BankThink

EMV Not an End-All for Card Security

EMV Not an End-All for Card Security While migration to cards with chip technology should help mitigate card fraud, additional steps by retailers and more layers of security are needed.

Over the past few years, consumers have experienced a flurry of data breaches that have brought the issue of payments card security to the fore. Cybersecurity is a complex issue where no single solution is a panacea, but make no mistake: the migration to EMV chip cards is one of the most significant improvements to payments card security in years. It should help to mitigate card fraud at the point of sale.

As president of the ICBA, I and the 6,000 community banks we represent are very familiar with both EMV technology and how the transition is taking place at the local level. In fact, we recently had the opportunity to share these observations and experiences at an Oct. 7 hearing before the House Committee on Small Business.

Community banks have a unique perspective on the EMV migration because even though they comprise 20% of banking industry assets, community banks with less than $10 billion in assets make up half of all small businesses loans (under $1 million). This means that ICBA members have a keen interest in the migration to EMV chip cards, both as card issuers and as partners with the businesses that form the backbone of the nation's economy.

However, while the EMV transition is a critical step, it is not the end game. Fraud will shift from counterfeiting to online fraud and other types of fraud. Multiple layers of security technologies, such as end-to-end encryption and tokenization, are needed to protect cardholder information in transit and to secure online transactions.

This transition isn't just about banks issuing new cards. To experience the security benefits, merchants must deploy and activate readers that accept EMV chip cards. And, as witnesses discussed during the recent hearing, retailers that invest in EMV technology will not be liable for fraudulent, disputed transactions that occur in their stores. EMV adoption is a major step forward and we encourage merchants to join us in this transition.

Community banks are here to help consumers and small businesses navigate these changes. Community banks will serve as an important ally and resource to smaller retail businesses making the transition. They will help their merchant customers by providing equipment, expertise, and education to guide them through this change. Since community banks are local, they serve as "feet on the street," especially for the small businesses in their communities.

One of the most significant remaining security gaps is the protection of consumer data when it is in the hands of merchants. ICBA recently signed a letter with several other payments associations supporting the Data Security Act of 2015 (H.R. 2205). This act not only establishes uniform national standards for protecting consumer payment and personal information, but also requires all entities to have processes in place to protect consumer data.

Under current rules, retailers are not subject to the Gramm-Leach-Bliley Act requirement to develop and maintain robust internal protections against network intrusions and data theft, and that needs to change for the safety of all American consumers. Under H.R. 2205, retailers would be responsible for implementing security measures to protect consumer data. These measures, in addition to EMV adoption, should help prevent data breaches from happening in the first place.

Until this multi-layered approach can be fully implemented, consumers should know that banks comply with significant legal and regulatory requirements and are subject to rigorous examination and supervision of their data security practices and procedures. Rest assured, community banks will continue to be strong guardians of the safety of customer data. Today, that means working to transition to EMV technology and supporting future innovation in the marketplace. It's what our customers demand, and it's what we will deliver.

Camden R. Fine is president and CEO of the Independent Community Bankers of America. Follow him on Twitter @Cam_Fine.

For reprint and licensing requests for this article, click here.
Bank technology Law and regulation EMV Cyber security
MORE FROM AMERICAN BANKER