Late last month, Visa shared that in the first full year of using EMV chip cards, counterfeit fraud has dropped by 52%. While that’s certainly something to celebrate, fraud isn’t going away. Rather, criminals have moved their sights to other easier targets.
Today, merchants who haven’t yet upgraded to EMV are soft targets and low-hanging fruit for criminals. In fact, Julie Conroy, an analyst with industry research firm Aite Group, warned that there was a fire sale among criminals to use stolen card data to create counterfeit cards. These counterfeit cards are then being used today at stores lacking EMV technology.
Additionally, many criminals have shifted their attention to e-commerce card not present (CNP) fraud, in which cybercriminals access data directly via hacking and then use that data to make fraudulent online transactions. Consider what happened at Target. The retailer’s breach had nothing to do with whether EMV-certified terminals were in use, it had to do with a weakness in data security on Target’s network allowing criminals to access millions of customer credit card records.
Finally, there’s been an increase in friendly—or chargeback—fraud, where a customer who used their real card then disputes the charges with their bank. If the merchant doesn’t support EMV, they will end up paying for the chargeback as well the product and shipping costs. Visa has estimated that friendly fraud accounts for nearly $12 billion in losses, second only to phishing scams when it comes to e-commerce threats.
In short, when it comes to security, even if all your customers are on EMV, your work isn’t done. Likely, it will never be done. Payment security is an ongoing discipline and part of a holistic total service and solution approach today’s solution providers need to be taking with any of their customers that handle a credit card transaction in person, though retail and restaurants are the largest targets. EMV is the logical first step, “foot in the door” solution you should be offering to merchants. Once you’re talking security, it’s your job to educate your customers on the ways their payment and customer data is at risk. Following are just a few questions to ask yourself:
Have you conducted a PCI assessment? It’s critical to establish a baseline of a customer’s current level of security, identify any gaps and then pursue PCI compliance. If you don’t have experience with such assessments, Ingram Micro can assist you in performing them. Overall, you want to ensure that the necessary hardware, software and process-related security measures are in place to protect your customers. Once you’ve created a secure environment, you should check regularly to ensure that changes that jeopardize their security haven’t occurred. The best PCI security plan can be foiled with a single unlocked door or by an employee that has unrestricted access to data they shouldn’t.
Have you installed, and do you maintain, the latest network security and firewall protection? Security doesn’t just keep the bad guys from coming in, it can ensure data doesn’t flow out of the company through a criminal on the inside. A combination of policy-based permissions, intrusion detection and protection tools, firewalls, and endpoint security solutions are just the first step. Once installed, they must be monitored and maintained to continue to deliver adequate protection.
Do your POS software and payment processing offerings utilize point-to-point encryption? Unfortunately, some vendors still transmit payment data in an unencrypted format, creating an opportunity for criminals. Ask your vendors for proof of their level of security.
What’s your ransomware strategy? If a retailer’s entire customer database becomes encrypted by ransomware, they’ll have to pay to get it back. Security-minded solution providers protect their customers against ransomware with two layers of protection. First, antivirus or antimalware software can hopefully identify and protect systems against a ransomware infection. Second, in the event files are encrypted, backups can be used to roll back a system before the malware did its deed.
Security is a complex multifaceted discipline, and criminals are working together to find new exploits. In the Nilson Report’s latest findings, projected worldwide losses due to credit card fraud are expected to eclipse $31 billion, despite the payment industry’s best security efforts. Frankly, staying ahead of the criminals is too much for any one solution provider to be expected to handle. Your best bet is to work closely with your Ingram Micro rep to leverage our full arsenal of experts and line card of the most advanced security solutions available.