Invisible Hands and Lax Security: The Ongoing Push for EMV Adoption
He said that his dry cleaner doesn’t worry about someone using counterfeit cards at the cash register. However, many businesses underestimate the risk of hackers stealing customer cards by installing malicious software on point-of-sale devices. This issue has resulted in numerous breaches at well-known retailers, restaurants, and hotels over the past several years in the context of EMV adoption.
The Great EMV Fake-Out: No Chip For You!
The “he” in question is a Silicon Valley-based management consultant, quoted by Brian Krebs in his indispensible “Krebs on Security” blog, in a piece called “The Great EMV Fake-Out: No Chip For You!” The gist is that even though banks and credit unions have (mostly) issued new chipped cards, “comparatively few retailers actually allow chip transactions: Most are still asking customers to swipe the stripe instead of dip the chip.” What’s going on here?, the post asks. And where does all this leave consumers?
The Consequences of Delaying EMV Migration
It apparently leaves them waiting, if they want to be assume that every point-of-sale purchase they make will be more secure. According to a study released by the Strawhecker Group, “‘it appeared that some merchants delayed EMV migration completely until the holiday season ended to prevent friction and confusion at the checkout line,’ according to Jared Drieling, Business Intelligence Manager at TSG. However, merchants need to understand the consequences of delaying EMV migration now that they will face the fraud liability risk. ‘I suspect that many merchants that have delayed, especially merchants in higher risk categories, felt the impact of the liability shift last year and we’ll see them aggressively ramp up plans to migrate.’”
Visa’s Timeline for EMV Adoption
According to Krebs, “Visa has said it typically took about three years after the liability shifts in other countries before 90% of payment card transactions were ‘chip-on-chip,’ or generated by a chip card used at a chip-based terminal.”
Best Practices for EMV Adoption
And what should the response of your own business be to the current EMV situation? According to the IT security site Dark Reading, “So, yes, smart cards are more secure than the traditional magnetic stripe-only cards. If you are responsible for information security at your company, your first order of business should be to install point-of-sale terminals that can accept both chip and tap-and-pay cards, as well as mobile devices such as smartphones and smartwatches that include similar Near Field Communications (NFC) technology.”
But, the article cautions, “even with these new terminals installed, you have not eliminated the risk of fraud. For signature transactions, instruct employees to continue to verify customers’ photo ID. You must also be ready for an increase in online fraud as thieves, discouraged by an inability to use physical cards in stores, will turn to using stolen card numbers on your e-commerce sites.”
Reducing Fraud and Ensuring Data Security
In countries that have adapted EMV standards, there was a noticeable spike in online fraud — if those pilfered account numbers couldn’t be used in person, they could maybe be used briefly for online purchases. However, “despite the cost involved in upgrading PoS systems and replacing magnetic stripe cards, the improvement in data security and reduction in liability will be dramatic.”
Contact AVPS for EMV Upgrade
Meaning, if you still need to upgrade — it’s time to contact AVPS to get ahead of that “three year” figure, and keep your customers’ financial information safe
Yours is, after all, are exactly the kind of business that does care whether somebody uses a counterfeit card at your register.