GS Logo
The Green Sheet, Inc

Please Log in

Banner Ad
View Archives

View PDF of this issue

Care to Share?


Table of Contents

Lead Story

Secrets of the Inc. honorees

News

Industry Update

Proposed interchange settlement: Judge approves, industry objects

Hurricane Sandy's huge impact

EMV on fast track

Harbortouch emphasizes training

Trade Association News

Features

Educational aid for the feet on the street

Selling Prepaid

Prepaid in brief

The gamification of rewards

FinCEN pushes for cross-border prepaid enforcement

Views

Consumer payments in a connected age

Patti Murphy
ProScribes Inc.

Smart ISO-MLS relationships

Jeff Brodsly
Chosen Payments

Education

Street SmartsSM:
Are you a 10?

Jeff Fortney
Clearent LLC

Differentiate yourself: Sell to the medical industry

Jeffrey Shavitz and Adam Moss
Charge Card Systems Inc.

Opportunities in RAN and private-label programs

Mustafa Shehabi
PayCube Inc.

How to propel merchants to shed comfortable habits

Rick Berry
ABC MobilePay Inc.

EMV: Game on!

Dale S. Laszig
Castles Technology Co. Ltd.

Have we missed the window for EMV?

Nicholas Cucci
Network Merchants Inc.

Company Profile

Keep in Touch Systems Inc.

Merchants Choice Payment Solutions

New Products

Helping merchants clinch the sale

Payday Express Plus
Secure Payment Systems Inc.

Capital resource for ISOs, MLSs

Residual cash advance program
ISO Advance

Inspiration

Thinking of starting an ISO?

Departments

10 Years ago in The Green Sheet

Forum

2012 - 2013 events Calendar

Resource Guide

Datebook

Skyscraper Ad

The Green Sheet Online Edition

November 26, 2012  •  Issue 12:11:02

previous next

Have we missed the window for EMV?

By Nicholas Cucci

A significant data breach, disclosed in October 2012, comes once again as an attack on POS devices. This case affected retail customers of bookseller Barnes & Noble Inc. The company determined through an internal investigation that the compromise was linked to device tampering at its stores in nine states. I call this fraud incident the Hurricane Sandy of the payments industry.

This type of widespread number-skimming fraud brings up an interesting debate at a time when the payments industry is gearing up to make a massive technology change. The transition to the Europay/MasterCard/Visa (EMV) standard will address card-present fraud committed by retail customers, rather than the most prevalent types of card fraud the United States faces: card data theft through device tampering and database breaches.

On Oct. 24, Barnes & Noble confirmed the breach, which hit 63 stores. Criminals planted bugs in compromised PIN pad devices, allowing for the capture of card and PIN numbers. The bookseller said it had disconnected PIN pad devices at all stores nationwide as of Sept. 14. The breach reportedly affected only card-present transactions, and its customer database for its e-commerce business continues to be secure.

Waiting for patterns to emerge

This breach is causing card issuers to take stock of the fraud prevention and detection challenges they face. In order to determine the source of this fraud scheme, card issuers reportedly monitored the case beginning in the spring of 2012 using cross-channel detection. Most of the cards linked to this breach were reportedly used at nearby ATMs.

Barnes & Noble recommended that customers who swiped their cards at any of the stores with affected PIN pads take the following steps to protect their accounts. Card users were advised to:

Issuers standing guard

Card issuers are on the front lines of fraud detection. They are typically the first to identify a pattern when a retailer has been breached. Poorly maintained POS networks and devices are a primary cause of retail data breaches.

This incident raises a topic for debate as the industry gears up for a transition to EMV technology in 2013. Is EMV the right technology for the United States now?

EMV is a global card standard that Visa Inc., MasterCard Worldwide, American Express Co., and JCB International Co. Ltd. use to ensure security on contact and contactless card payments. The technology is usually called chip and PIN. EMV was developed to combat card-present fraud, which at the time was rampant in Europe.

According to the ATM Crime Statistics report of the European ATM Security Team, ATM fraud in Europe has dipped by 55 percent thanks to chip-and-PIN technology. Of an estimated 359,000 ATMs in Europe, 68 percent now use EMV, up from 63 percent in 2006.

Questioning potential return on investment

U.S. merchants are confused by the recent EMV push from the major card brands. Many larger merchants already swapped out POS equipment in the last three years to stay current. Now, they will again have to replace equipment for EMV-capable terminals. Domestically, merchants suffer more from database breaches and POS terminal breaches than card-present fraud.

In the United States, card-present fraud rates do not seem to justify an equipment swap like this. So any decline in fraud will not offset the costs of implementing EMV or contactless terminals. Currently, the card-present fraud rate in the United States matches that of Europe.

With the advent of smart phones, devices and mobile wallets, EMV has no definitive advantage now. The costs of an EMV transition will be paid for by merchants and processors, with limited return on investment. I believe we have missed the window for the EMV push in the United States. What do you think?

Nicholas Cucci is the Director of Marketing for Network Merchants Inc., a graduate of Benedictine University and a licensed Certified Fraud Examiner. Cucci is also a member of the Advisory Board and Anti-Fraud Technology Committee for the Association of Certified Fraud Examiners. NMI builds e-commerce payment gateways for companies that want to process transactions online in real time anywhere in the world. Contact him at ncucci@nmi.com.

Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.

previous next

Spotlight Innovators:

North American Bancard | Harbortouch | USAePay | IRISCRM.COM | Humboldt Merchant Services