light bulb

Did You Know?



Reply
Highlighted
Posts: 2,050
Topics: 1,037
Kudos: 2,129
Registered: ‎10-14-2013

Payment Card processing services upgrading to Chip-and-PIN and Point-to-Point Encryption

The massive data breaches in U.S retailers 'Target' and 'Neiman Marcus', in which financial credentials of more than 110 million and 1.1 million customers were compromised respectively, have put a spotlight on the need for more secure transactions.
To tackle this issue, the two major payment card brands, MasterCard and Visa have announced the formation of a new cross-industry group that will focus on the security of the enhancing payment system to keep pace with the expectations of consumers, retailers and financial institutions in the United States.

“The recent high-profile breaches have served as a catalyst for much needed collaboration between the retail and financial services industry on the issue of payment security,” says Ryan McInerney, president of Visa Inc. “As we have long said, no one industry or technology can solve the issue of payment system fraud on its own.”

The joint effort aims to advance the migration to EMV chip cards, also known as PIN-and-chip cards and to promote additional security solutions like tokenization and point-to-point encryption as well.

When we talk about the Chip technology, it generates a unique code for every transaction, making it nearly impossible for criminals to use the card for counterfeit fraud.

As the Target hack exposed that traditional magnetic stripe payment cards transmit your account number and, in the case of debit cards, your secret PIN to merchants, but in case of 'Chip-and-PIN' cards you’re not transmitting an actual credit card number, instead it transmits a one-time-use token number that banks and card processors can match up with your account on the other end to process the transaction, but that doesn’t reveal your account number, even with the merchant.

Merrill Halpern of the United Nations Federal Credit Union, a pioneer in the use of chip cards says in an interview with Information Security Media Group, "A PIN cannot be compromised. ... And the chips cannot be copied" and stresses that “EMV also is providing the foundation for moving ahead with more secure transactions, no matter what [type]. It's flexible and it's an evolving standard."

Besides these two cards brands, the alliance will include the banks of all sizes, credit unions, acquirers, retailers, point-of-sale device manufacturers and industry trade groups, says the card brand in the press release. The importance of formation of the group is to work together to deliver meaningful solutions that will benefit consumers, merchants and financial institutions of all sizes and will ensure that all voices can contribute to the strategic direction of payment security.

Group Focuses on:

  • Advancing the migration to EMV in the United States.
  • Promoting additional security solutions like tokenization and point to point encryption.
  • Developing an actionable roadmap for securing the future across all segments of the payments industry.


“One of the critical roles we play is to protect consumers and businesses against criminals and fraudsters,” said Chris McWilton, president of North American Markets, MasterCard. “Only through industry collaboration and cooperation will we address the real and immediate issue of security and maintain consumer confidence and trust. EMV will be the next step in these efforts, alongside enhanced security solutions for online and mobile channels.”

 

Both the card brands are serving organizations and people globally. MasterCard is a technology company in the global payments industry that operate the world’s fastest payments processing network in more than 210 countries and territories, and Visa Inc. is a global payments technology company that connects consumers, businesses, financial institutions, and governments in more than 200 countries and territories to fast, secure and reliable electronic payments.

Source

SigBVIP.png original.png

Moderator
Posts: 1,273
Registered: ‎03-13-2013

Re: Payment Card processing services upgrading to Chip-and-PIN and Point-to-Point Encryption

I couldnt believe how shops were not using chip and pin when I visted the US. Was like stepping into the past, even though I think chip and pin isnt enough its still helps.

Community Manager Community Manager
Community Manager
Posts: 4,571
Registered: ‎12-16-2013

Re: Payment Card processing services upgrading to Chip-and-PIN and Point-to-Point Encryption

That is some awesome news.  I can't wait for this to roll out.  Maybe now my credit union will stop locking my card all the time for false positives Smiley Happy

Posts: 891
Topics: 177
Kudos: 601
Registered: ‎10-03-2012

Re: Payment Card processing services upgrading to Chip-and-PIN and Point-to-Point Encryption

Hi Petrovic,

Thanks for an interesting article.

 

Regards,

 

Mike

Sr. Community Leader

Beta Tester



WEBROOT® SecureAnywhere™ Internet Security Complete Beta v8.0.8.89

Posts: 5,408
Topics: 215
Kudos: 5,241
Ideas: 9
Registered: ‎02-03-2012

Re: Payment Card processing services upgrading to Chip-and-PIN and Point-to-Point Encryption

Hi NIc

 

How you doing?

 

Know what you mean but don't hold your breathe...it took a longish time to roll this out in the UK, and we are only a teenie, weenie country when compared to the US, population-wise as well.

 

I think that seriously it could take years, even assuming that a common set of standards is agreed with all the bansk, etc.

 

But definitively a step in the very right direction...although I am wondering if it might not be better for the US to skip Chip 'n Pin and go to the next system...which I am sure is somewhere in the wings, etc.

 

Ah, decision, decisions....etc.,

 

Regards

 

 

Baldrick

       Untitled-1.png


Webroot SecureAnywhere Complete Beta Tester v8.0.8.89...+ VoodooShield v2.71 Beta....working together as the NEW perfect combination! And backed up by Macrium Reflect v6

Moderator
Posts: 1,273
Registered: ‎03-13-2013

Re: Payment Card processing services upgrading to Chip-and-PIN and Point-to-Point Encryption

Well we got it in Ireland shortly after the UK and we cant do anything right over here Smiley Happy Our goverment could be replaced with 50 blind one armed monkeys and things would improve!

Community Manager Community Manager
Community Manager
Posts: 4,571
Registered: ‎12-16-2013

Re: Payment Card processing services upgrading to Chip-and-PIN and Point-to-Point Encryption


Baldrick wrote:

Hi NIc

 

How you doing?

 

Know what you mean but don't hold your breathe...it took a longish time to roll this out in the UK, and we are only a teenie, weenie country when compared to the US, population-wise as well.

 

I think that seriously it could take years, even assuming that a common set of standards is agreed with all the bansk, etc.

 

But definitively a step in the very right direction...although I am wondering if it might not be better for the US to skip Chip 'n Pin and go to the next system...which I am sure is somewhere in the wings, etc.

 

Ah, decision, decisions....etc.,

 

Regards

 

 

Baldrick


Doing good, how about you?  

 

That is a bummer to hear that it might take a long time to roll out.  I guess there is a lot of infrastructure to upgrade.

Posts: 5,408
Topics: 215
Kudos: 5,241
Ideas: 9
Registered: ‎02-03-2012

Re: Payment Card processing services upgrading to Chip-and-PIN and Point-to-Point Encryption

[ Edited ]

Doing good, Nic...cheers for asking!

 

Yes, bummer it may be but then again I think that the Americans are more striving (in the positive sense of the word, of course) than the British and I am thinking that it will probably take less time than it should...and there will be teething issues...but then again...that is often how implementations go.

 

Regards, Baldrick

       Untitled-1.png


Webroot SecureAnywhere Complete Beta Tester v8.0.8.89...+ VoodooShield v2.71 Beta....working together as the NEW perfect combination! And backed up by Macrium Reflect v6

Posts: 3,638
Topics: 2,140
Kudos: 2,787
Blog Posts: 0
Registered: ‎06-02-2014

Re: Payment Card processing services upgrading to Chip-and-PIN and Point-to-Point Encryption

The following article is a update on Chip and Pin and Point to Point Encryption

 

(Americans to be guinea pigs in vast chip-and-PIN security experiment)

 

By Iain Thomson,

 

 

Black Hat 2014 Next year US banks will begin a wide-scale rollout of chip-and-PIN bank cards, just 11 years after the UK made it mandatory.

In doing so, Americans will take part in a vast experiment to test chip-and-PIN against chip-and-sign when it comes to stamping out money thieves.

 

Not every US bank is keen on the PIN system, so some customers will get chip-and-sign cards instead. The results of the split approach will be studied by security experts to determine the pros and cons of each system; whether PINs are really more secure than a signature and whether chips are more tricky to clone than magnetic strips, for instance.

 

The Register/ Full Article Here/ http://www.theregister.co.uk/2014/08/07/americans_about_to_become_guinea_pigs_in_chip_and_pin_experi...

Community Leader

Posts: 902
Registered: ‎06-20-2014

Re: Payment Card processing services upgrading to Chip-and-PIN and Point-to-Point Encryption

The last point of the article concerning banks changing their terms to make consumers liable for fraudulant charges is not going to go over very well. It is something they promote to get you to use their credit card as well as their debit cards.

 

Being hit with credit card fraud twice in the period of 30 days just a couple months ago, it is fresh in my mined. I have alerts set up for forieng transactions and for charges over $50 made anywhere. On the 1st round, I received a text and as I was home, I responded within seconds answering their question if I made the transaction.

 

The transaction had not posted and it was a purchase made on a website, Once I confirmed it was fraud, they had the ability to reject the charge. Instead the bank allows the charge to post. I was not liable, however, the bank paid the merchant. They could have refused the charge. This is how they handle it. In cases like that, how can they hold the customer responsible.

 

It does concern me if banks do choose to go that route.

sig



Experience Shared is Knowledge Shared, Share Yours! I'm a volunteer – my reward is your SMILE!Smiley Very Happy


Helpful Webroot Links:


                         Submit Trouble Ticket • User Guides • BrightCloud URL lookup • Account Console 

Download (PC) • Download (Best Buy/Geek Squad Subscription) • Download (Walmart and Target) • Download (MSN Subscription) 


                                         Register and Introduce yourself to The Community!