In recent years, there have been a number of data breaches in which criminals stole millions of customer records using malware and viruses. Target and Home Depot are two of the most high-profile data breaches, but there are many other instances of identity theft and credit card fraud at a smaller scale.
In nearly all cases, consumer outrage has been vocal and swift. And not surprisingly, merchants across the country continue exploring ways to make their customers' data more secure.
The most popular solution involves switching over legacy credit card terminals to EMV readers.
But if Target and Home Depot had used EMV credit card terminals all along, would they have been protected from data breaches?
Yes and no.
How Secure Is EMV Payment Technology?
EMV chip-enabled credit cards have become the preferred payment technology for retail stores all over the world. In fact, many countries make EMV cards and terminals mandatory due to their advanced security features:
- The embedded security chips that come with each EMV debit and credit card are very difficult to clone.
- The card (and chip) must be physically present for the transaction to begin.
- To complete a purchase, the customer must either provide a signature or enter a special personal identification number (PIN).
Thanks to these advanced features, EMV transactions have helped cut down on credit card fraud in places where the technology is already mainstream. And had Target and Home Depot installed terminals in their stores, their respective data breaches wouldn't have been as severe.
However, EMV credit cards are not foolproof (no payment technology is). And here's why:
1. Limited Online Security
EMV's chip-enabled security features only apply to retail environments. For online purchases, these chips become obsolete. So if hackers manage to steal personal account numbers (PANs), they can use this information to shop online.
2. EMV Security Is a Two-Way Street
Even when making in-store purchases, these security features only work if both sides of the transaction are EMV-ready. The merchant must have a chip-enabled reader — and the customer must have a chip-enabled card.
Using EMV readers alone, neither Home Depot nor Target could have protected the 75 percent of shoppers who still use magnetic swipe & sign plastic.
3. Data Breaches Are Not Always Financial
EMV transactions can help reduce credit card fraud, but they don't necessarily protect other personally identifiable information like emails, addresses and shopping preferences. Hackers can steal this other information if it isn't securely stored in a retailer's database.
How to Make Your Payment Environment More Secure
Leveraging EMV technology is only the beginning. In order to keep your customers’ information safe from criminals, you should invest in secure database technology to keep any stored information out of reach.
But we also recommend leveraging tokenization — a security technology that removes the need to store sensitive financial data altogether.
Instead of capturing cardholder information in your payment system, tokenization assigns a randomly generated ID ("token") to every card and transaction. You can even use tokenization for other types of customer information — including emails, names and addresses. As an added benefit, tokenization works great for online shopping environments where chip-enabled EMV transactions offer limited protection.
Had Target and Home Depot successfully leveraged EMV readers, database security and tokenization together, they might have successfully avoided these data breaches.
To learn more about secure payment processing for your retail or e-commerce store, click on the links below:
