Data Breach Rush to EMV: Breach frequency once years, now months, weeks, days
February 3rd, 2014
It is a self-fulfilling cycle that the closer we get to EMV, the more frequent and bold the data compromises will be. Only today, another breach was announced by Marriot that White Lodging, a company that services the hotel chain, has been hacked. The fraudsters clearly want their hands on the data before the value of it reduces with the mass adoption of the EMV standard.
Customers may tire of card replacement every few months or, worse yet, being a victim of counterfeit fraud at that same rate. I am certain that a discussion is occurring in some boardrooms about whether a bank’s EMV strategy needs to stay “on schedule” or be fast tracked to meet the growing pressure from more and frequent data breaches and accelerated use of the data by fraudsters. But it’s not just about “turning EMV on”. My greatest concern as a consultant and former bank executive is that the industry is transitioning fragmentally and paying close attention to all the moving parts is critical.
Here are a few of the top items to consider in any EMV (Fraud) Strategy plan:
Customer Convenience & Education
- Have your customers been given clear instructions on what to expect at the ATM and at Retailers during the EMV transition?
- Do your customers who travel internationally have a PIN number to use with their EMV card and know what to expect?
- Do you have a regular communications plan for your customers as the roll out matures?
Bank Team Training & Education
- Have your customer-facing teams had EMV 101 training?
- Do you have a FAQ document to support your internal teams?
- Are your point-of-sale terminals all fully EMV-ready and certified?
- Are you training your staff to understand the transition and how to process an EMV transaction?
Fraud & Risk Controls Preparation
- Have you mapped all the EMV-related data elements to your fraud detection systems?
- Are you looking at model segmentation of non-EMV and EMV models both for contact and contactless payments?
- Are you looking at the risky fallback patterns?
- Are you leveraging your profiles for EMV?
- Are you analyzing terminal-level tracking?
- Are you implementing risk tables?
- Are you using sequence logic for merchant profiles, terminal profiles, and card profiles?
From just this brief checklist you can see that banks, retailers, and fraud strategy teams need to have their plans in “full gear” before going EMV. Having a fully thought through plan can make sure you’re not only in the race to EMV, but also help ensure you’re not the last to the finish line.