-
The U.S. might be ahead of the rest of the world in some areas of security, but when it comes to protecting against credit card fraud, we're way behind.
October 15 -
Credit card networks and issuers have done a poor job in explaining the implications of the just-passed Oct. 1 deadline for moving to EMV chip-and-PIN cards, leaving many small businesses confused, lawmakers said Wednesday during a hearing on Capitol Hill.
October 7 -
Large banks and card issuers are ready for the U.S. shift to chip-and-PIN technology, according to a report issued Wednesday. But the drop in fraud that is expected to result is unlikely to come any time soon.
March 18 -
Many card issuers are well on their way to the migration to chip cards or have a plan to do so. But many merchants are still completely unaware of the shift in fraud liability taking effect Thursday.
October 1
EMV Not an End-All for Card Security While migration to cards with chip technology should help mitigate card fraud, additional steps by retailers and more layers of security are needed.
Over the past few years, consumers have experienced a flurry of data breaches that have brought the issue of payments card security to the fore. Cybersecurity is a complex issue where no single solution is a panacea, but make no mistake: the migration to EMV chip cards is one of the most significant improvements to payments card security in years. It should help to mitigate card fraud at the point of sale.
As president of the ICBA, I and the 6,000 community banks we represent are very familiar with both EMV technology and how the transition is taking place at the local level. In fact, we recently had the opportunity to share these observations and experiences at an
Community banks have a unique perspective on the EMV migration because even though they comprise 20% of banking industry assets, community banks with less than $10 billion in assets make up half of all small businesses loans (under $1 million). This means that ICBA members have a keen interest in the migration to EMV chip cards, both as card issuers and as partners with the businesses that form the backbone of the nation's economy.
However, while the EMV transition is a critical step, it is not the end game. Fraud will shift from counterfeiting to online fraud and other types of fraud. Multiple layers of security technologies, such as end-to-end encryption and tokenization, are needed to protect cardholder information in transit and to secure online transactions.
This transition isn't just about banks issuing new cards. To experience the security benefits, merchants must deploy and activate readers that accept EMV chip cards. And, as witnesses discussed during the recent hearing, retailers that invest in EMV technology will not be liable for fraudulent, disputed transactions that occur in their stores. EMV adoption is a major step forward and we encourage merchants to join us in this transition.
Community banks are here to help consumers and small businesses navigate these changes. Community banks will serve as an important ally and resource to smaller retail businesses making the transition. They will help their merchant customers by providing equipment, expertise, and education to guide them through this change. Since community banks are local, they serve as "feet on the street," especially for the small businesses in their communities.
One of the most significant remaining security gaps is the protection of consumer data when it is in the hands of merchants. ICBA recently signed a letter with several other payments associations supporting the Data Security Act of 2015 (H.R. 2205). This act not only establishes uniform national standards for protecting consumer payment and personal information, but also requires all entities to have processes in place to protect consumer data.
Under current rules, retailers are not subject to the Gramm-Leach-Bliley Act requirement to develop and maintain robust internal protections against network intrusions and data theft, and that needs to change for the safety of all American consumers. Under H.R. 2205, retailers would be responsible for implementing security measures to protect consumer data. These measures, in addition to EMV adoption, should help prevent data breaches from happening in the first place.
Until this multi-layered approach can be fully implemented, consumers should know that banks comply with significant legal and regulatory requirements and are subject to rigorous examination and supervision of their data security practices and procedures. Rest assured, community banks will continue to be strong guardians of the safety of customer data. Today, that means working to transition to EMV technology and supporting future innovation in the marketplace. It's what our customers demand, and it's what we will deliver.
Camden R. Fine is president and CEO of the Independent Community Bankers of America. Follow him on Twitter