End-to-end encryption: EMV cards alone aren't enough for security
Small businesses and consumers in the United States are in the process of switching from magnetic-stripe payment card usage to more secure chip-based cards. However, upgrading the cards alone won't keep cybercriminals away from your or your customers' sensitive data.
Beginning October 2015, merchants who do not want to accept liability for fraudulent card present transactions need to use card readers capable of processing chip cards at their point of sale. The technology used to process chip cards is called EMV, named after the companies that initially came together to push the change: Europay, MasterCard and Visa.
EMV switch still leaves data vulnerable
EMV is a great new technology to help combat fraud but it doesn’t prevent theft of the actual data. The dynamic nature of the data chip makes it nearly impossible to clone or counterfeit the payment card thereby reducing fraud. But it still has sensitive data that can be stolen from the POS or during transit through the authorization network.
Let's look at perhaps the highest-profile data breach in recent business history: Target. In the wake of it, Target announced it would make all cards they issue EMV-compliant by the first quarter of 2015. But as security expert Jason Oxman, CEO of the Electronic Transactions Association, told CNBC, although these cards are harder to use if stolen, they alone would not have stopped the Target data breach.
That's why encryption matters. End-to-end encryption (E2E), also referred to as point-to-point encryption (P2PE) makes data unreadable as it is processed so that if it’s intercepted by malware or hackers, it’s useless. Point-to-point encryption keeps sensitive customer data out of your business' systems from the moment the card is dipped (EMV) or swiped (magnetic stripe) until the data is received by the bank.
Merchants who want to protect themselves and their customers don't just need to make the switch to EMV-capable card readers. They should also partner with a payment processor that offers point-to-point encryption — and one that stays atop the rapidly changing field of payment security.