How Chip and Pin Technology impacts Ecommerce Security
Upcoming adoption of Chip and Pin technology by the US markets will likely result in increased ecommerce security breaches.
Point of sale (POS) systems have seen some of the highest profile breaches in recent years. Familiar names in retail including Target, Michaels, Home Depot have all had large numbers of records stolen. Almost all large POS breaches have been on US based stores and there is a reason why we don’t hear about similar large exploits on European or Canadian retailers. Most of the rest of the world use Euro Pay, Mastercard and Visa (EMV) also known as Chip and Pin technology in their POS card readers. If you see a metal square embedded in your payment card, it has an EMV.
Chip and Pin technology protects credit card data using end to end or point to point encryption by encrypting credit card data from the reader to the payment processor. This makes it much more difficult to access, and much less valuable to steal.
Most countries have been implementing the technology over the last decade, but US banks and retailers have held back because of the cost.
It is only this year that most US banks, payment providers and retailers are implementing EMV. Specific target deployment dates are set out by the Payments Network (banks, credit unions, credit card issues, payment processors). For the US this is October 2015.
The adoption of EMV in the United States will greatly reduce the number of POS breaches. This is evident from the Canadian implementation by Interac with a 66% decrease in skimming fraud in the year after implementing the technology in 2008.
What does this mean for ecommerce security?
While the adoption of EMV in POS systems will stem the tide of credit card data flowing out of retail bricks and mortar networks, those hacking into these networks won’t go away, they will simply move onto easier targets – and ecommerce is one of them. The Trustwave 2015 Global Security Report reported that 40% of hacking targets were POS systems, and a whopping 42% were ecommerce sites. It should be expected that hackers will seek out the path of least resistance and that breaches, cards stolen and dollar values will both proportionally and literally increase for eCommerce .
As a retailer, how do you prepare for the onslaught?
Ecommerce security is complex and ever changing, we recommend working with a vendor to ensure the security of your environment. A few things to consider would be;
6 Tips to increase Ecommerce Security and Reduce the risk to your online systems
Ensure you meet PCI -DSS compliance requirements
Implement a DDoS protection and mitigation solution
This is important because hackers often use DDoS attacks as a means to distract while credit card data is stolen
Perform vulnerability assessments on web sites and systems
Apply security patches wherever possible
Practice secure coding, insist that your SI does
Implement a web application firewall
This list isn’t at all comprehensive, and if you’re security systems have been neglected, it may be a long journey for you to build a well secured environment. That being said, it’s important to start that journey sooner, rather than later – the longer you wait to start, the longer your systems will be vulnerable.