How Chip and Pin Technology impacts Ecommerce Security

Upcoming adoption of Chip and Pin technology by the US markets will likely result in increased ecommerce security breaches.

Point of sale (POS) systems have seen some of the highest profile breaches in recent years. Familiar names in retail including Target, Michaels, Home Depot have all had large numbers of records stolen. Almost all large POS breaches have been on US based stores and there is a reason why we don’t hear about similar large exploits on European or Canadian retailers. Most of the rest of the world use Euro Pay, Mastercard and Visa (EMV) also known as Chip and Pin technology in their POS card readers. If you see a metal square embedded in your payment card, it has an EMV.

Chip and Pin technology protects credit card data using end to end or point to point encryption by encrypting credit card data from the reader to the payment processor.  This makes it much more difficult to access, and much less valuable to steal.

Most countries have been implementing the technology over the last decade, but US banks and retailers have held back because of the cost.

Percentage of Card Present Transactions that are EMV

Source: https://www.emvco.com/about_emvco.aspx?id=202

It is only this year that most US banks, payment providers and retailers are implementing EMV. Specific target deployment dates are set out by the Payments Network (banks, credit unions, credit card issues, payment processors).  For the US this is October 2015.

The adoption of EMV in the United States will greatly reduce the number of POS breaches.  This is evident from the Canadian implementation by Interac with a 66% decrease in skimming fraud in the year after implementing the technology in 2008.

EMV Technology decreased fraud and card skimming in europe and Canada

Source: http://www.paymentsleader.com/emv-america-what-took-you-so-long/

 

What does this mean for ecommerce security?

While the adoption of EMV in POS systems will stem the tide of credit card data flowing out of retail bricks and mortar networks, those hacking into these networks won’t go away, they will simply move onto easier targets – and ecommerce is one of them. The Trustwave 2015 Global Security Report reported that 40% of hacking targets were POS systems, and a whopping 42% were ecommerce sites. It should be expected that hackers will seek out the path of least resistance and that breaches, cards stolen and dollar values will both proportionally and literally increase for eCommerce .

 

As a retailer, how do you prepare for the onslaught?

Ecommerce security is complex and ever changing, we recommend working with a vendor to ensure the security of your environment. A few things to consider would be;

6 Tips to increase Ecommerce Security and Reduce the risk to your online systems

  1. Ensure you meet PCI -DSS compliance requirements

  2. Implement a DDoS protection and mitigation solution
    This is important because hackers often use DDoS attacks as a means to distract while credit card data is stolen

  3. Perform vulnerability assessments on web sites and systems

  4. Apply security patches wherever possible

  5. Practice secure coding, insist that your SI does

  6. Implement a web application firewall

This list isn’t at all comprehensive, and if you’re security systems have been neglected, it may be a long journey for you to build a well secured environment. That being said, it’s important to start that journey sooner, rather than later – the longer you wait to start, the longer your systems will be vulnerable.

Wondering where to start? We can help.

Tenzing can offer qualifying merchants a free security scan to help determine the most critical vulnerabilities in their environment.

Contact Us to Learn More

 

 

Editors Note – Thanks to Allan Crowe for the insight!

Aisling McCaffrey

Demand Marketing Specialist at Thinkwrap
Aisling is our Demand Marketing Specialist at Thinkwrap, and loves working with both technology and humans. She studied International Business (concentrating in Marketing) and has spent several years living and working in China, mostly in Shanghai, where she became passionate about global innovation and how the use of social media changes in different cultures. Aisling likes to keep up on internet trends - from business to memes - and is always looking for new ways to learn or entertain herself.