EMV are we safe? Or is there still a threat?
Cliff Dean, CEO of LD Systems.
We all are aware of the need for all devices to be upgraded to EMV “chip” enabled. The petroleum industry had an extension at the pumps. Today there are still an enormous amount of installations that are not running the EMV and or partially as of yet. Many times you will go into an establishment and the clerk will ask you to insert the chip card 3 times before their system defaults back to the swipe. Yes it is a slight inconvenience but the same issue with skimming is not being countered at this point.
The mass amounts of cards with the mag stripe, even with the chip cards, are still vulnerable. This will be around for a long time to come. Check your latest credit cards in your wallet. Mine are out to 2022 with Chip and Mag stripe.
Is the threat still as high as before? No it has been reduced to approximately 67% from the card present transactions----But the mag stripe still makes card present for skimming vulnerable as the fraud on line is up 45% as we see in posted article below by Dell Cameron---
Chip-based credit card readers, first introduced around 2011, have led to a 70 percent drop in counterfeit fraud in the United States, according to Visa.
Visa says more 481 million chip cards are now in circulation, representing roughly 67 percent of all Visa debit and credit cards. The company also says that nearly two-thirds of US storefronts are using chip cards—also known as “EMV” cards, named after the three companies who developed the technology: Europay, MasterCard, and Visa.
The two-third total, however, refers to stores that have completed at least one EMV transaction in the past month—so if you frequent a store with a chip reader (that seems to be malfunctioning 99 percent of the time), they made the cut. There’s a big incentive for businesses to use chip cards; those that don’t run the risk of being held liable for in-store fraud, per transaction rules established in late 2015.
Visa’s figures are based on totals offered by its client financial institutions, which are compiled by VisaNet, the company’s electronic payments network.
While EMV chips are far more secure than magstripe technology—the former has dynamic authentication features, while the latter allows cards to be copied (or “skimmed”) with relative ease—chips are only useful in preventing CP fraud, or “card present” fraud. The term refers to fraud resulting from the use of a payment card at physical store. It does nothing to prevent online theft.
Likely due to the fact that EMV cards have been widely adopted, CNP fraud(card not present) is on the rise. Increasingly, hackers are getting their hands on payment card information, and businesses are regularly leaking huge troves of credit card data online.
The US leads the world in e-commerce sales, which suggests Americans are far more likely to fall victim to CNP fraud. Data breaches affecting American consumers hit an all-time high last year—up 45 percent from 2016, according to the Identity Theft Resource Center.
Of the 179 million records exposed last year—a figure that, by the way, does not account for every single US data breach—nearly 20 percent resulted in exposed payment card information.
Targets that are easily accessible in most places are ATMs. Techniques to steal are crude and not often successful. Less secure ATMs in small models with out Level 1 safes are the most vulnerable from a physical standpoint. The ones that have level 1 safes they don’t normally get in to but destroy the atm from an operational standpoint. So the more lucrative and sophisticated approach are the readers on the machines for customer information.
Skimming the information from the atm card is the most attractive for the criminals and can produce much more than the cash in the ATM.
Anti-Skimming and deep insertion protection in addition to the EMV card devices are the best deterrent to the skimming attacks.
How much does this cost the industry? Billions ….. Yes That’s with a “B”
Card Data Protection -
Active Anti-Skimming solution
Includes: CPK, MDK*, TVK, DSW and Integrated USB communication
Card Protection Kit. (Includes the TSM/Transmitters - Jammer). Protects against digital, analogue and stereo skimming.
Metal Detection Kit. In combination with the ADK (Active DIP Kit) the MDK is an informational feature for the detection of a foreign (skimming) device. Due to the active protection of the ADK a silent alarm will be generated when a foreign device is detected.
Tilt and Vibration Kit. Protects against skimming by providing smart protection against criminal attempts to cut, saw or drill into the fascia so as to try and access the card reader; it also protects against attempts to disable or remove the TSM.
Door Switch. Ensures that no alerts are generated during authorized access to the ATM/SST for maintenance or service when the TVK and SDK are in action by temporarily putting the TVK and SDK in 'standby' mode when the door is open. Integrated USB communication. For local use with the CPK Utility Software.
DEEP INSERTION THREAT
There are different Kits for the type of Card readers and also a NEW KIT for DEEP INSERTION prevention that goes past the ANTI SKIMMING device to guard against the deep insertion threat.
We will never be 100% safe as the thieves are working hard to get past the present and newest technology.
We have however made enormous strides in the protection products as an industry.
LDSystems will continue to stay updated on the latest security protection and keep you informed.