EMV Technology is Coming; Online Merchants Need to Prepare

EMV technology, known as Europay, MasterCard, and Visa, is the global standard of authenticating credit card and debit card transactions.  The EMV compliant cards use integrated circuit chip technology.  This system has existed in Europe, Canada, Latin America, and the Asia Pacific for a long time, but America has lagged behind in adopting this important security technology.  A traditional magnetic strip card can have its information stolen very easily because the data on the card never changes.  So when it is swiped once and a hacker obtains that data, they can easily replicate it to convert the stolen data into cash.

EMV compliant cards, on the other hand, have built in cryptographic algorithms which provide authentication between the issuing bank and terminal, and require the user to enter a PIN instead of a signature, or in some cases, Chip and Signature.  This greatly reduces the risk of fraud because the cryptographic algorithm creates a new, unique key with the EMV chip each time the card is dipped or used for a transaction.  This unique key can never be used again; thus if a hacker acquires the information from a transaction at a terminal in a store, they cannot utilize it to steal cash or buy goods because the key won’t be accepted again.  It’s estimated that currently 40% of the world’s cards outside the U.S. are using the EMV standard and 70% of the terminals outside the U.S. are using EMV.

As the system continues to roll out, customers and businesses will be very well protected from hackers due to the cryptographic algorithm in EMV cards.  While not every merchant has EMV POS terminals yet, it is a requirement and all cardholders’ issuing banks are now producing EMV cards to ensure safety.  This means hackers will focus more of their attacks on websites and online credit card processing because they will require less effort than hacking physical retailers.  While EMV technology cannot be fully utilized online yet, as technology continues to improve and the EMV system develops new solutions will arise.

In the meantime, online merchants need to invest in additional forms of online fraud and risk management in order to protect them and their customers as hackers begin focusing more of their efforts at online merchants.  A number of systems exist: Address Verification Services (AVS), Card ID Verification (CVC) known as CVV2 for Visa, CVC2 for MasterCard, and CID for American Express.

CVC allows merchants to automatically screen transactions, thereby allowing them to act swiftly if possible card not present (CNP) fraud is suspected.  Because the three digit code on the back of a card is not legally allowed to be stored, it requires the user of a card to have it in hand in order to make the purchase.

AVS screens by comparing billing address with the purchaser’s address to determine if something is amiss.

These are just 2 tools that must be implemented if not already part of your process, to help protect against online fraud. A merchant must also consider other technologies, which we will cover in later blogs.  As EMV technology becomes ubiquitous at physical locations, it’s vital that online stores maximize the implementation of security features to ward off hackers effectively.


Comments are closed.