Technology: Target on Your Back
High-profile data breaches put retailers in public crosshairs
The real answer, he says, is in continued discussion involving all stakeholders. “We’re working hard not to get the short end of the stick,” he says. And while Visa Inc. a few months ago seemed ready to relax pending EMV deadlines, the Target revelation seems to have put pressure on them to keep the EMV momentum going. “Now it’s EMV now and EMV forever,” Taylor says.
A retailer in the Northeast, who spoke to CSP magazine on condition of anonymity, concurred, saying that technologies such as EMV will take years to implement at a tremendous cost, all the while giving hackers time to adapt. “It’s like trying to put a ladder to reach the top of a tree,” he says. “Every time you want to reach the top, the tree grows and you need a new ladder.”
Ultimately, Taylor does see a “multilayered” solution as the answer, with the specifics being what all stakeholders can agree upon, whether those steps require technology, processes or training.
One of the solutions called for by those speaking on the Hill is eliminating signature-based credit cards altogether.
A representative from the National Retail Federation in March told the Senate Committee on Commerce, Science and Transportation that “it’s time for an overhaul of the nation’s fraud-prone credit- and debit-card system,” saying banks’ insistence on cards that use a signature instead of a PIN puts merchants and customers at risk.
Mallory Duncan, senior vice president and general counsel for NRF, in a release pointed out that the cardholder’s name and account number are clearly printed on each card, along with the expiration date and security code.
The idea sits well with Taylor of PCATS. However, he says, “It’s in the best interest of the credit-card companies not to do so. If you put a PIN on every card, Visa would lose 62% of its transaction volume. If I were Visa, I wouldn’t want to see that happen.”
When contacted by CSP, a Visa spokesperson would not comment on card volume based on authentication methods but addressed the issue of PIN-based solutions. Ellen Richey, chief enterprise risk officer and chief legal office, says Visa’s focus is moving to a chip-based system. “The chip creates a dynamic cryptogram—a one-time message with every transaction—so that if a thief gets into the retail store or systems and steals the data, they can’t make a usable counterfeit card,” she says.