Card issuers like MasterCard, Visa, and American Express set a deadline for October 1, 2015, for businesses to install payment processors able to accept EMV chip-based cards and almost six months later, we’re still seeing businesses lack urgency in transitioning to a more secure means of payment.
The implementation of the EMV chipped card was to help better protect personal information by creating a unique transaction code every time an EMV card is used for payment. While this technology will not prevent all data breaches, it’s a step in the right direction to help secure consumers personal credentials. Since the banks' deadline has passed to implement new payment terminals, the merchants and retailers are now held liable for fraudulent charges.
According to an identity fraud study conducted by Javelin Strategy & Research, in 2016 the number of identity fraud victims increased by three percent, roughly 13.1 million consumers in just the U.S. alone, totaling out at $15 billion for the year.
Even though the Chip & PIN implementation has lowered fraud over the last decade in Europe, U.S. banks still favor using chip cards with signatures, saying PINS provide little to no benefit in combating the $7 billion in annual U.S. card fraud.
The banking industry feels that PINS would only provide extra fraud protection when criminals try to use lost/stolen cards, a situation that accounts for only 14% of fraud. They instead feel that a more effective approach would be for retailers to embrace tokenization & encryption of credit cards.
A large number of retailers have not even begun to use the chip technology on credit cards and instead, continue to rely on the magnetic strip. Some retailers are even questioning why they should spend billions of dollars to enhance their POS systems if banks refuse to add chip-and-PIN technology.
Those businesses who have not installed EMV card compatible terminals are not breaking any laws or facing any penalties for non-compliance.
The state of the payment card industry’s security is in shambles with finger pointing by the banks and retail industry and it seems both industries have forgotten the most important thing: it’s up to you to protect your consumer’s information. Combatting fraud is not an easy task, but with EMV Terminals in place and instructing employees to verify customer ID’s, you can help eliminate your chance of fraud. But that’s not all- with the implementation of EMV terminals comes the increase in card-not-present fraud. This comes from criminals using stolen card numbers of e-commerce sites. That means that retailers need to be on the lookout for a spiked increase in fraudulent online charges.
One thing will remain the same- criminals will always want to steal your financial information. As cyber criminals grow in sophistication each year, so should your IT environment. POS terminals have been proven to be easy targets for criminals and simply too sensitive to leave them without defense measures implemented. When will you take action?
Start with the implementation of a hardened build standard with precision change detection, coupled with breach detection technology will ensure that, even if a breach is successful, you’ll at least be alerted to the fact immediately and be in a position to take action to prevent any card data loss. In addition to abiding by the PCI DSS compliance standards and adopting the latest EMV terminals, companies need to implement true end-to-end encryption and that also includes encrypting any data in the memory.