Updates: California Senate Lets EMV Law Lapse; The State of Security
Recent Developments in California’s EMV Law
- We wanted to update you on an item we ran last week, wherein California State Senate law was on the verge of issuing its own mandates for a switch over to EMV standards in card transactions, setting April 1, 2016 as the date.
- However, according to a report in Computerworld, “the full Senate missed the voting deadline of May 30, ending its chances of passage until a new legislative session begins.”
State’s Response and the Push for EMV
- While the law hasn’t been completely discarded, questions still arise. As we approach the push for EMV, card issuers are actively promoting its adoption. According to the current schedule from credit card companies, U.S. retailers must support EMV by October 2015. Otherwise, they risk facing higher liability in the event of a data breach.
- While the proposed law appeared to have a lot of political backing — though letting it “expire” could be a low-cost way, politically speaking, to vote “against” it — there were parties opposing it, among them the San Francisco Chamber of Commerce, which said the legislation “sets back a more comprehensive national plan for issuing, accepting, and processing chip-imbedded credit and debit cards by creating a ‘California only’ technology mandate.”
Potential Alternatives and Opinions on EMV
- While it’s not entirely clear how a later state deadline — though one more hard and fast — would “set back” a rollout seen as happening anyway, the Chamber made another interesting comment, saying the bill “would needlessly tie businesses to one method of preventing hacker attacks while stifling efforts to find other new ways of countering fraud.”
- What’s interesting is that Chamber doesn’t specify what these other non-EMV methods might be, how EMV would preclude using them, or whether this infers there is greater reluctance among businesses to adopt the new standards.
The Increasing Need for Enhanced Security
- Indeed, there’s a pressing need for new standards. The 2014 Trustwave Global Security Report reveals a rise in breaches, not just the high-profile cases like Target or the recent eBay incident. Significantly, 85% of these breaches exploited vulnerabilities in third-party tools, including Java, Flash, and Adobe.
- One thing the report suggests is to simply make sure all the apps you use on personal, and company, computers are up-to-date. Additionally, “researchers found that weak passwords were a factor in 31 percent of the breaches under investigation.”
- Further, according to a summary in PC Mag, “Point-of-sale breaches, like last year’s Target fiasco, accounted for 33 percent of the total. As for where the breaches occurred, the U.S. is number one both in victim organizations and perpetrator location.”
Taking Precautions in an Uncertain Landscape
- That would be the same U.S. still struggling to adopt EMV standards. Or not.
- You, of course, can take steps right now by contacting your AVPS Rep, and making sure you’re up-to-date, wherever your points-of-sale are online, in the field, or in your store.
- Ultimately, taking immediate action is crucial, as it’s improbable that the upcoming Trustwave report will indicate a sudden and steep decline in breaches and fraud.