According to a recent study by Cambridge University, the answer is “no.” EMV, also known as “Chip and PIN,” is used throughout Europe and Asia and is starting to be used in North America as well to improve cardholder data security.
The report, “Chip and Skim: Cloning EMV Cards with a Pre-Play Attack,” states, “that some EMV implementers have merely used counters, timestamps, or homegrown algorithms.”
The problem? This exposes EMV cards to a “pre-play” attack, which is indistinguishable from card cloning from the standpoint of the logs available to the card-issuing bank, and can be carried out even if it is impossible to clone a card physically.
Card cloning was the type of fraud that EMV was supposed to prevent. So how do you ensure the safety of your cardholders’ data? Best-in-class tokenization practices can prevent cardholder information from ever entering your systems, replacing actual data with surrogate values, rendering them useless to hackers and others.