The recent card security breaches at several major US retailers resulted in payment information from tens of millions of cardholders being stolen.
One of the merchants, Target, has since expedited plans to issue Chip and PIN enabled store credit cards to replace the magnetic-stripe cards involved in the breach. In March 2014, Target announced an accelerated $100 million plan to move its REDcard portfolio to chip-and-PIN technology.
It plans to have chip-and-PIN technology installed in all stores in the United States by this September, six months ahead of schedule. Other retailers are likely to follow suit, and shipments of the higher-security cards to US consumers are projected to reach 344 million by 2019.
It is important to note that, EMV technology would not have prevented the Target breach -which involved the installation of malware inside POS terminals’ memories, where data is unencrypted regardless of the type of card from which it originated. However, criminals’ ability to reuse that payment information – specifically to create and sell counterfeit cards – would have been greatly reduced.
One area in which the card issuers concede EMV technology will not prevent fraud is when stolen information is used to make purchases online or over the phone – so-called “card-not-present” (CNP) transactions, where no chip transaction is involved. In fact, evidence exists that CNP fraud has increased in countries that have adopted EMV cards. The UK, for one, saw losses from CNP fraud triple between 2000 and 2010.
For this reason, many of the world’s largest banks are urging adoption of a tokenization standard, which would help protect card data by substituting the account number with a unique, randomly generated sequence of numbers and alphanumeric characters that would make it difficult to use the same card repeatedly.
In any case, as both consumers and criminals alike continue to abandon the physical point of sale to make their purchases online, increasingly sophisticated security technologies – whether tokenization or other advanced encryption methods – will have to follow. It is important to look at this area as part of a layered approach that includes tokenization, end-to-end encryption and EMV cards.
The post Security breaches help drive EMV migration in the US appeared first on Payments Cards & Mobile.