The news in credit cards this week is kind of yin/yang, straddling both sides of the security fence.
On the one hand, there’s news of another breach, this one affecting the St. Louis- based Schnucks Market chain, which confirmed an April 15 “hack” affecting 2.4 million credit and debit cards, used at nearly 80% of its 100 stores. Track 2 card numbers and expiration data were were breached in specific stores, and depending where your customers are based, they may not be affected at all.
But the item is worth mentioning because the attack, or breach, is indicative of a new type of “POS” — or “Point of Sale” — attack, called “BlackPOS,” wherein malware finds its way into a system through an unpatched access point. Often, simply keeping up with available security patches for all their software can help merchants prevent such attacks.
Also, in terms of protecting data on the POS side, is the coming of the“EMV” standard or “Europay/MasterCard/Visa,” which we’ve mentioned before, which uses chip technology, rather than the magnetic stripe that has become its own standard in America.
Believe it or not, MasterCard is expecting the U.S. ATM industry to have its machines ready to accept EMV-enabled MasterCards starting this very week! For any ATMs not ready, the liability for any fraud that occurs at these machines shifts over so that the ATM operators themselves will be liable when non-EMV-compliant machines are used. (Full compliance, industry-wide, isn’t slated for 2016, by the way…)
Some in the credit security industry, however, are wary because EMV appears to do little to address “CNP” fraud — i.e., “Card Not Present.” Inother words, the very kind of fraud we opened the article with. Which is to say, while “Card Not Present” is the opposite of “Point of Sale” from the consumer experience — i.e. one involves a customer physically using her card (POS) while the other means she’s using it “virtually,” online, via phone, etc. — in the world of security hacks, one leads to the other. When numbers and data are obtained through a POS breach, they are then later used for the more prevalent CNP-type of credit fraud, which too often makes the news.
If you need help with the ongoing balance between allowing your customers as many payment options as possible, but staying secure while doing so (again, install those security updates when you get ‘em! ), contact your AVPS rep today to find out how you can stay “safe and sane,” or rather, “secure yet profitable.”
In other words, both yin and yang!