From Mag Stripe to Malware: Card Security Risks in 2011

A new report from Aite Group analyses top card threats and discusses the prospect of EMV and near-field communication (NFC) making inroads in the US market within the next decade. In April 2011, Aite Group conducted a survey of North and South American card security professionals attending MasterCard’s Americas Global Risk Management Conference, an annual event that helps foster collaboration among industry stakeholders and data security experts, with a focus on minimising fraud risk and maximising profitability. Based on this survey, the report offers insight into top fraud prevention mechanisms, respondents’ perceived effectiveness of the Payment Card Industry Data Security Standard (PCI DSS), and the propensity of financial institutions to use fraud prevention capabilities in their marketing messages.

While credit card fraud losses in North America have been flat over the last few years, debit card fraud losses are on the rise, driven in part by the increased debit card volume over the last decade and in part by increasing common point-of-purchase (CPP) events, which result in debit card compromise. Fraudsters are nimble and backed by a highly organised underground economy, and financial institutions must constantly evolve their tactics to keep pace with the wide range of attacks. Although the US has lagged behind much of the developed world in the deployment of EMV, card executives and risk management professionals are bullish that EMV and NFC will finally make inroads in the US.

“Card industry executives believe that EMV in the US is no longer a matter of ‘if’, but of ‘when’,” said Julie Conroy McNelley, senior analyst with Aite Group and co-author of this report. “The relevance of the magnetic stripe has disappeared. Whether the replacement is EMV, NFC, or a combination of the two, fraud will evolve and the industry will have to remain vigilant.”

Vendors mentioned in this report include: 41st Parameter, ActivIdentity, Acxiom, Anakam, Arcot, AurionPro, Authentify, Authentium, BancVue, Comodo, Deepnet Security, Detica, DigiCert, Entrust, Eunexus, FICO, First Data, FIS, Fiserv, Fundtech/S1, Gemalto, Giesecke & Devrient, GlobalSign, GoDaddy, Guardian Analytics, Harland Financial Solutions, Identita, Idology, InfoSys, Intuit, IronKey, Iovation, Jack Henry, Kount, LexisNexis, NagraID, NICE Actimize, Network Solutions, Online Resources, Open Solutions, Oracle, PhoneFactor, Polaris, Prevx, Q2banking, Quova, RSA, SafeNet, SAS, Silver Tail Systems, Strikeforce, SWIFT, Sybase, TeleSign, Temenos, Thales, TransUnion, Threatmetrix, Trusteer, Trustwave, Vasco, VeriSign, Wipro, and Wolters Kluwer.


Related reading