Credit Card Security: EMV, NFC, and PCI Explained
Source: CardConnect
Europay MasterCard VISA (EMV)
EMV technology, or the chip you now typically see on credit cards, offers a package of security features that the traditional magnetic stripe cannot match, which helps to prevent the theft of data from card skimming and duplication. Using cryptography, this chip ensures cardholder verification, validates the card issuer, and verifies sensitive data stored on the card. EMV transactions can only be done in card present scenarios, not online.
What are the benefits of EMV?
- Global acceptance
- Enhanced security
- Application processing controls
- Offline data authentication capable
The EMV Liability Shift
Before EMV, the liability for fraud fell on the card issuing bank. Now, however, if a merchant is not using an EMV compliant terminal, that liability falls on their business. As long as merchants continue to comply with the Payment Card Industry Data Security Standard (PCI DSS), process 95% of their transactions at EMV terminals and have not been involved in a security breach, they are still provided with 100% fraud protection.
NFC Payments
Near Field Communication (NFC) Payments represent the newest update to the payment’s ecosystem. Typically, these payments are done using the customer’s mobile device and an NFC reader. The customer hovers or taps their phone on the reader, and the transaction is done in seconds. These payments are encrypted, just like EMV payments, but are processed much faster than magnetic stripe or EMV transactions.
The Importance of PCI Compliance
The PCI SSC (Payment Card Industry Security Standards Council) was formed by the four major card brands in 2004 due to the growing threat of payments fraud. Between 1988 and 1998, Visa and MasterCard alone lost $750 million dollars, as a result of fraudulent activity. To standardize the industry, this group unveiled the PCI DSS (Data Security Standard), applicable to all businesses and organizations that accept credit card payments. This new set of standards meant more protection for both the merchant and cardholder, with surveillance from the card brands.
Criminals have become increasingly cunning when it comes to gaining access to cardholder information, whether it is in the e-commerce or card-present environments. These can be in the form of network intrusions, wiretapping attacks or device tampering schemes and new techniques being deployed every year. In 2016 alone, 4,149 data breaches released 4.2 billion private records. This quadrupled the previous record of 1 billion exposed records in 2013.
So how are these actors getting access to this sensitive information? Card information can be accessed from card readers, payment system databases, wireless or wired networks and paper records. Making sure that your company is following the guidelines set forth by the PCI SSC can help protect your business from these techniques. Payment security solutions backed by the PCI SSC, like point-to-point encryption and tokenization can reduce the scope of your compliance responsibility.
Data breaches can cost small business upwards of $25,000, which can be catastrophic for many companies. Staying up to date with PCI compliance and using the newest security measures can protect both your customers and your business, making everyone happy!
About CardConnect
CardConnect is a payments platform of Fiserv, focused on helping businesses of all sizes grow through the seamless integration of secure payment processing. Since 2006, we’ve been busy developing and advancing payment solutions protected by our patented, PCI-validated security defenses. Each day we do our best to provide high-quality and customized support to businesses so they can reach their own growth goals. For more information on CardConnect, please reach out to Rick Kallas at Richard.kallas@fiserv.com.