A Discussion on Security: Is EMV Enough?

Posted by Joe Musitano on Nov 7, 2014 11:47:39 AM

EMVDon’t get intimidated by this new “EMV” term. It’s actually pretty simple to understand – even if you’re not a techie or an intellectual type. EMV is a fancy jargon term that describes a new payment processing technology. You might also hear about “chip cards,” “chip and PIN,” and “chip and signature” – they all refer to the same thing.

The term “EMV” comes from the developers of this technology – Europay, Mastercard, and Visa. Some credit/debit cards already use this technology (it’s actually fairly widely used in Europe and Canada). EMV simply uses a small microprocessor that’s embedded into your credit or debit card. Banks and credit card companies want you to use them because they’re more secure than magnetic strip cards. 

For now, most cards in the U.S. do not have this embedded microprocessor. Some cards will have both a magnetic strip and microprocessor, and eventually magnetic strips will go away entirely.  There is a chargeback liability shift to merchants from the issuing bank for not accepting EMV technology on October 2015. Just keep in mind that this date will come and go for most merchants as they have a low incidence of chargebacks today. But for merchants that are fraud targets or have high ticket items that can be easily resold on the streets, than October 2015 becomes more meaningful.


How Does EMV Work? What Makes it More Secure?

It’s simple to understand, but complex when it works out in reality. The data stored on cards currently never changes. So if a criminal steals it, it’s easy to copy the data and sell or use it. With EMV cards, however, every time a transaction happens, the chip creates a unique code that never gets used again – ever! Because hackers use duplication when they actually steal your data, this makes EMV quite powerful. They could steal the transaction code, but since it’s unique, using the code repeatedly simply results in the card’s use being denied.

According to this blog post, fraud has doubled in the U.S. over the past 7 years. And a large part of this happening is that criminals have gone away from harder to attack countries with widespread EMV use to the U.S., which is comparatively easier to penetrate.

But is EMV Enough?  A Brief Introductions to P2PE and Tokenization

EMV technology will not prevent data breaches, but it makes fraud and theft much more difficult. It’s worked well in other countries, and the hope is the same happens in the U.S.

Over the next few weeks we will be featuring some blog posts with useful information on not only EMV, but tokenization and point-to-point encryption.  What I would call the trifecta of security.

Tokenization allows merchants to store tokens for each transaction, and use that token instead of the original card data.

Point-to-point encryption (P2PE), sometimes referred to as end-to-end encryption (E2EE), is the ideal state in which credit card numbers and other sensitive information is encrypted from the point of entry (card swipe) to the other end (the issuing bank).  

THE TRIFECTA IN SUMMARY: 

  1. Tokenization protects the storage of cards
  2. EMV fixes the card using a programmable chip
  3. P2PE protects the transmission and acceptance of cards.

Can't wait for our future blog posts on this ultimate security trifecta  or simply want to find out if moving to EMV now is the right move?  Contact one of our solution experts to discuss how you can protect your card transaction security.

Are You Ready for the EMV Revolution? 

Topics: EMV

POPULAR POSTS