Three times as many credit cards will be chip-enabled by the end of this year as debit cards, making slower banks ideal targets for cyber criminals.
According to Deborah Baxley, the Principal for Cards & Payments at Capgemini Financial Services, a projected 25% of debit cards are anticipated to be ready by the end of this year, in comparison to about 75% of credit cards estimated to be chip-enabled.
The reason for this uneven transition to EMV migration is due in part to unique requirements of the U.S. debit card system and recent regulations that are part of the Dodd-Frank Financial Reform Act, which now requires debit cards to have the option of routing to different debit networks.
The banks currently have the upper-hand, for example, say the bank has issued a chip card, but a merchant has yet to upgrade their system to handle these chip-enabled cards, the card then turns out to be fraudulent, and now the merchant will be held liable for the full amount of the fraud.
Banks are currently held accountable, but by migrating to the chip-based cards before merchants do, the banks stand to benefit, at least until merchants catch up with them.
As more and more banks issue out the new chip-based cards, cyber criminals will have smaller amounts of targets to prey on. But the banks who are currently lagging behind the rest, they’ll become progressively more attractive targets for cyber criminals.
Once all banks & merchants have successfully migrated to the chip-based cards, criminals with credit card numbers from incidents like the Target and Home Depot data breaches will have a much more difficult time using the stolen credentials.
If someone takes a stolen credit card number and uses it to create a counterfeit card, then attempts to use the card to purchase something, a new point-of-sale system would be able to clearly identify it as a card that was supposed to have a chip in it.
“If it doesn’t see a chip, then the transaction would fail. That’s what supposed to happen,” Baxley stated.
In addition to these new chip-based cards, it is the merchant's responsibility to use end-to-end encryption and tokenization to fully protect the payment information of its customers.
Learn about File Integrity Monitoring for PCI DSS Compliance
Read the full article on CSO
Read more on PCI DSS Compliance
Read more about EMV Migration