Search
Search
07.21.15

Keep your business safe. EMV is coming, what do you need to know?

With the mandatory changes being enforced as of October 1st, 2015 we are committed to cardholder data security and helping you avoid fines, fees and other costs associated with a breach. We offer a portfolio of security solutions and services designed to help businesses secure cardholder data, and streamline the process of Payment Card Industry (PCI).
Following the shift in liability for a data breach in which cardholder information is compromised, are you doing all you can to protect your business?

With the mandatory changes being enforced as of October 1st, 2015 we are committed to cardholder data security and helping you avoid fines, fees and other costs associated with a breach. We offer a portfolio of security solutions and services designed to help businesses secure cardholder data, and streamline the process of Payment Card Industry (PCI).
Following the shift in liability for a data breach in which cardholder information is compromised, are you doing all you can to protect your business?

PCI Compliance Guidelines.


Fortunately, the payment industry has made significant strides in responding to security threats, with the founding of the PCI Security Standards Council and release of the first set of PCI standards and practices in 2004. Any business that processes, stores or transmits
cardholder data is required to comply with the PCI Data Security Standard (DSS). The PCI DSS is a set of security best practices developed to help those businesses which accept electronic payments to proactively protect their customer account data. The standards require maintaining a secure network, implementing internal controls and performing regular testing. As the experts on the Council identify new types of attacks, updated standards are released to help ensure businesses keep their security precautions up to date.
 
The financial impact of data.
 
Breaches can be severe. For one major retailer suffering an extensive security
breach, the total cost of the incident could reach $680 million. One recent study found that 43% of consumers would avoid shopping a retailer that had been breached, and another 31% of shoppers will spend less at a breached retailer’s stores. Other direct and indirect security breach costs include brand reputation damage, lawsuits, negative press and operations disruption.
Taking these costs into account, the average cost of a security breach increased from $188 to $2015 per account. For a mid-sized business with 20,000 accounts, a pervasive security breach could potentially cost the company over $4 Million.
 
Potential Vulnerabilities.
 
There are three potential points of risk across the lifecycle of a payment transaction.

CARD IN USE – while being used throughout an enterprise for card present/card not present transactions, post-authorization, card on file adjustments, analysis and reporting
 
PAYMENT IN PROCESS – from the earliest point of entry in the data stream and while traveling to and from a gateway or processor.
 
DATA AT REST – as a batch awaiting settlement or stored within a system.
 
 
 
 
 
 
Top Priority.
With the increasing risks and costs associated with payment security and PCI compliance, there is now broader adoption of EMV, encryption and tokenization solutions to remove cardholder data from their unguarded environment. These solutions enable a business to streamline the process of PCI compliance while reducing expenses associated with the security effort. Solutions that effectively remove cardholder data from the organization’s processing environment have been shown to significantly reduce the complexity of PCI compliance audits, which vary widely in costs, time and resources depending on the organization’s transaction volume and infrastructure.
 
 
 
EMV: What Your Business Needs to Know.
 
 
EMV (which is an acronym for Europay, MasterCard® and Visa®) is a more secure way of accepting payments. A “smart card” and an EMV-enabled point of sale solution are required to leverage the technology and security capabilities inherent in EMV.
Smart cards contain a “chip” capable of more sophisticated security than traditional magnetic stripe cards, keeping cardholders safer and combatting counterfeiting and fraud by assigning dynamic values for each transaction. Since fraudsters cannot skim or copy chip card data, EMV technology helps reduce fraud risks for your business and your customers.
During the transition to EMV, many financial institutions will issue EMV cards that also contain a magnetic stripe. A customer can still swipe an EMV card using the magnetic stripe, but that does not take advantage of added security technology embedded on the card’s chip and is not considered to be an EMV transaction.
The process for an EMV transaction is different than a magnetic swipe transaction. With EMV transactions, the cardholder inserts the card into an EMV terminal, where it stays during the transaction. In some cases the customer will be prompted for a PIN(this is very much like a debit trans action). For this reason, EMV cards are commonly referred to as “Chip and PIN” cards. Alternatively, some cards may still require a signature instead of a PIN. EMV cards can also be referred to as “Chip and Signature” in this instance.

During an EMV transaction, the card never leaves the cardholder’s hand. You present the payment terminal to your customer – even in restaurant environments.
 
 
EMV “SMART CARD”.
Standard for payment cards using chip technology to authenticate the card and potentially the cardholder and reduce potential fraud at a physical point of sale. While traditional magnetic-stripe cards can be copied (“skimmed”) relatively easily with inexpensive skimmers, chip technology assigns a dynamic value for each transaction, making cardholder data virtually impossible to skim. EMV cards and EMV terminals have become the norm across most of Europe, and are now available in the U.S. from leading providers. The appeal of chip cards for consumers centers on their greater physical control of their card and the increased integrity EMV cards provide. Portable EMV devices are brought to the consumer, who inserts their card into the device to initiate the transaction, in much the same manner as an ATM machine works. With the card in their possession at all times, consumer satisfaction and confidence are both increased. It’s an ideal solution for restaurants, retail and a wide variety of industries. EMV offers protection from the liability of various payment card fraud scenarios when a business processes the payment using an EMV terminal.
 
TOKENIZATION.
Tokenization converts or replaces cardholder data with a unique token ID and stores the original data and token algorithm in a centrally-located, secure data center. It eliminates the possibility of having real card data stolen because the token is used in place of an actual account number. The token remains within the POS system and is called up (instead of the account number) to perform purchase adjustments, add new charges or perform other transactions. Tokenization is well-suited for card not present environments (mobile, ecommerce) where payment credentials are stored. Tokenization also works well for businesses like hotels that often temporarily store transaction data, before submitting for processing or for health clubs, utilities and other businesses that process recurring transactions.
 
ENCRYPTION.
Encryption encrypts the card data at the earliest point of entry to protect it as it travels across various systems and processing networks. Sophisticated algorithms render card data unreadable to anyone that gains access to it through hacking or skimming. A robust encryption solution protects data the instant a card is swiped or keyed on a terminal and keeps it encrypted until the data has traveled to a centrally-located secure data center for decryption and processing. Encryption is ideally suited for any businesses that processes card present transactions.