Will EMV Chip Cards Alone Really Keep Data Secure?
In a recent press release, NRF Vice President for Retail Technology Tom Litchford said it plainly, “EMV is important, but EMV chip cards alone won’t do the job of making data secure … “
Adding to that sentiment in an online interview was Michael Reitblat who emphasized, “EMV is not a solution; it’s a piece of a solution. As we all know, when things become more difficult for [fraudsters] in one place … they move to the next place of least resistance, which, in the fraud case, is online.”
He went on to say that retailers are working hard on technology like point-to-point encryption and tokenization, technologies he believes will “ultimately do more to achieve the goal of putting hackers out of business.” And is it really the job of the retailers themselves to work hard on these cutting edge technologies?
A more successful approach seems to be to expect new effective technologies to come from credit card processors and online security firms to create and implement best of class solutions in this regard. Retailers should be able to review and choose the best tech solutions in this area and let those firms implement the solution while bearing the responsibility to keep the technology update and consistently successful in protecting data. Just implementing the technology shift to EMV is challenging enough for the retailer.
Forrester Research principal analyst Brendan Miller reported earlier this year that implementing EMV chip card equipment and technology at an enterprise retailer level is complex and enormous. An enterprise retailer typically has multiple locations and different POS software across some of those locations, so implementing new hardware and software across all locations requires significant effort and expertise. That’s why encryption and tokenization technologies are being incorporated now, Miller reported. Implementing them concurrent with the EMV upgrade was optimal.
And while both technologies have been available for many years, it’s anyone’s guess whether the current version of these additional prevention technologies will be a match for the pace of cyber attacks and the organized efforts of online fraud activities.
The original articles and interview referenced in this post can be found here and here.
