Study: Chip-&-PIN Won't Cure Retail Breaches
Online card payment transactions on the rise, according to Javelin Strategy & Research.
The good news: US merchants are moving away from magnetic stripe payment cards to inherently more secure chip-and-pin or EMV type cards. The bad news: Most smaller merchants won't be ready for the rollout, and online payment card fraud (remember that?) is rising and will continue to increase, according to a new report by Javelin Strategy & Research.
"PoS fraud is going to decline, but it's going to take a while. EMV is not going to be deployed overnight," says Al Pascual, director of fraud & security at Javelin Strategy & Research.
Javelin studied Europe's EMV evolution, and while it's helped with on-premises card fraud, card-not-present (CNP) or online payment card transaction fraud has grown. "We're seeing CNP [fraud] is already bad, and it's going to get a lot worse."
That's because the total volume of card-not-present transactions are rising, and the bad guys will go after the easier targets as PoS systems get better locked down, according to Javelin's report.
"As the transaction volume in ecommerce grows, the total amount of CNP fraud will grow along with it," Pascual says.
He says the volume of CNP fraud in the UK -- where EMV cards are used at the brick-and-mortar PoS -- was growing. "In the US, without EMV, the numbers were very similar," he says.
Meanwhile, Javelin says retailers with less than 20 employees won't be ready for the migration to EMV payment systems, so they'll continue to use more vulnerable magnetic stripe technology. Bottom line: They will be the juicy PoS targets for cyber criminals. "In a November 2013 survey of small and micro merchants, just 20% stated that they would be EMV-capable within the next 12 months and 50% stated that they had little to no knowledge of the EMV liability shift. This gap in retailer awareness and motivation will contribute to the delay in EMV POS terminal conversion," the report says.
Says Pascual: "[Consumers] should get used to the idea that CNP merchants and e-commerce are going to become … breach victims. [Attackers] have to get that card data from somewhere," he says. "It's not going to be Target that gets breached. It's going to be Target.com."
Read more about:
2014About the Author(s)
You May Also Like
Is AI Identifying Threats to Your Network?
May 14, 2024Where and Why Threat Intelligence Makes Sense for Your Enterprise Security Strategy
May 15, 2024Safeguarding Political Campaigns: Defending Against Mass Phishing Attacks
May 16, 2024Why Effective Asset Management is Critical to Enterprise Cybersecurity
May 21, 2024Finding Your Way on the Path to Zero Trust
May 22, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024