• Home
• About Gemalto
  • Our Company
  • Corporate Governance
  • Sustainability
  • Investors
  • Partners
  • Office Locations
• Products & Solutions
  • Telecommunications
  • Financial Services & Retail
  • Enterprise
  • Government
  • Transport
  • Training
  • Buy On-Line
• Contact Us
  • Office Locations
  • Jobs/Careers
  • Tech Support
  • Sales/Other
• Media Center
  • Media Contacts
  • Feature articles

Focus

Benefits/ Considerations for EMV in the U.S.

In the United States, the scene on the security and fraud side is becoming dramatic. It is the consensus among observers – although in the U.S. there are no published fraud numbers like in other domestic markets – that physical world fraud in the U.S. is already above the global average today and is on the rise. The lessons learned from the many migration activities worldwide clearly indicate that fraud migrates toward those regions which have not yet migrated to EMV chip technology. The rest of the world has either already migrated or has firm plans to do so. Without the migration plan specified by Visa, the United States would certainly become the primary target of the fraudsters, and fraud rates would continue to rise.

A second fraud topic is the theft of personal payment data from merchant and processor data bases. The direct and indirect fraud cost and the cost of trying to protect against these breaches by means of implementing protective measures according to PCI DSS requirements goes reportedly into the tens of billions of dollars. In spite of this effort and expense, these massive data compromises continue to occur (e.g., Sony, 2011). On the backs of these high-profile attacks, data clearly show a growing trend towards breaches occurring in smaller retail sites, albeit for smaller overall gains. But regardless of whether one gets 1 million records from one breach, or 1.5 million from ten breaches, the outcome is the same.

The current security situation in the U.S. card payment industry has already raised significant concerns with the cardholders and the media. As a consequence the U.S. regulators (represented by the FFIEC) are investigating, and they have recently published a Supplement to the 2005 Guidance entitled ‘Authentication in an Internet Banking Environment’ to ‘reinforce the Guidance's risk management framework and update the Agencies' expectations regarding customer authentication, layered security, or other controls in the increasingly hostile online environment’.

Politicians have turned to the issue, e.g. U.S. Senator Robert Menendez, D-N.J. in a June 15 letter to the head of the OCC which called for a deeper investigation into the breach, asking that the bank's customer notification policy be reviewed. "As Citigroup's primary regulator with jurisdiction for data security issues, I hope that you also believe this to be unacceptable for consumers," Menendez says. "Over the last six years, there have been 288 publicly disclosed breaches at financial services companies that exposed at least 83 million customer records. ... This problem is widespread and must be properly addressed by all parties.”

It is the consensus of industry experts that the industry will be unable to prevent every attack. The use of dynamic data as specified by EMV, however, will make sure that the data that could potentially be stolen is useless to the criminal. The migration to EMV in the United States would therefore put many of the issues mentioned above to rest.