The Reality Behind the Target Data Breach and EMV

Press enter to search
Close search
Open Menu

The Reality Behind the Target Data Breach and EMV

By Dan Ingevaldson - 02/26/2014
In light of the recent Target and Neiman Marcus data breaches, many have touted EMV technology as the answer to protecting retailers and their customers. It's understandable that people are eager for solutions that will prevent future data breaches – after all, a lot is at stake. But EMV isn't the cure-all many would like it to be. Let's look at what EMV can and can't do.
 
First, it helps to understand EMV. A joint effort conceived by Europay, MasterCard and Visa, EMV is a global standard for chip cards that has been adopted outside of the U.S. Customer identifiable information is stored on a smart chip instead of a magnetic strip, as it is on a traditional credit or debit card. To initiate a transaction at a terminal, the card is swiped and the customer enters a personal identification number (PIN). The account information is then passed to the terminal, and the rest of the transaction process continues unchanged.
 
What EMV Technology Can't Do
  • Stop data breaches like Target's. The Target breach was the result of malware installed inside the POS devices, where names and account numbers were temporarily stored unencrypted. It doesn't matter what kind of card customers are using; any customer identifiable information stored in the clear can be read and reused if obtained by an attacker.
  • Protect customers in card-not-present transactions. The majority of credit card attacks involve transactions in which the card is not present, such as on online or via the telephone. An EMV card cannot provide any protection in these scenarios, which comprise two-thirds of fraud attacks, because there is no way to enter a PIN or scan the card.
 
What EMV Technology Can Do
  • Make it more difficult to clone a card. The technology used to create the microprocessors in the chip on EMV cards is much more difficult to duplicate than the relatively simple magnetic stripe on traditional cards. It is therefore more difficult for criminals to clone an EMV card.
  • Improve the security of one-third of card-present transactions. EMV cards themselves better protect customer data than a card with a magnetic stripe. Customers who use an EMV card at a POS terminal that scans the chip in the EMV card for the transaction are more secure than they would be with a traditional card. This accounts for one-third of credit and debit card fraud.
What Retailers Can Do…Now
Regardless of EMV's benefits, they are of little use if the technology is not in place. The fact of the matter is that it won't be mandatory for most merchants in the U.S. to adopt the EMV system until October 2015. Retailers need to take action now to protect their customers and their business.
 
The best strategy to prevent electronic fraud is to implement a comprehensive, multi-layer approach. This can significantly minimize attacks, but also enable organizations to fight an attack at every phase, whether it's in the planning stage or even once data is stolen. Such a strategy can help retailers protect customer data now and in the future, regardless of the type of cards customers are using.  
 
Daniel Ingevaldson is CTO for Easy Solutions, a provider of Total Fraud Protection solutions against electronic fraud across all devices, channels and clouds.