Market Insight

High profile security breaches help drive EMV migration in the US

May 28, 2014

Don Tait Don Tait Principal Analyst, Cybersecurity & Digital ID

Want to learn more?
Have an expert contact you.

Shipments of higher security smart payment and banking cards are projected to increase to 84 million in 2014, according to a new report from IHS Technology (NYSE:IHS) titled “Payment and Banking Cards Report –2014.”

The recent card security breaches at several major US retailers resulted in payment information from tens of millions of cardholders being stolen. One of the merchants, Target, has since expedited plants to issue chip-and-PIN-enabled store credit cards to replace the magnetic-stripe cards involved in the breach. In March 2014, Target announced an accelerated $100 million plan to move its REDcard portfolio to chip-and-PIN technology. It plans to have chip-and-PIN technology installed in all stores in the United States by this September, six months ahead of schedule. Other retailers are likely to follow suit, and shipments of the higher-security cards to US consumers are projected to reach 344 million by 2019.

US market for Smart Payment and Banking Cards - IHS Global Ltd.

 

It is important to note that, EMV technology would not have prevented the Target breach—which involved the installation of malware inside POS terminals’ memories, where data is unencrypted regardless of the type of card from which it originated. However, criminals’ ability to reuse that payment information—specifically to create and sell counterfeit cards—would have been greatly reduced.

One area in which the card issuers concede EMV technology will not prevent fraud is when stolen information is used to make purchases online or over the phone—so-called "card-not-present” (CNP) transactions, where no chip transaction is involved. In fact, evidence exists that CNP fraud has increased in countries that have adopted EMV cards. The UK, for one, saw losses from CNP fraud triple between 2000 and 2010.

For this reason, many of the world’s largest banks are urging adoption of a tokenization standard, which would help protect card data by substituting the account number with a unique, randomly generated sequence of numbers and alphanumeric characters that would make it difficult to use the same card repeatedly.  In any case, as both consumers and criminals alike continue to abandon the physical point of sale to make their purchases online, increasingly sophisticated security technologies—whether tokenization or other advanced encryption methods—will have to follow. It is important to look at this area as part of a layered approach that includes tokenization, end-to-end encryption and EMV cards.

If you would like to purchase this report or have any specific questions, please feel free to contact me.

Thanks and kind regards, Don

T: +44 1933 402 255

E: don.tait@ihs.com

Research by Market
Security Technology
Share facebook Twitter Google Plus Linked In Add This Contact Us