Demos
How To Use Demos

How to use demos

Learn more about usage and features with our collection of demonstrations.

Tag Archives: EMV

As Big Banks Prep for EMV, Fraud Relief Remains Far Off

Large banks and card issuers are ready for the U.S. shift to chip-and-PIN technology, according to a report issued Wednesday. But the drop in fraud that is expected to result is unlikely to come any time soon.

The use of EMV-style chip cards is supposed to make retailers like Target less appealing targets for hackers because they will be storing less card data. However, the way the U.S. is implementing EMV leaves plenty of room for the continued use of fake cards. And there is a plethora of ways hackers can use stolen card information without using a physical card.

“EMV’s impact on fraud in 2015 could be pretty much a toss-up,” said Steve Mott, CEO of BetterBuyDesign, a consultancy based in Stamford, Conn.

According to a study released Wednesday by CardHub, all 10 of the largest credit card issuers are in the process of issuing chip-based credit and debit cards and expect the majority of their portfolios to be updated by the end of 2015. All the major banks are issuing chip-and-signature cards, with 40% also supporting PIN capabilities. About 65% of retailers plan to accept chip-and-PIN cards as well.

This means the major banks are in good shape to handle the October 2015 “liability shift” deadlines Visa, MasterCard and Discover have set to encourage U.S. issuers and merchants to migrate from magnetic stripe cards to EMV.

“Right now, issuers incur the cost of card-present counterfeit fraud in stores,” said Martin Ferenczi, president for North America at Oberthur Technologies, a manufacturer of chip cards. “After October 2015, the institution with the lesser technology will be liable for fraudulent charges.”

The CardHub study also shows that the major card issuers are all putting magnetic stripes on their chip cards. This provides convenience all around — the new cards consumers get in the mail will be usable on older point-of-sale terminals that are not yet EMV-ready as well as new devices. It also waters down the security promised by EMV.

As long as there are dual or hybrid payment terminals and ATMs that accept magnetic stripe cards, hackers will be able to use fake cards created with stolen credit and debit card data.

“Visa is projecting 29% of POS transactions to be chip-on-chip, but everyone I know believes the right number is more like 5% or less,” Mott said. “If it’s wildly successful, EMV chip-on-chip volume might hit a running rate of 10% by year-end, but only at the 200 top retailers.”

Mott expects merchants probably will have 30% to 40% of locations equipped with EMV-ready terminals by year end, but most of them will not have the software installed and certified to make them work.

“Many will choose to turn them off until they can figure out how to get around the user ‘gotchas,’ such as leaving cards in the dip slots and not dipping them long enough,” he said.

In some near-term scenarios, Mott said, EMV could actually increase fraud. For instance, EMV credentials sent “in the clear,” or unencrypted, could be intercepted and used online on websites that don’t require security codes.

Eventually, as the U.S. gradually shifts to EMV-only mode, fraudsters’ ability to use fake credit and debit cards on physical machines (this is also known as “card present” fraud) will fade, as it has in other countries like the U.K. and Canada. They will then take their stolen card data and inclination toward thievery elsewhere.

Card-Not-Present Fraud

EMV stands for Europay, MasterCard and Visa, a standard for chip-and-PIN cards that are considered far more secure than the magnetic stripe cards we use in the U.S. today. Card credentials will be tokenized, such that retailers will not receive the actual card number, but a temporary token generated by a card network. Hackers who break into a retailer’s network the way thieves compromised Target more than a year ago would find a stash of useless numbers. On top of that, EMV chip credit and debit cards are almost impossible to duplicate, which means counterfeit card fraud should decrease.

Many industry observers expect the migration to EMV will increase fraud in all the places where credit cards are used but not physically presented, such as on shopping websites, over the phone, over the mail, and over fax machines. This is called card-not-present fraud. Some experts include mobile app payments, such as Uber and Apple Pay transactions, in this category. Card-not-present fraud already accounted for 45% of U.S. card fraud in 2014, according to Aite Group.

When the U.K. shifted to EMV cards, counterfeit card fraud fell 56%, according to Aite, but card-not-present fraud rose 79% in the first three years after the country switched to chip cards. It more than doubled in Australia and Canada.

“The experience in the U.K. is very indicative of what we’ll see here,” said Joram Borenstein, vice president of marketing at Nice Actimize, a provider of fraud analytics. “Understanding how card-not-present fraud is likely to spike, we need to retrain fraud investigators.”

Read the full original article here.

Retailers to change to credit card smart chips in 2015

This story originally appeared on www.kbzk.com.

If you haven’t received a credit card yet that has a ‘Smart Card’, you soon will. Credit card companies are sending out the new credit cards to help prevent widespread fraud.

Retailers have until October 2015 to change over to what is known as EMV technology. EMV stands for ‘EuroPay, Mastercard and Visa, and have been used since the middle 1990s in Europe. If the retailer doesn’t utilize the EMV Chips, the fraud liability will be shifted from the credit card companies to the individual retailers.

“What most people don’t know is that 80% of credit card breeches is actually to small businesses,” said Katie Mansfield of Frontline Processing in Bozeman. “So really, the people here in Montana are the people that are at risk.”

Each time the chip is used, it creates a unique code that prevents the credit card information from being reused. Major retailers in the United States have been in the crosshairs of fraudsters over the last few years. This change is aimed to limit the exposure of fraud to the consumer.

While the technology does help take care of some of the fraud in the point of sale purchases, your card is still at risk if you buy online.

According to Trustwave Global Security, a breach or credit card fraud can cost a bundle of money. The average cost for a replaced card is $182. The cost for a forensic audit on a business averages about $50,000 with the total cost of the average data breech costing between $141,000 and $232,000.

data breaches

Is the Fallout from Data Breaches Increasing EMV Commitment?

You’d be hard pressed not to notice the increasing number of data breaches in the business papers today. Whether it’s a giant retail store or a healthcare organization, companies are scrambling (unfortunately, after the fact) to ensure their processes and systems are secure.

In a recent article by Digital Transaction magazine, it stated that the recent data breaches have spurred debit card issuers into action, a group that once was reserved around EMV adoption.  The article goes on to state that 67% of debit issuers now plan to offer EMV cards in 2015.

And while these PIN and Chip cards offer more security than magnetic strip cards, is EMV the ultimate answer to ensure a breach doesn’t occur in your organization?

The short answer is no. While they are part of an overall data security strategy, protecting cardholder data is not an easy, one-stop fix. Technology exists beyond encryption to ensure cardholder data never touches your ERP system, legacy applications and web stores.

It’s called tokenization and not all tokenization is created equal. Make sure when looking at solution providers that offer this technology that it can easily integrate with your existing processors, saving you time and money.

EMV is here to stay, but it’s not the final word in data security.

EMV Cards

Are EMV Cards the Answer to Card Security?

According to a recent study by Cambridge University, the answer is “no.”  EMV, also known as “Chip and PIN,” is used throughout Europe and Asia and is starting to be used in North America as well to improve cardholder data security.

The report, “Chip and Skim: Cloning EMV Cards with a Pre-Play Attack,” states, “that some EMV implementers have merely used counters, timestamps, or homegrown algorithms.”

The problem? This exposes EMV cards to a “pre-play” attack, which is indistinguishable from card cloning from the standpoint of the logs available to the card-issuing bank, and can be carried out even if it is impossible to clone a card physically.

Card cloning was the type of fraud that EMV was supposed to prevent. So how do you ensure the safety of your cardholders’ data? Best-in-class tokenization practices can prevent cardholder information from ever entering your systems, replacing actual data with surrogate values, rendering them useless to hackers and others.

 

“"
Thank you for visiting our site, due to the size of your mobile device, you need to rotate it 90° to view this site.