EMV has been eagerly awaited, especially after the recent spate of data breaches we’ve seen.
But Verifone’s Joe Majka, who serves as the company’s vice president and chief of security, noted that PCI DSS 3.0, and the Europay, MasterCard, Visa (EMV) concept that comes with it, aren’t enough to provide the fullest protection.
Majka, who talked to PYMNTS about the issue, noted that it was necessary to go beyond EMV in order to get the fullest protection going for customers.
Though these are still certainly powerful protective measures, it’s important to note that these are only just part of a larger whole.
Majka pointed to things like addressing broken authentication and session management with the correct coding techniques, using different authentication credentials for each customer when remote access is involved, protecting card reading devices themselves, and conduction penetration testing both inside and outside the network.
Yet even here, there are some troubles. Majka noted that the PCI standards put burdens on companies, and right as the upcoming liability shift in October arrives.
EMV is a powerful protection, as Majka noted, bringing in a great way to prevent counterfeit cards from being used, but not even EMV would have been sufficient to protect against the data breaches that took place not so long ago.
EMV is a strong protective measure and it will likely be sufficient to repulse many common attacks. But there are several points involved that need a layer of protection as well, like protections that go beyond the point of sale to cover things like the network itself. Things like encryption and tokenization, which renders stolen data largely useless, can be a great addition to a more powerful security proposition.
The key point is that EMV by itself won’t save users from every hacking attempt.
Why not? Because EMV’s effectiveness only goes so far. The rest of the chain that is the payment network requires different protection methods to ensure the best results, and that means that EMV is just a great start rather than an end. Looking into the other protection methods will help keep the whole transaction safe from start to finish, and that’s a goal worth pursuing.