EMV Transition Considerations for Security Pros

By   ISBuzz Team
Writer , Information Security Buzz | Oct 15, 2015 06:00 pm PST

Against the backdrop of an unprecedented growth of cybercrime, October 1 marked a significant milestone as the US embarked upon a program to mandate adoption of the EMV (Eurocard/Mastercard/Visa) card security standard to further reduce crime.

Created in 1993, and based on an earlier European fraud-reduction standard established in 1986, EMV introduces chip-based security measures that could limit fraud for retail POS (point-of-sale) transactions by dramatically reducing the risk of credit card copying and cloning. Though many anti-fraud and security professionals question whether the US has gone far enough with a chip-only solution instead of the European chip and PIN approach, most agree this is a good first step while others advocate going further with biometric solutions.

Compliance with this new mandate is especially important as the risk of fraud shifts to merchants and card issuers if they are not using EMV-enabled equipment, providing a powerful financial impetus to drive this transition.

What does this transition mean to security professionals?

With the right equipment and training in place, retailers could see a dramatic decrease in fraud.  In fact, implementation of EMV in the UK resulted in a 72% decrease in face-to-face card fraud. Security professionals in brick-and-mortar stores can deliver measurable benefits to their businesses by speeding the transition to EMV POS gear and training in-store personnel in proper usage. Retailers may also experience ROI from reduced costs of PCI compliance, helping to offset the costs of updating terminal equipment.

The picture is different for security professionals in e-commerce, however, as criminals shift their focus from stealing in-store to CNP (card not present) transactions. Be ready for increases in online fraud and ensure that appropriate measures are in place to validate transactions. For example, monitor and limit the velocity of transactions from a single location as well as the number of changes to an individual account.

Also, because there are so many US cards being exchanged for new EMV- equipped ones, there is a high risk that transactions will fail for stored cards. Security professionals should work with their finance and e-commerce teams to reduce the risk of failed transactions and related churn (in the case of subscription or repeat transactions) for stored cards by enabling account updater functionality.

One thing is certain:  the fourth quarter brings heightened retail activity in both the physical and digital worlds and raises the stakes for the success of the EMV rollout in the US.[su_box title=”About Frederick Felman” style=”noise” box_color=”#336588″]frederick felmanFrederick Felman, chief marketing officer of Recurly. For the past 25 years, Fred has made his career marketing consumer and enterprise technologies, and has had success building high-­tech businesses, brands and categories.

Most recently he was Chief Marketing Officer at MarkMonitor (acquired by Thomson Reuters, NYSE:TRI), and, ultimately for the acquired entity, the Brand Protection Business Unit at Thomson Reuters. As a business development, product and marketing executive at Zone Labs (acquired by Check Point Software, NASDAQ:CHKP) he and his skilled team created a consumer and enterprise market for a new approach to network security. Also, Fred has held various management, technical, sales and marketing roles at companies including Borland and Accenture.

Fred received his Bachelor of Science in Business Administration from the University of Southern California. He lives in San Francisco where he sometimes skillfully avoids collisions with Teslas on his bicycle route to work.[/su_box]