Skip to content
Whilst the EMV (Europay, MasterCard and Visa) bashing in the US continues to gather pace, US banks, credit card companies and retailers continue to invest heavily in the technology widely used in Europe.
EMV cards provide greater security than the magnetic stripe cards currently in use in US
EMV cards are no panacea for credit card security
market by including a computer chip embedded in the card and requiring a PIN supplied by the user. In fact, President Barack Obama issued an executive order in October of last year directing the government to adopt chip and PIN technology and encouraging the private sector to do likewise.
Yet, the greater security of EMV cards depends on proper implementation of the technology, cautiones Avivah Litan, vice president and distinguished analyst at Gartner. Litan predicted that at least 5% of card issuers will suffer fraud on EMV cards due to poor implementation by the end of this year.
Companies in the credit card ecosystem are implementing chip and PIN along with tokenization and point-to-point encryption to improve card security. However, EMV cards are based on different protocols than tokenization systems used by merchants under the PCI DSS system. This can lead to merchants having multiple tokens for one card number, which could undermine card security, Litan explains.
As for point-to-point encryption, physically injecting encryption keys into each card reader in a “safe room” can take an extended period of time. But the time to implement it can be worth it for retailers because it can significantly improve security against data breaches. “Retailers we regularly speak with say they will turn on EMV acceptance ‘later.’ They rightfully view EMV as mainly helping the card brands and issuers, although when EMV becomes ubiquitous it will help everyone,” she related.
Litan recommends that the payment card ecosystem work together on open security standards, streamlined certification processes and education on best implementation practices in order to prove poor implementation of these technologies from worsening card security instead of improving it.
The post EMV cards are no panacea for credit card security appeared first on Payments Cards & Mobile.
