Summary

Despite its age, the EMV payment card standard has stood the test of time due to its constant evolution. Each EMV update has resulted in greater security, yet fraudsters have remained undeterred in their efforts to find workarounds. And with the final major bastion of magnetic-stripe cards finally converting, fraudsters will be more motivated than ever to break the standard.

What to Look For

Growing pains associated with the continued EMV rollout at merchants and issuers will continue to contribute to missteps that open the door to spoofed EMV transactions. Working around improvements to data authentication, fraudsters have proven that they can manipulate the authorization process by physically altering the card. Learning from this success, evolutions of this scheme will appear across markets. Criminals will continue to attack the tamper-resistant EMV chip, forcing major industry stakeholders to innovate. This will include the provisioning of tokens to EMV-enabled chip cards similar to that of the EMVCo standard used by Apple Pay, further intertwining the fates of EMV and mobile proximity payments. 

issuer-tokenization-facilitate-secure-transmission-EMV-card-data

Key Business Considerations: What Does It Mean?

 

  • Process implementation: Early-stage efforts to upgrade their authorization processes to accommodate EMV have exposed processors and issuers to fraud.
  • Product integrity: The EMV chip is a tamper-resistant microprocessor, but with similar hardware technology powering mobile payments, criminals will be more motivated than ever to crack it.
  • Transaction authorization: The EMV authorization process also forms the basis of many mobile proximity payment schemes, further motivating fraudsters to find vulnerabilities in both.
Author

About Al Pascual

An accomplished industry analyst, market researcher, and financial industry practitioner, Al Pascual is Javelin’s Research Director and Head of Fraud & Security. As Research Director, Al leads Javelin’s Advisory Services and Custom Research businesses. He oversees growth of these businesses while ensuring that Javelin’s research content meets quality standards and provides the innovative perspectives that clients expect from the firm.

As Head of Fraud & Security, Al provides clients actionable insights on a variety of fraud and security issues, acts as a partner in developing strategies for managing risk, and identifies and raises awareness of future threats and solutions. Al researches a range of topics, including the applicability of biometrics in banking and payments, the effect of data breaches on the integrity of consumer identities, the relationship between identity fraud and loyalty, and the best methods for securing payment data and transactions.

Al has presented findings from Javelin’s rigorous, industry-leading research at conferences around the world, including BAI, CARTES, Money20/20, NACHA, and RSA. Al has provided commentary on fraud and security issues to American Banker, Bloomberg, CNNMoney, Fox Business, Reuters, The New York Times, The Wall Street Journal, The Washington Post, and Wired.

Previously Al held risk management roles at HSBC, Goldman Sachs, and FIS. He is a member of the Association of Certified Fraud Examiners, the International Association of Financial Crimes Investigators, and the Federal Reserve Secure Payments Task Force. Al also serves on the board of advisers to the Information Security Media Group. He earned a Bachelor of Arts degree in History from the University of South Florida.

Stay in Touch!