Menu
Banking Exchange Magazine Logo
Menu

EMV effectiveness driven by implementation quality

5% of card issuers will suffer fraud due to faulty set-ups

  • |
  • Written by  Website Staff
  • |
  • Comments:   DISQUS_COMMENTS
EMV effectiveness driven by implementation quality

Following 2014’s high-profile data breaches, U.S. payment card network participants began heavily endorsing Europay, MasterCard, and Visa—EMV—chip cards as an important way to prevent damage from payment card breaches. However, a Gartner analyst found that criminals have taken advantage of poor implementations of EMV chip payment applications, committing extensive fraud that defeats EMV controls for everyone in the payment card ecosystem.

“Avoid Pitfalls with Payment Card Security Technologies and PCI,” a research note by Avivah Litan, vice-president and distinguished analyst at Gartner, points out some of the hidden problems with payment card security technologies and the payment card industry. By year-end 2015, at least 5% of card issuers will suffer fraud on EMV cards due to improper implementations, up from a handful today.

“EMV chip cards, already adopted in the rest of the world, have proven to dramatically reduce counterfeit card fraud because they are significantly harder to clone than magnetic stripe cards, which are still used throughout the United States,” Litan writes. “Nevertheless, the adoption of EMV is relatively slow and as a result, payment card network participants must prepare for at least five more years of support for EMV chip as well as magstripe protocols on a single payment card.”

Litan added: “Card data breaches have pushed U.S. banks, card networks, mega-retailers, and other payment card acceptors into more aggressively adopting two further key security technologies in addition to EMV cards—tokenization and point-to-point encryption.”

While the three security technologies have been around for years, the breaches created greater interest and spurred aggressive adoption timetables, according to Litan. This urgency has exposed some weaknesses.

“This calls out the need for all players in the payment ecosystem to work together on open security standards, streamlined certification processes, and shared education on best implementation practices,” Litan said.

“EMV tokens, as first implemented by Apple Pay and the payment card networks, are based on different protocols than the tokenization systems merchants use to limit the scope of PCI audits, leading to potentially conflicting token implementations,” Litan said. “Merchants who use their own tokenization system, and also accept Apple Pay or other EMV token payments, will end up with multiple tokens for one card number, defeating a major reason why many merchants adopted tokenization in the first place.”

Regarding point-to-point encryption Litan said that it can usually be turned on within three months if the solution uses remote key injection and management.

“Physically injecting keys into each card reader in a safe room under its own lock and key obviously takes much longer. Once deployed, P2PE can help protect all card transactions against data breaches. Retailers we regularly speak with say they will turn on EMV acceptance ‘later’,” said Litan. “They rightfully view EMV as mainly helping the card brands and issuers, although when EMV becomes ubiquitous it will help everyone.”

Tagged under Payments, Cards,

back to top

Sections

About Us

Connect With Us

Resources

Webinar: From KYC to IDV

How three leading banks are utilizing cutting-edge
digital tools to onboard, win, and wow customers

Time/Date: June 23, 2021 11:00 a.m. ET

Digital adoption, already moving at warp speed, accelerated seven years into the future during the COVID-19 pandemic. As the number of bank branches continues to fall, with at least one study predicting all branches will disappear by 2034 (Fox Business) and foot traffic declining (Vox), today’s most innovative banks are charting a new, digital-first path to win over customers while increasing security, meeting KYC compliance requirements, and winning customers to drive revenue.

In this webinar, you’ll hear from John Baird, Founder & CEO of Vouched, Tyler Crawford, COO of Bankers Healthcare Group, Anand Sathiyamurthy, CPO of Flagstar Bank and Daniel Sheehan, Chairman & CEO of Professional Bank as they describe their vision for digital transformation and how customer expectations are changing to digital first. They’ll also explore how fostering an innovation mindset creates new ways to tackle complex KYC problems and allows them to quickly compete in new markets and win customers.

REGISTER NOW!

This webinar is brought to you by:
Vouched Logo