High Profile Security Breaches Drive EMV Migration in the US, Report Finds

Shipments of higher security smart payment and banking cards are projected to increase to 84 million in 2014, according to the Payment and Banking Cards Report – 2014, from IHS Technology.

The recent card security breaches at several major US retailers resulted in payment information from tens of millions of cardholders being stolen. One of the merchants, Target, has since expedited plans to issue chip-and-PIN-enabled store credit cards to replace the magnetic-stripe cards involved in the breach. In March 2014, Target announced an accelerated US$100m plan to move its REDcard portfolio to chip-and-PIN technology. It plans to have chip-and-PIN technology installed in all stores in the US by September 2014, six months ahead of schedule. Other retailers are likely to follow suit, and shipments of the higher-security cards to US consumers are projected to reach 344 million by 2019.

Don Tait, senior analyst for IHS, notes that EMV technology would not have prevented the Target breach – which involved the installation of malware inside POS terminals’ memories, where data is unencrypted regardless of the type of card from which it originated. However, criminals’ ability to reuse that payment information -specifically to create and sell counterfeit cards – would have been greatly reduced.

One area in which the card issuers concede EMV technology will not prevent fraud is when stolen information is used to make purchases online or over the phone – so-called ‘card-not-present’ (CNP) transactions, where no chip transaction is involved. In fact, evidence exists that CNP fraud has increased in countries that have adopted EMV cards. The UK, for one, saw losses from CNP fraud triple between 2000 and 2010.

For this reason, many of the world’s largest banks are urging adoption of a tokenisation standard, which would help protect card data by substituting the account number with a unique, randomly generated sequence of numbers and alphanumeric characters that would make it difficult to use the same card repeatedly. In any case, as both consumers and criminals alike continue to abandon the physical point of sale to make their purchases online, increasingly sophisticated security technologies – whether tokenisation or other advanced encryption methods – will have to follow. “It is important to look at this area as part of a layered approach that includes tokenisation, end-to-end encryption and EMV cards,” concludes Tait.


Related reading