The Hidden Cyber Risks of the EMV Liability Shift
Europay, MasterCard and Visa (EMV) chip technology represents a major advance in credit and debit card security. However, merchants should be mindful that the new cards don’t eliminate all cyber risks. In fact, they might actually create some new ones.
No Protection Against Data Breaches
There’s been some confusion over what EMV cards will and won’t do in terms of protecting the integrity of credit card transactions. When an EMV card is inserted into a reader, the chip ensures that the card is authentic—something that magnetic-stripe cards cannot do. However, if a merchant’s system is infected with malware, or if a hacker compromises the network, EMV alone offers no additional data protection.
Importantly, neither the liability shift, nor the EMV technology itself, will have any effect on card-not-present (CNP) transactions. That doesn’t offer much protection for merchants though, because current liability and chargeback rules for CNP fraud usually leave merchants liable for the charges.
Making matters worse, after other countries adopted their EMV liability shifts, incidents of CNP fraud generally skyrocketed. Some experts are predicting that CNP fraud might as much as double following the liability shift.
Security experts suggest that merchants should take additional security measures to protect themselves. Technologies such as tokenization, behavioral analytics and 3-D Secure can protect customer data and provide additional levels of authentication for CNP transactions.
Tanner, Ballew and Maloof – Your Coverage Expert
As reliance on technology continues to increase, new exposures continue to emerge. As your business grows, make sure your cyber liability coverage grows with it. We are here to help you analyze your needs and make the right coverage decisions to protect your operations from unnecessary risk.