel your credit card and get a new one. Always check your bank statements to make sure criminals haven't nabbed your credit information. And be diligent about checking your credit card statements to make sure all the transactions are legitimate.
What is EMV?EMV is the product of a joint effort by Europay, MasterCard, and Visa to ensure security of credit cards by adding a smart chip. In addition to a magnetic strip to provide customer identifiable information like account numbers or CVVs, EMV cards have smart chips and require the user to enter in a PIN number to access this information. After the correct PIN is entered, the transactional process is the same as any other credit card.
EMV can serve as a good security measure for card transactions. It makes it harder for criminals to clone cards because it's much harder to duplicate the microprocessors in the chip on EMV cards than the information stored on other cards' magnetic strips.
EMV Isn't The SolutionSo why couldn't EMV have saved Target and its customers a whole lot of trouble? The malware that attacked Target was looking for account information inside point-of-sale (POS) devices' memories, where data is unencrypted. This information would have been compromised regardless of whether or not it came from PIN cards because it was not taken directly off the cards themselves.
In order to prevent fraudulent card-present transactions, the EMV standard has to be implemented successfully and thoroughly. Consumers are still vulnerable to 'card present' fraud attacks where criminals steal information from cards that were swiped on a POS terminal. Merchants in the US don't have to adopt the EMV system until next fall, leaving not only U.S. customers but also foreign customers with EMV cards vulnerable to fraud attacks. Victims' information will be compromised if attackers monetize stolen card information via online transactions or use cloned cards in a non-EMV country.
Even if you do have additional protection with an EMV card, this doesn't make you immune to credit card fraud in transactions online or via phone calls. In fact, two-thirds of the incidents involving card fraud happen in situations like these where no physical card is presented to the merchant. Customers have no place to enter in a PIN, or scan the chip that their card contains. EMV won't stop security breaches or fraud, but it might change fraud perpetration patterns. Fraud involving the physical presence of cards may drop but online card-not-present attacks will probably rise.
Tips For CustomersA good first step to ensuring your credit card safety is to keep track of your financial transactions and protect your financial details. If you know or think you're a victim of card fraud, cancel your credit card and get a new one. Always check your bank statements to make sure criminals haven't nabbed your credit information. And be diligent about checking your credit card statements to make sure all the transactions are legitimate.
No comments:
Post a Comment