Addressing Card Skimming at the Point of Sale—PCI and EMV Chip Technology

Addressing Card Skimming at the Point of Sale—PCI and EMV Chip Technology

Source: pymnts.com
By Cynthia Merritt

Introduction

Have you received a call recently from your credit or debit card issuer asking you to verify suspicious transactions, only then learning that your card data was compromised and used to make payments that you didn’t authorize? Or, even worse, have you found strange-looking charges on your card statement from merchants you’ve never heard of in locations you’ve never visited? If these scenarios are familiar, you are likely one of the growing number of victims of card skimming fraud. Card skimming occurs when the customer data contained in the magnetic stripe on a card is read through the use of special equipment that replaces or is attached to a merchant’s legitimate point-of-sale (POS) terminal. Once your information is extracted from the card, it is then electronically transmitted to criminals for illicit use.

Read full article pymnts.com

Visa’s Announcement to Accelerate EMV Chip Migration

A move to EMV [1] chip-enabled card payments could help the merchant community battle against payment card fraud. On August 9, 2011, Visa announced plans to accelerate chip migration and the adoption of mobile payments. The move to dual-interface chip technology is expected to create a more secure payment environment, which effectively reduces a criminal’s ability to harvest card data for making fraudulent card payments. Because the chip technology introduces dynamic values for each transaction, as opposed to the static data embedded in a magnetic stripe, the data is unusable even if compromised and replicated in a counterfeit card. It is important to note that some cardholder data in an EMV environment will be vulnerable in certain circumstances and will still require protection. Nevertheless, a move from magnetic stripe technology represents a quantum leap in the payments industry’s collective interest in combating payment fraud.

Read full article pymnts.com

Growing Incidence of Skimming Schemes

Cybercrime is a global problem today, contributing to a thriving black market for the exchange of cardholder data by large criminal organizations. Cybercrime takes many forms, but more recently criminals are shifting to card skimming as a means of perpetrating identity theft and payment fraud. Skimming fraud is considered by the U.S. Secret Service to be one of the most significant problems facing the credit card industry today. The past two years in particular have seen a dramatic upswing in the incidence of skimming breaches by international crime rings.

Read full article pymnts.com

Magnetic-stripe Fraud a Global Problem

The vulnerabilities inherent in magnetic-stripe technology are expected to contribute to ongoing skimming attacks in the near future, not to mention the associated credit and debit card losses. Other countries, including Canada and many in Europe, that have converted to the EMV chip technology standard have effectively mitigated skimming.The incidence of skimming in the United States exceeds that in the rest of the world. [2] Payment frauds like this have become a mainstay of global crime rings that recognize the United States as one of the last holdouts on more secure chip-enabled card payments.

Read full article pymnts.com

PCI Guidelines for Mitigating Skimming

The PCI Council has continued to advance security standards for preventing data breaches and protecting consumers. The council’s primary mission is to safeguard payment data and the systems that process that data. Recognizing the need to guard against the increased threat of skimming incidents, the PCI Security Standards Council issued in August 2009 an information supplement titled “Skimming Prevention: Best Practices for Merchants.” This guide provides information on how skimming schemes are perpetrated so merchants are better armed against them.

Read full article pymnts.com

The mobile channel as a use case for EMV chip payments

In March 2011, the Federal Reserve released a position paper titled “Mobile Payments in the United States: Mapping Out the Road Ahead.” This document represents the collective views of the mobile payments industry in identifying the fundamental components of success for establishing a secure and interoperable mobile ecosystem. Specifically, it says that the mobile infrastructure would likely be based on NFC contactless technology and that some form of dynamic data authentication would be at the heart of a layered mobile payments security and fraud mitigation program. The paper envisions that the mobile channel will be accessed by a mobile wallet permitting all forms of retail payments. However, the near-term inevitability of mobile card payments coupled with the critical need for better security in card payments is creating momentum for the adoption of mobile payments.

Read full article pymnts.com

Visa’s Plan Provides PCI Validation Relief

Visa’s plan states that it will “eliminate the requirement for eligible merchants to annually validate their compliance with the PCI Data Security Standard for any year in which at least 75 percent of the merchant’s Visa transactions originate from chip-enabled terminals.” Further, the merchant terminal infrastructure must be able process the additional data included in chip transactions versus magnetic stripe. The plan institutes a liability shift for counterfeit card transactions from the card issuers to the merchants. Currently, the United States is the only country that has not agreed to a liability shift associated with chip-enabled payments.

Conclusion

The large number of card networks and payment card issuers in the United States has challenged efforts to establish a coordinated migration to EMV chip-enabled payments. Because merchants bear the financial burden of investing in terminal infrastructure, their needs further complicate industry migration. The merchant community understandably wants a future-proof investment strategy for POS technology. A number of issues will no doubt stir debate, including the option of signature or PIN authentication and whether other card networks will even follow Visa’s course. Still, the recent Visa announcement represents a move beyond the status quo and, we hope, in the right direction.

[1] EMV, the acronym for Europay, MasterCard, and Visa, is the global standard for interoperable chip payment card security and authentication.

[2] http://blog.gemalto.com/blog/2011/07/21/who-is-to-blame-europol-shuts-down-skimming/