Page 7 - Cyber Warnings
P. 7
The anniversary of EMV roll-out: criminals are anxious to beat
the system
Introduced by the financial industry in the early 2000s, EMV smart payment cards have largely
supplanted magnetic stripe technology, and for good reason. Due to concerns surrounding
insufficient security measures, usage of the once-ubiquitous “magstripe” payment cards has
since sharply declined in most countries. The United States, however, continues to remain
dependent on the outdated technology.
Despite proven advantages shown to significantly lower — and in many cases, reverse —
established levels of card-present fraud, the United States continues to lag behind on the
implementation of EMV. This delay is largely attributed to the inherent costs and minimal
incentives for banks to migrate from the outdated magnetic stripe infrastructure.
Payment fraud declining
As long as magstripe cards remain in use, their inherent security flaws will continue to render
cardholders more susceptible to fraud. The problem is that magnetic strip technology stores
payment information in plain text on the card's magnetic stripe, which makes the cardholder’s
financial information vulnerable to a variety of skimming techniques used to commit fraud. EMV
technology, however, provides significantly stronger protection by encoding and storing the
cardholder’s payment information on an integrated circuit embedded within the card.
Indeed, ever since the rollout of EMV smart cards, card-present fraud has been decreasing for
the first time ever. Criminals are struggling to find workable solutions to bypass the implemented
security controls, providing a needed reprieve for exhausted consumers and financial
organizations. Despite the obvious advantages, however, many business owners remain
hesitant to accept EMV smart payment cards. This is largely due to the complexity of the
technology. Many are concerned that EMV’s significantly longer card processing time may
inadvertently put customers’ at an increased risk of information theft and criminal targeting.
Cybercriminals adapt to EMV
Despite EMV’s implementation challenges, recent observations suggest a decline in the supply
of stolen payment information being sold on the cybercriminal underground. Consequently, both
demand and prices for such stolen information have significantly increased.
Alone, the destabilization of established supply and demand levels on the cybercriminal
underground is a cause for concern. This disturbance will inevitably create a lucrative
environment for attracting criminal syndicates with unlimited financial and technical resources to
develop the technology to bypass EMV controls.
7 Cyber Warnings E-Magazine November 2016 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
