New Era of Smart Cards – All that You Need to Know about Secure Payments

Payment Frauds

Identity thieves are now targeting card-not-present (CNP) transactions – purchases made online, over the phone or by mail or fax. Chip technology makes it hard to counterfeit a credit card, but it’s even harder to stop criminals.

The vendor must prevent direct access to cardholder data from outside the cloud-based provisioning network or the personalization network, and ensure that Permanent Account Numbers or PANs are masked when displayed or printed.

Chip cards or EMV cards decrease the chance of a data breach before hackers can get into your system and steal card information to make fraudulent cards. Chip cards store data in a more sophisticated, secure way than the magnetic stripe.

If a hacker broke into your business’s EMV-enabled system, they would only obtain an encrypted version of the data — completely useless to fraudsters.

Even if fraudsters take the magnetic stripe information from a stolen EMV card and create a non-EMV forgery, the magnetic stripe information still identifies the card as EMV. If one of these forged cards is presented and swiped on an EMV-enabled terminal, the magnetic stripe data tells the terminal that this is an EMV card and notifies the cashier to dip the card in the EMV slot. The cashier would then attempt to dip the card and notice the absence of the chip. Fraud averted.

With an EMV reader, fraud is virtually impossible unless your terminal tells you to override and swipe, confirms payments company Heartland.

Precautions

According to the EMV Migration Forum, a pro-EMV industry group, there are several precautions designed to deal with the expected onslaught of CNP fraud, including:

  • Authentication methods: Device authentication, one-time password, randomized PIN pads, and biometrics.
  • Fraud tools: Proprietary and transactional data used for fraud analysis and risk management, and validation services.
  • 3-D Secure: Messaging protocol that enables real-time cardholder authentication during an online transaction.
  • Tokenization: Replaces card data with a “token,” which has no value outside a specific merchant or transaction.

More sophisticated fraud prevention options include software that monitors the location, device and IP address of the purchaser to make sure they match that of the card’s true owner.

 

How can businesses protect themselves?

  • Follow the PCI DSS Standards.
  • Use a PCI compliance vendor program.
  • Leverage secure products to minimize data.
  • Educate and empower employees to identify issues first.
  • Understand your risk and perform risk assessments to find vulnerabilities and gaps.
  • Prepare for a breach by implementing an incident response process.

If you have any questions about compliance or what you can do to protect your business, contact PCICompliance@e-hps.com.

Sources: pcicomplianceguide.org, heartlandpaymentsystems.com, morpho.com, wikipedia.com

Learn about the ways how retailers use Erply

Manage products, fulfill orders and control sales with Erply

erply PIM
?>