EMVs have proven incredibly effective at preventing in-store credit card fraud within brick-and-mortar retail environments:
- In order to initiate a transaction, the card’s security chip must be physically inserted into an EMV-ready terminal.
- To complete a purchase, the user must either:
- Sign his name — like with traditional consumer plastic.
- Enter a personal identification number (PIN) — like with debit card purchases.
In nearly every major market where the EMV standard has become mainstream, retail fraud has gone down. However, these highly secure chip-enabled cards haven't reduced fraud completely. It is still technically possible to clone chips and forge signatures.
In the online world, EMVs don't offer any more protection than traditional credit cards. Just as with swipe-and-sign plastic, shoppers only need to provide a card number, CVV code and mailing address to complete a purchase.
As a result, online credit card fraud is on the rise as criminals abandon physical stores in favor of less secure e-commerce shopping carts. In fact, online fraud is expected to reach $6.4 billion a year by 2018 — nearly double what it was just four years prior.
To combat this trend, merchants continue to clamor for better security solutions, and the technology of choice seems to be tokenization.
The Role of Tokenization in Card Not Present Transactions
Tokenization is a security technology that applies equally well to the offline (i.e. physical retail stores) and online worlds (i.e. card not present (CNP) transactions).
Rather than capture and store user data within a merchant’s environment, important information like card numbers or CVV codes are automatically replaced with randomly assigned "tokens."
In the unlikely event that someone does manage to get his hands on one of these tokens, he'll discover that the alphanumeric string is useless. The randomly assigned ID can only be decrypted by the payment processor, and the unique token only works for that particular customer and merchant — meaning you can't use it with other vendors.
Should You Embrace Tokenization Within Your Store?
The short answer is yes. Whether you operate a traditional brick-and-mortar establishment or an online shopping cart, tokenization is one of the most effective ways to reduce credit card fraud and limit your PCI scope. Because your payment environment doesn't store any financial data, there is nothing for thieves to steal.
However, note that not even tokenization is 100-percent foolproof.
Hackers will always continue to develop workarounds as newer and more secure verification technologies emerge. Though by coupling tokenization with a secure payment gateway and a little common sense, it's possible to make your store much safer for users — even if they prefer shopping online or via telephone.
Fortunately, tokenization is relatively easy to set up. You won’t have to overhaul your payment infrastructure or make expensive upgrades in order to benefit from this highly secure technology.
To learn how BluePay can help, schedule a free appointment with our payment security team today.