Does EMV guarantee electronic transaction security?
The reality is that there is no single solution today that meets the security requirements of every card-present, card-not-present, attended, unattended, quick service, fine dining, and other electronic payment environment. That said, any time personally presented card data is part of the transaction lifecycle, EMV is a critical component of any total security solution – one that protects both merchants and customers.
The key to ensuring effective transaction security is:
- understanding that a multi-layered approach is required
- applying the appropriate layers where and how they best meet the needs of the business model.
EMV is a proven solution for card authentication
EMV is a proven method of card authentication; with the addition of PIN entry, it also provides cardholder authentication.
EMV is a separate security protocol from encryption or tokenization: ideally, cardholder data will be authenticated through EMV using a transaction encryption solution. If there is a need to store or reuse the cardholder data in card-not-present circumstances, tokenization is also recommended as part of the original transaction.
Without EMV, encrypted fraudulent cards can still be accepted and processed; in fact, non-EMV-encrypted transactions secure the fraudulent data along with genuine data. Without encryption, the EMV data is unprotected during transmission and storage. Tying these two technologies together creates an effective shield against both card fraud and data breaches. Both are necessary and complement each other.
Transitioning to EMV is an excellent time to design and implement a total data protection solution, as well.
Allen Friedman is the Director of Payment Solutions at Ingenico Group, North America