EMV and Card-Not-Present grabs headlines, but less attention is being paid to old-fashioned credit card POS fraud. As pointed out in the following commentary, there are still effective measures that merchants and issuers can take to reduce POS fraud.
The latest figures from the Ponemon Institute and IBM 2015 Cost of Data Breach Study show an ongoing increase in the cost of a data breach. For companies that participated in the study, the number rose to $3.79 million. And that’s just the tangible cost.
Even more revenue is lost as consumers lose faith in affected companies and look elsewhere to do business and investors move on to other stocks.
The Payment Card Industry (PCI) released solution requirements for point-to-point encryption (P2PE) to assist merchants in protecting cardholder data and reducing the scope of their environment for PCI DSS assessments. However, these approaches still seem to be a concept rather than common practice.
But if merchants heed PCI requirements, they can reduce the risk of sensitive payment data breaches.
Encrypting sensitive data at the point the card is swiped — or dipped, in the case of EMV cards, which are equipped with computer chips) in the payment device and only decrypting it at the processor is the answer.
PCI has created requirements to help merchants safeguard sensitive payment card data – but the requirements have to be followed in order to be effective. Whether retailers are accepting payments from a terminal, dongle or mobile wallet, best practices include using P2PE and relying on HSMs in the processing environment.
HSMs will help manage risk in payment acceptance and HCE payment credentials by protecting keys and enabling a secure and compliant trust environment. This creates a complete payment data safety strategy that will position merchants in good stead going forward.
The arms race between fraud managers and fraudsters continues as both sides attempt to leapfrog ahead of the other. Merchants and card issuers need to do their part as every possible action is necessary to tip the balance to the good guys.
Overview by Raymond Pucci, Associate Director, Research Service at Mercator Advisory Group
Read the full story here