Payment Card Roll Call: “Not Present” fraud likely to increase as EMV takes hold
No retailer wants to become the next Target (pun intended). Payment card fraud costs businesses and consumers billions of dollars every year. What’s even more frightening, many of the breaches in the news are the result of innocent participants inadvertently granting access to the bad guys. The Target breach in 2013 exposed the data of 110 million payment cards. Hackers got into the network using perfectly good credentials of the HVAC company. Sometimes password security just isn’t enough, which might bring in to question the security of all those SaaS subscriptions and online shopping sites folks use these days.
EMV chip technology, the standard around the world which has just recently become a standard in the United States, has done a lot to stem the tide of credit card fraud in other countries. As it was implemented in various countries, guess where it pushed the fraudsters? Where the anti-fraud technology wasn’t, of course! The United States was among the laggards in requiring EMV chip technology for payment cards, opening the door for bad guys and turning the US into a veritable haven for credit card fraud, “accounting for nearly 50% of global fraud losses, according to the Nilson Report[1]”.
EMV chip (or chip and pin) technology will go a long way to prevent credit card fraud for businesses accepting payment cards… in-person and counterfeit card fraud, anyway. Online retail, on the other hand, not so much. A chip on the card doesn’t really help when the transaction is completed with the card not present (CNP). Some industry analysts suggest that CNP fraud losses will exceed $6 billion within the next few years, making e-commerce and online payment security a high stakes game for even the smallest of retailers. As it gets more difficult to hack the payment system when the card is presented, bad guys will fall back in even greater numbers to the card-not-present model to find their victims.
Online retailers and service providers must take additional steps to secure their systems and protect customers and business partners, and face the challenge with the understanding that effort must be ongoing as new threats emerge. Tokenization is a prime method of layering the system with security, making the merchant system somewhat less of a worthy target by not storing the card data in the system. Even if the system becomes compromised, the bad guys wouldn’t find customer payment card information. There are numerous other steps a business can take to secure the CNP sales, including applying behavioral analytics which might identify rogue activities, or using 3D Secure to authenticate a cardholder’s identity at the time of purchase. The point is that CNP fraud is likely to spike as EMV technology takes a firm hold in the US.
Card fraud is already escalating rapidly for ecommerce retailers and other card not present channels – it didn’t take EMV to start on that roll but it will surely give it a push. Paperless payment systems, SaaS subscription services and online application service usage are increasing dramatically and there’s no chip to get in the way of these transactions. Sellers of any and every service utilizing online payments need to now pay particular attention to system and information security. The risk has always been there, and EMV chips and other shifts in pay card technology simply give it a push.
Make Sense?
J
[1] Chipping away at Credit Card Fraud with EMV; Information Week Tech Digest powered by Dark Reading, Nov 2015; NilsonReport http://www.nilsonreport.com/publication_newsletter_archive_issue.php?issue=1071
As businesses mobilize their workforces and processes the volume and variety of sensitive data passing through and sitting on mobile devices increases dramatically. Even though the business owner or IT manager may recognize the importance of mobile data and device security, doing something useful about it is altogether another issue. New considerations enter into the picture frequently, turning mobile security into a moving target. Protecting the business – the organization, its employees and its customers – requires adopting mobile security strategies that cover a broad range of issues.
Everything is moving to the cloud! Everything is going online! At least, that is what they’re telling you. And, to a certain extent, it is true that a lot of things are moving to the cloud; just not everything. 
Devices are more powerful so that they can run more applications – fast – and deliver more useful functionality to the user. Maybe the data will be in a cloud, and maybe even some app functionality will be delivered via a cloud, but it is very unlikely that everything will be in the cloud. Complexity and cost drove developers to seek out alternatives, and advancements in technology will introduce new options that change everyone’s thinking again. While the 
Make Sense?
In most regions around the country high-speed broadband is readily available, and using the Internet for working and playing online is a part of everyday life. Facebook and Twitter and Instagram are household names and just about every conversation starts or ends with a reference to a 
Information technology and the “cloud” is amazing. With the right IT resources and connectivity, individuals and small businesses are able to compete at global levels with much larger organizations, and are proving that placing focus and attention on the right aspects of the business helps the business perform better. The right IT approach is to use technology to make the business smarter so more gets done in less time and with fewer resources – this is wearing the bunny slippers. The goal is leveraging systems, software and connectivity to be more efficient and effective, creating the time to stop and think for a while, innovate, or simply relax.
When I first started my business, like many start-up operations, I decided to 
Make Sense?
Over 130 Marketing Tips in this Free eBook!
Cooper Mann Consulting 