-
Visa and MasterCard have little real interest in implementing effective security because they dont absorb fraud losses.
January 9 -
With media outlets reporting the grisly details, there has never been a better time to educate commercial account holders about the risks associated with online banking, particularly phishing attacks.
February 26 -
Before the Target breach, many merchants were apparently willing to delay or ignore the card networks' deadline for adopting EMV and ready to face the consequences. Now, even merchants who remain unsold on EMV as cost-effective security may view incorporating the technology as unavoidable.
February 19 -
Instead of trying to blame the Target breach on card companies and drag unrelated issues into the discussion, merchants should work with the payments industry to find solutions.
January 13
Following a series of large-scale, high-profile data breaches, consumers are understandably concerned about the security of their sensitive information. We are increasingly conducting our lives online, and the criminals that profit from stealing our sensitive information are following us in the cyber realm with increased sophistication. The evolving nature of these cyberthreats calls for a vigorous and dynamic response.
As the trade association of the payments industry, the Electronic Transactions Association recognizes that protecting the personal financial information of consumers is a responsibility shared among the payments processing industry, retailers and financial services industry. We are proud to join with 14 leading retail and financial services trade groups in a partnership to ensure that our shared infrastructure is secure. Our collaboration represents far more than just a response to the latest crisis this partnership is the embodiment of our commitment to forward-thinking safeguards. We also need to work with law enforcement to ensure they have the tools to pursue and shut down global cybercrime operations including those that may operate with tacit or explicit state support.
The breadth of cybercrime is vast and the sophistication of global criminal syndicates demands sophisticated and dynamic industry solutions. Legislating a specific technology or process, although well intended, can freeze innovation and deter development and deployment of more robust security measures. Fortunately, the payments and retail industries are working together to identify and deploy the best solutions. These new innovations in data security are adding even more technologically advanced fraud prevention tools to our nation's payments infrastructure.
EMV chip technology, first developed two decades ago, is becoming a global standard for card security. EMV cards incorporate embedded microprocessor chips that provide dynamic security features that improve upon the out-of-date security found on traditional magnetic stripe cards. The deployment of EMV in the U.S. is a complicated undertaking, requiring significant upgrades by merchants and financial institutions alike. ETA member companies have been ready for the transition to EMV since April 2013 and we are glad to see so many retailers joining the effort to protect consumers with dynamic chip technology.
Chip technology can prevent criminals from producing counterfeit credit cards, and although they wouldn't have prevented recent breaches of retailers, chip cards are an important component of necessary security upgrades. But we must do more. Tokenization removes sensitive information from a transaction by replacing customer data with a unique identifier that cannot be mathematically reversed. The token is received by a payments company that has the necessary information to accurately match the token to the payment card owner. The remaining numbers are generated using proprietary tokenization algorithms. As such, tokens hold great promise for preventing interception of useful data by criminals.
Finally, end-to-end encryption is an advanced risk management tool that helps protect the sensitive information transmitted over systems that may not have traditionally been encrypted, such as systems maintained by a retailer to store customer information. With end-to-end encryption, credit card data is encrypted from the moment the card is swiped, while the data is in transit, all the way to authorization. This technology minimizes opportunities for hackers and criminals to access data during purchase.
It is also important to note the great promise of mobile payments and digital wallet cloud solutions to impede and prevent fraudulent activities on our payments systems. Mobile devices provide enhanced security capabilities, including passcode protection and secure chip technology, as well as both device and cloud-based encryption and tokenization capabilities. Using a mobile device to initiative a transaction will soon be as common as swiping a card and consumers will benefit from the enhanced security that such technology can provide.
Consumers deserve confidence in their privacy. ETA believes that the best approach to ensuring the continued safety and security of financial data is through industry-led initiatives and marketplace innovation. Through the influential new alliance of industry associations, ETA looks forward to working with our partners to strengthen consumer confidence in electronic transactions to maintain the trust of our customers.
Jason Oxman is the chief executive of the
