The Future of Payment Security
While United States accounts for only 25% of the global use of payment cards, the country has been the target of nearly 50% of all reported malicious attacks and frauds. Fraudsters love U.S. for two reasons:
• The wide use of magnetic stripe cards which are far less secure than chip & pin cards.
• The sheer volume of cards in circulation: U.S. consumers have an average of 5 credit cards in their wallets.
Therefore, U.S. regulators have finally decided to adopt EMV technology to increase the security of transactions and ultimately shift the liability of fraud to the part of the chain that is proved to be the least secure. EMV is a particularly important topic because its implementation is attached to a deadline.
The October 2015 date will shift fraud liability from the card-issuer to the merchant for fraudulent transactions as a result of using EMV chip-equipped credit cards with standard magnetic stripe-reading credit card terminals; thus, it is merchants’ collective responsibility to make sure they have the equipment required for EMV credit card processing.
However, even in the wake of the October deadline, several factors will keep EMV adoption from being completely seamless—or, perhaps from even happening unanimously, as perhaps 40% of US merchants will not have prepared themselves for the shift.
Points That May Hamper EMV’s Progress
Potentially prohibitive cost
Although upgrading to an improved security platform seems on its face to be a wise investment, the cost to upgrade all necessary materials could be prohibitive for some merchants. EMV-enabled credit card terminals cost roughly the same as their non-upgraded counterparts; however, merchants that require replacing multiple terminals still may not have the capital to invest in new equipment.
Flimsy enforcement
Despite the presence of a deadline, merchants will only incur penalties afterward if they allow fraudulent transactions to process. As no police force exists solely to monitor merchants’ compliance with EMV adoption—and, this would be a massive undertaking, if even possible—merchants will only be held responsible for compliance if they accept fraudulent transactions.
No effect on CNP transactions; little effect on non-card-based businesses
EMV chips are physical characteristics of cards that communicate with other physical devices when put in contact with them; thus, when not in contact with EMV chip readers, they have no effect on transaction security. For that reason, businesses that accept both card-present and card-not-present transactions—especially those with very few card-present transactions—may find it unimportant to devote capital to hardware destined to be seldom-used at most.
A recent study by Verizon Enterprises shows that “EMV adoption only displaces fraudulent activities rather than stamping it out. Taking Canada as an example, following the introduction of EMV in 2008, the fall in counterfeit and lost/stolen crime has been surpassed by the growth in CNP fraud.”
The Future of Tokenization
Ironically, tokenization with its lack of an attached fraud liability shift will likely see far more enthusiastic adoption in the coming years, not only because its very essence makes it a more powerful tool than EMV technology, but because of its attachment to fashionable consumer payment modules like Apple Pay.
Points to Consider About Tokenization (as Compared to EMV)
Not contingent upon card presence
While EMV chips rely on EMV card readers to securely transfer information, tokenization is not a physical characteristic of credit cards themselves or their hardware; this means the technology can be applied to any credit card transaction regardless of whether or not the card used is EMV-equipped. Instead of relying on an embedded chip, tokenization occurs at the payment gateway level, which means a properly equipped virtual gateway can tokenize credit card data from card-present and card-not-present transactions.
Not mandated by PCI DSS
Since tokenization is not compulsory (or at the very least is not an ideal reinforced by a deadline), merchants will not likely rush to adopt it quite as quickly as they might adopt EMV card readers, for example. However, also due to the absence of a deadline and accompanying controversy, tokenization is a term usually relegated to the minds of processing industry experts and not the general public, so it may take longer to gain mainstream popularity outside of its inclusion in digital wallets.
Businesses may adopt more out of desire than fear
This point is contingent upon businesses adopting Apple Pay, a tokenized mobile payment solution, and other digital wallets, if applicable. At the time of this publication, Apple Pay is only in the beginning of its implementation, but, as Apple’s products set many consumer trends, businesses clearly want to adopt the technology so consumers who prefer to use Apple Pay—what with its convenience and its better security—won’t shop someplace else.
Conclusion
Payment technology has grown by leaps and bounds since forty years ago, and will probably continue to do so—as will the efforts of fraudsters and hackers to compromise individuals’ credit card data and break into businesses’ servers in order to steal their customers’ data. We all know that the impacts of a breach far extends the financial losses. As the study by Verizon Enterprises suggest some 70% of U.S. consumers are less inclined to do business with a breached organization. It is therefore incumbent upon merchants to keep up with payment security advances and seek out the best and most relevant processing solutions for their respective businesses and to gain and maintain their customers’ trust.
About Century Business Solutions
Founded by a management team of payment industry professionals, Century Business Solutions is committed to providing cutting-edge payment processing technologies to save their customers time and money. Century Business Solutions is a Gold Certified Microsoft Dynamics NAV, delivering integrated payment processing solutions to Dynamics NAV & Dynamics GP users.
The post Payment security in 2015 and beyond (part 2) appeared first on goERPcloud.