3 Things You Need to Know About the Upcoming EMV Technology Rollout
By October 2015, U.S. credit card networks and merchants will adopt EMV payment systems and point-of-sales technology. EMV chip technology, named after its creators — Europay, MasterCard and Visa — will replace the dated magnetic stripe technology currently on major credit and debit cards in favor of tiny computer chips.
With the deadline looming for merchants to update their card readers to be compatible with EMV payment technology, it's critical for retailers and card providers to understand the implications of the change. After the deadline, retailers and banks that support magnetic stripe cards will be liable for any fraud losses that occur through the use of the cards, and will face serious damage to customer loyalty and sales if a security breach occurs.
Here are three important aspects of EMV technology that retailers must understand:
1. "Chip & signature" functionality: EMV payment technology is commonly referred to as "chip & pin." However, most merchants and card providers don't realize that this technology will likely not include PIN authentication in the U.S. On the contrary, EMV technology in the U.S. is expected to use signature authentication rather than PIN authentication, making "chip & signature" the more appropriate phrase.
2. Online security: While the use of computer chips in credit and debit cards is a huge step forward in terms of security for in-store purchases, the widespread U.S. rollout of EMV technology may actually increase online payment fraud. EMV technology in the U.S. doesn't incorporate any meaningful improvements to online payment security. As a result, fraudsters are likely to shift their focus to targeting online shoppers, where the technology is still insecure.
This has been the trend in other countries that have adopted EMV technology. For example, in Europe, while in-store fraud has decreased dramatically after the implementation of EMV chips and in-store readers, online fraud actually increased 21 percent in 2012, in part due to the introduction of EMV chip cards.
3. Steps retailers can take: Since increases in online fraud are inevitable once EMV technology is rolled out across the U.S., merchants and card providers need to take several precautions to protect their customers’ data. Implementing frictionless, context-based authentication enables businesses to verify each account login based on anonymous user identities, device usage, geo-location, customer behavior and other factors without compromising the user's identity, personal information and data.
Another measure retailers can take is using real-time trust analytics. This tactic offers instant analysis of device, location and behavioral context for every authentication attempt, while keeping user data anonymous. By leveraging a consistent set of identity authentication policies that compare data against industry-specific, global benchmarks, merchants and card providers can easily spot dangerous fraud attempts and hackers.
Sweeping adoption of EMV technology in the U.S. is a significant change for merchants and card providers. In the wake of fraud attacks at several major retailers, including Target and Neiman Marcus, retailers need to take action ahead of the EMV deadline to secure their online payments and protect user data. It's important to take steps now to avoid very public security breaches and irreparable damages to customer loyalty and sales later.
Andreas Baumhof is the chief technology officer at ThreatMetrix, a provider of integrated cybercrime prevention solutions. Andreas can be reached at abaumhof@threatmetrix.com.
