Banks Should Promote EMV

Tuesday, September 04, 2012

Robert Siciliano

37d5f81e2277051bc17116221040d51c

The old magnetic stripe technology currently used in credit and debit cards in the United States is inexpensive and readily available, making our cards highly vulnerable to fraud.

It’s understandable then that credit and debit card fraud is Americans’ primary fear, with 68% of those surveyed describing themselves as extremely or very concerned about the security of their credit or debit card data and 66% as extremely or very concerned about identity theft.

Compare that to the 58% who are extremely or very concerned about terrorism and war, or 41% who fear the possibility of a serious health epidemic. If a health epidemic actually occurred, that would naturally take prevalence over our financial concerns. But for now, we’re mostly worried about our money.

Credit card fraud comes in two different flavors: account takeover and new account fraud. Account takeover occurs when an identity thief gains access to your credit or debit card number through criminal hacking, dumpster diving, ATM skimming, or sometimes even when you hand it over to pay at a store or restaurant.

Technically, account takeover is the most prevalent form of identity theft, though I’ve always been inclined to categorize it as simple credit card fraud.

EMV credit cards—or “chip and PIN” cards—are safer than the magnetic stripe cards still used in the U.S. According to the Smartcard Alliance, “[EMV] transactions require an authentic card validated either online by the issuer using a dynamic cryptogram or offline with the terminal using Static Data Authentication (SDA), Dynamic Data Authentication (DDA) or Combined DDA with application cryptogram generation (CDA). EMV transactions also create unique transaction data, so that any captured data cannot be used to execute new transactions.”

In simple terms, with EMV technology, users’ financial data is thoroughly scrambled. It makes sense, therefore, for smart, forward thinking banks to encourage EMV migration as soon as possible.

Robert Siciliano, personal security expert contributor to Just Ask GemaltoDisclosures

Possibly Related Articles:
10227
PCI DSS
Information Security
Encryption PCI DSS Credit Cards Financial hackers Consumers EMV
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.