More Credit Fraud — But More Potential Security, too
The Yin/Yang of Credit Card News
The news in credit cards this week is kind of yin/yang, straddling both sides of the security fence. On the one hand, there’s news of another breach, this one affecting the St. Louis- based Schnucks Market chain, which confirmed an April 15 “hack” affecting 2.4 million credit and debit cards, used at nearly 80% of its 100 stores.
BlackPOS: A New Threat in Point of Sale Attacks
But the item is worth mentioning because the attack, or breach, is indicative of a new type of “POS” — or “Point of Sale” — attack, called “BlackPOS,” wherein malware finds its way into a system through an unpatched access point. Often, simply keeping up with available security patches for all their software can help merchants prevent such attacks.
EMV Standard: A Ray of Hope in POS Security
Also, in terms of protecting data on the POS side, is the coming of the“EMV” standard or “Europay/MasterCard/Visa,” which we’ve mentioned before, which uses chip technology, rather than the magnetic stripe that has become its own standard in America.
Believe it or not, MasterCard is expecting the U.S. ATM industry to have its machines ready to accept EMV-enabled MasterCards starting this very week! ATM operators will assume liability for any fraud occurring at their machines if they are not ready for EMV compliance. This shift in responsibility occurs when non-EMV-compliant machines are used. Furthermore, it’s important to note that the industry-wide mandate for full compliance isn’t set until 2016.
EMV’s Limitations: Addressing Point of Sale but Ignoring CNP Fraud
Some in the credit security industry, however, are wary because EMV appears to do little to address “CNP” fraud — i.e., “Card Not Present.” Inother words, the very kind of fraud we opened the article with. Which is to say, while “Card Not Present” is the opposite of “Point of Sale” from the consumer experience — i.e. one involves a customer physically using her card (POS) while the other means she’s using it “virtually,” online, via phone, etc. — in the world of security hacks, one leads to the other.
Finding the Balance: Staying Secure Yet Profitable
If you need help with the ongoing balance between allowing your customers as many payment options as possible, but staying secure while doing so (again, install those security updates when you get ‘em! ), contact your AVPS rep today to find out how you can stay “safe and sane,” or rather, “secure yet profitable.”
In other words, both yin and yang!