Credit and Payment Security: A Cycle of Good News and Bad Ne

June 13, 2014

Credit and Payment Security: A Cycle of Good News and Bad News

It was good news. In July 2013, federal prosecutors in the United States brought indictments against members of a sophisticated Russian syndicate. The gang members were charged with stealing and selling more than 160 million credit card numbers from JCPenney, 7-Eleven, JetBlue, Heartland Payment Systems, Carrefour (in France), and one of the world’s largest credit and debit processing companies. The thefts could be tracked back to 2005, according to The New York Times, and had resulted in hundreds of millions of dollars in losses. Unfortunately, the indictments were not effective and the same group is suspected of participating in the security breaches of Target, Michaels, and Neiman Marcus companies just a few months later.

Adopting the Europay, MasterCard, and Visa Standard
The continued and very public success of hackers and the ever-increasing cost of fraud losses, fraud management, and fraud-related expenses spurred the United States credit payment industry to change the way it does business. After decades of resisting the Europay, MasterCard, and Visa (EMV™) standard for credit payments, which is generally believed to be more secure than our current payment system, the industry is adopting it. It’s an action many believe is long overdue. According to a BusinessWire.com article in August 2013, it stated The Nilson Report, a leading payment industry newsletter, provided an overview of card fraud around the world:

“The U.S. accounted for 47.3% of global card fraud losses but generated only 23.5% of total volume… The absence of EMV cards and terminals in the U.S. also contributes to fraud losses. The U.S. is the only region where counterfeit fraud continues to grow consistently… EMV adoption would not only help U.S. issuers but also issuers in other parts of the world that must continue to put mag-stripes on their cards to accommodate point-of-sale terminals in the U.S…”

The good news is change in finally on its way. The bad news is it may take longer than expected. Some estimates project the majority of U.S. merchants will be EMV compliant by 2016, but many analysts believe that goal will be reached closer to 2018.

What is EMV?
EMV was developed in the 1990s after a study commissioned by the European Council for Payment Systems, and conducted by Europay International, determined the most effective way to reduce credit card fraud was to eliminate magnetic stripes (mag-stripes) and embed chips in credit and debit cards. In a Capgemini document, published early 2014, it stated:

“…Magnetic stripe cards, which store sensitive customer data unencrypted on the rear magnetic stripe, have been found to be vulnerable to various frauds such as skimming and counterfeiting. Chip-based EMV cards store customer data on a chip in encrypted format and are less vulnerable to fraud. This led to increased EMV adoption in several regions across the world.”

In the United Kingdom, the introduction of EMV cards is credited with helping reduce fraud significantly. Counterfeit card fraud fell by 75 percent after peaking in 2008, and fraud losses have fallen by 75 percent since 2004.

Eighty countries around the world already have implemented or currently are implementing EMV technology. For instance, about 95 percent of card readers in Europe; 79 percent in Canada, Latin America, and the Caribbean; 77 percent in Africa and the Middle East; and 51 percent in the Asia Pacific region are EMV compliant. In fact, if you’ve traveled overseas recently, you may have encountered the EMV standard. It’s a source of frustration for American travelers who find their mag-stripe credit cards won’t work in train station kiosks and are not accepted by some retailers.

Ironically, even criminals prefer the EMV standard. The going rate on the black market for an American credit card number is $10. A European card number, on the other hand, will fetch about $50. According to The Washington Post, there are two reasons for this. First, American card numbers are easier to get. Second, when used in the United States, European cards are no more secure than mag-stripe cards because American retailers do not adhere to the EMV standard. Couple this with the fact European banks are slow to process transactions on weekends and criminals can enjoy a spending spree.

An Evolving Industry
The good news is EMV should make card payments in the United States more secure. The bad news is payment systems are not static. As the popularity of mobile devices has grown so has the popularity of mobile banking and commerce. Some consumers already have embraced mobile applications that allow them to use smart phones or tablets to pay for goods and services.

The growth of mobile payments is expected to accelerate and change the way business is done around the world. Gartner, the world's leading information technology research and advisory company, estimates global mobile transaction volume will grow by 35 percent on average from 2012 to 2017. The company’s forecast suggests the mobile payments market will comprise 450 million users and will be worth more than $720 billion – a number that was reduced during 2013 because of lower-than-expected growth in North America and Africa – before the end of the decade.

Protect Yourself Against Fraud
Of course, a new payment system means new hardware and security solutions. Mobile payment security will depend on application configurations as well as security measures taken by smart phone and tablet users. If you use or plan to use your mobile device for banking or commerce, make sure you take basic safety precautions:

• Protect your mobile devices using complex passwords
• Download an app for finding a lost device and/or disabling it
• Only download apps from trustworthy sources
• Check app reviews and ratings before downloading them
• Only bank or shop over secure Internet connections (not public Internet connections)
• Make sure the web address begins with https (indicating you have a secure connection) before sending data

The good news is American consumers will have lots of choices when they want to make purchases. The bad news is it can be challenging to stay abreast of new technology and the security measures it requires.

_Sources:_{http://dealbook.nytimes.com/2013/07/25/arrests-planned-in-hacking-of-financial-companies/?_php=true&_type=blogs&_r=0}
_{http://www.dallasnews.com/business/retail/20140407-neiman-marcus-data-breach-tied-to-russian-group.ece}
_{http://www.businesswire.com/news/home/20130819005953/en/Global-Credit-Debit-Prepaid-Card-Fraud-Losses%23.U40HdF5N1Zg}
_{http://www.capgemini.com/resource-file-access/resource/pdf/global_trends_in_the_payment_card_industry_2013_issuers.pdf}
_{http://www.paymentscardsandmobile.com/emv-us-little-late/}
_{http://www.bankinfosecurity.com/emv-roots-go-deep-in-europe-a-3404}
_{http://finance.yahoo.com/news/why-stolen-european-credit-card-234704948.html}
_{http://www.forbes.com/sites/tomgroenfeldt/2014/01/28/american-credit-cards-improving-security-with-emv-at-last/}
_{http://www.emv-connection.com/emv-faq/#q2}
_{http://blog.elementps.com/element_payment_solutions/emv/}
_{http://www.gartner.com/newsroom/id/2504915}
_{http://www.mobilepaymentstoday.com/news/gartner-75-of-mobile-security-breaches-will-result-from-app-misconfiguration/}
_{https://blog.lookout.com/blog/2012/09/11/5-mobile-payments-safety-tips/}
http://www.hongkiat.com/blog/secure-mobile-payment-tips/

_{The above material was prepared by Peak Advisor Alliance.}