October 19, 2015
•
5
min read
Obama has proclaimed October 2015 to be National Cyber Security Awareness Month. In conjunction with the Department of Homeland Security and the National Cyber Security Alliance, Obama promoted events focused on cyber security and training cyber professionals.
In this post we will gloss over EMV and where credit card fraudsters are likely to look next for their big data breach opportunity.
Cyber security covers a lot of ground, and exists especially at businesses with point-of-sale retail. Credit and debit cards have sensitive financial account information on their magnetic stripe. The magstripe is an outdated technology and because it’s highly susceptible to malicious attacks and fraud, it has been an easy target for many criminals recently. The best-known examples of this type of credit card data breach include Target Corporation’s major breach, Home Depot, Barnes & Nobles, Michael’s and Neiman Marcus.Contrary to common belief, American financial institutions have not been able to keep bank accounts as safe as they could. Research published by Square, suggests that half of all credit card fraud happens.
The majority of this fraud is from thieves leveraging the low security of the magnetic strip cards.
This is why the October 1st EMV liability shift was put in place, to provide incentive for increasing security for consumers and businesses alike at the point of sale.
The liability is on the party that is the least EMV chip & PIN compliant, where that party is responsible for damages related to theft.
Any business large or small in the United States, that handles credit card transactions, must upgrade their point of sale terminals to be chip and pin EMV compliant. Businesses who can get their systems upgrades can protect themselves from this liability. If a consumer presents a credit card that only has a magstripe, businesses can still accept payments, but the liability will be on the financial institution that issued that consumer’s card.Now that we are in the month of October, banks and merchants who did not make the EMV chip & PIN transition will be held liable in the case of card present fraud.
Although you might not have made the deadline of October first, don’t worry – you’re not alone. Not everyone in the country has made the switch yet, but it would be wise to upgrade soon because fraudsters are already on the move.
When your business does upgrade, you will be helping the rest of the country by increasing its security for card present fraud. When the United States becomes 100% EMV compliant, it’s possible that fraudsters will be afraid to take advantage of card-present fraud. Given that the future of POS transactions will be much more difficult to breach, these cyber criminals will look elsewhere for weak links in information systems and online.
Once you take the first stem to become EMV compliant, Merchants should protect themselves from online fraud and ensure that their business maintains PCI compliance internally.
Strengthen your security and audit your business processes, you will save yourself more than a headache.
If you have any questions on EMV or PCI Compliance, feel free to give us a call.