In the Q1 edition of Payment Quarterly, Bluefin Chief Innovation Officer Ruston Miles discusses the impact of EMV on payment security, the rise in importance of tokenization and P2PE and, if the right technologies are implemented, whether 2016 could mark the end of the data breach era.
If 2015 was the year of EMV in the U.S., it seems only fair that 2016 should be the year of its complementary technologies – tokenization and point-to-point encryption (P2PE).
Throughout 2015, the extraordinary focus on EMV in the media and elsewhere has sucked the oxygen out of any discussion of the pan-industry Payments Security Taskforce (PST) “secure-all-channels” strategy, of which EMV implementation is but one of three technological elements. Yet this strategy, implemented holistically, is the key to ending the “data breach era”. Whether 2016 can mark the beginning of a new era in payments security depends on a few things happening in the year to come.
As EMV adoption gathers pace, we can expect stragglers – indeed gas stations have until 2017 to adopt chip technology. Nevertheless, as chip card use becomes ever more widespread and embedded, we can expect domestic counterfeit fraud to decrease and, to some degree (depending on the authentication protocols set by the issuing banks), lost or stolen card fraud to do likewise. We can expect this to be a relatively shallow but notable upward curve toward the end of the year.
Meanwhile, as criminals are thwarted in these areas, they will turn to other areas of perceived weakness in the payments system; for example, card not present (CNP) fraud is expected to increase and merchant systems will be subject to renewed attacks. Reacting to this, and able to turn their attention and resources from EMV, merchants will begin to focus more on securing the data within their systems, through tokenization, which protects data at rest and P2PE, which protects data in transit, particularly at the Point-of-Sale.
Read Ruston’s full article in Payments Quarterly.