Read more about the current Greenbook proposals. ...
This site uses cookies to ensure that we give you the best user experience. Cookies assist in navigation, analyzing traffic and in our marketing efforts as described in our Privacy Policy.
As payment technology around the world continues to change, one consideration at the back of everyone’s mind is payment security. Whether you are completing a payment transaction using an app, crypto currency or credit card there is the potential for malicious actors to potentially eavesdrop and even hijack your financial payment information.
Benefits of EMV Cards
With the modernization and increased distribution of EMV cards (or chip cards) it was a major belief that the technology would strengthen the security protections around credit card payments, both in person and online. The reason for the optimism surrounding EMV cards was due to a number of reasons:
“For EMV’s security protections to work, the back-end systems deployed by card-issuing financial institutions are supposed to check that when a chip card is dipped into a chip reader, only the iCVV is presented; and conversely, that only the CVV is presented when the card is swiped. If somehow these do not align for a given transaction type, the financial institution is supposed to decline the transaction.” – Brian Krebs, www.krebsonsecurity.com.
What Makes a Chip Implementation Compliant?
Based on recent research by Brian Krebs, several financial institutions have not set up their systems to perform the sophisticated encryptions to secure payment validations properly.
As EMV cards continue to become more prevalent, threat actors are adapting as they continue to develop new methods targeting consumer credit card data. One popular method targeting EMV cards is the creation of point-of-sale malware which is used to capture the EMV transaction data in order for this information to be resold and used to create magnetic strip copies of chip-based cards. In early July, this type of malicious attack came to the forefront of the financial industry when Visa put out a security alert detailing the prevalent of this type of malware.
The Potential Costs of Non-Compliance
As with most industry standards, there are a variety of costs that come into play for non-compliance. While every organization should perform an assessment of their unique risks, some commonalities arise across industries:
How can Schneider Downs help?
At Schneider Downs, we assist clients with their PCI Compliance requirements by providing scalable, efficient solutions for meeting the rigorous demands of PCI compliance. Incorporated within our compliance approach is the strategy to develop a control environment that will ensure future compliance is sustainable. For more details on our PCI service offering, please visit our website or contact us if you have any questions.
Sources
About Schneider Downs Cybersecurity
The Schneider Downs cybersecurity practice consists of experts offering a comprehensive set of information technology security services, including penetration testing, intrusion prevention/detection review, ransomware security, vulnerability assessments and a robust digital forensics and incident response team. For more information, visit www.schneiderdowns.com/cybersecurity or contact the team at [email protected].
In addition, our Incident Response Team is available 24x7x365 at 1-800-993-8937 if you suspect or are experiencing a network incident.
Read more about the current Greenbook proposals. ...
Learn more about the regional and national supply chain implications of the Baltimore Key Bridge collapse. ...
We’d love to hear from you. Drop us a note, and we’ll respond to you as quickly as possible.
Ask us
[email protected]
p:412.261.3644
f:412.261.4876
[email protected]
p:614.621.4060
f:614.621.4062
[email protected]
p:571.380.9003