PCIU Supports Clark Howard’s efforts to Educate SMBs on Avoiding Security Breaches


all-major-credit-cards-accepted

The following is a letter from our CEO and Co-founder, Charles Hoff, to consumer watchdog Clark Howard adding helpful information to his site’s article on EMV’s ability to help fight fraud:

I read with interest your very fine 8/18 article on EMV entitled “How Debit Card Chips Fight Fraud.

Although the article is indeed accurate and contains helpful consumer information,  I believe that your readership would want to know a few additional facts when it comes to EMV.

I) Chip & Pin vs Chip & Signature:  The roll-out of EMV in the U.S. is different in that found in Europe.  Instead of a “Chip and Pin”version used overseas, most of the cards being issued in the U.S. are classified as Chip and Signature.  In Europe the Chip and Pin card works much like a traditional “debit” card as a consumer is protected not only by the imbedded microchip, but also has the benefit of a double authenticator as the user must punch in their pin number as well.  In the U.S., we don’t have the benefit of the “pin” protection as consumers continue to sign their receipts which does not afford any greater security.

2) Limitations to Fraud Protection:  EMV does in fact help prevent both counterfeit and stolen card fraud.  However, it does not do anything to protect consumers against e-Commerce fraud and hackers. In fact, the incidences of e-Commerce fraud spiked in Europe after the introduction of EMV.  Hackers habitually gravitate to the most vulnerable enterprises.

3) Fraud Prevention Requires a Layered Approach:  Cybersecurity experts require a holistic or layered approach consisting of the
following:

  1. EMV – to tackle counterfeit and stolen card related fraud;
  2. Point to Point Encryption – a 3rd party solution that encrypts data from the credit card swipe until data reaches a secure decryption environment, and is the best protection during card transmission;
  3. Tokenization – which protects post transmission data by replacing data with alias values/tokens that are meaningless to someone obtaining unauthorized access;
  4. Education/Awareness – no matter what technology investment companies make, human error and lack of training continue to be responsible for a substantial number of breaches.

As roughly 85 – 90% of data security breaches are to small and medium sized businesses, I believe that you and Clark Howard can make an even greater difference in protecting consumers and small business owners by providing just a the few additional helpful tips above on this paramount issue.   Please feel free to call on me as a resource if I can be of any help.