EMV is one piece of a holistic payment security strategy puzzle
The United States is the last major economy to embrace EMV technology for reducing payment card fraud. As of October 1, 2015, merchants that do not use EMV technology to process EMV chip cards may be held liable for certain types of payment fraud that EMV could have prevented. Despite widespread publicity about this liability shift, many merchants do not fully understand the role EMV plays in the greater picture of payment security.
Essential components of a security solution
As the liability for certain types of fraud shifts onto the shoulders of merchants, many will rush to upgrade their payment systems to EMV. However, EMV acceptance is not a stand-alone payment security solution nor does it provide protection against all types of security threats. An EMV acceptance solution should be paired with encryption and tokenization technologies to effectively help protect a business against security vulnerabilities.
A holistic payment security strategy includes EMV, encryption, tokenization, and PCI compliance with breach assistance. EMV helps ensure the card being used belongs to the cardholder making the transaction and helps to prevent counterfeit cards. Encryption masks sensitive data and helps prevent cyberthieves from stealing exposed data when a card is swiped or entered into the POS system or terminal. Tokenization helps protect the card data when it’s retained for future transactions like tip adjustment. And finally, PCI compliance helps prevent hackers from gaining any access to the merchant’s system in the first place. Since achieving and maintaining PCI compliance can be a tall order for small merchants, a PCI compliance assistance program can be used to guide merchants through the process and help with the costs of a breach, if one occurs. When all the pieces of this security puzzle are in place, merchants cease being an easy target for data theft and fraud.
Security threats are real
Like other seemingly random disasters, merchants tend to think a data breach is more likely to happen to someone else. Some business owners also wrongly believe their business is too small to be a lucrative target for criminals. But reality paints a very different picture.
Small businesses are prime targets for cyber thieves. In fact, Trustwave reports that nearly all data breaches it uncovers are traced to small and medium-sized businesses. Most of these companies do not even discover the fraud themselves. Instead, they find out from a third party several months later, long after the damage is done. The consequences of these security lapses can be devastating. More than half of compromised businesses end up closing their doors within months of the breach, unable to cope with the resulting financial penalties and loss of confidence among consumers.
Now that the EMV liability shift is in effect, businesses across the U.S. will be reevaluating all of their security tools and practices. EMV adoption and rollout won't always be turnkey; the technology introduces a significant change to transaction protocol and speed. But the tradeoff between those concerns and the payment functionality and security enabled by EMV is measurable, with the potential to benefit cardholders and merchants alike. EMV will play a crucial role in keeping criminals out, but only a holistic payment security strategy will provide your business with adequate protection and minimize your losses if a breach occurs.