MasterCard Exec: It's Time for EMVRetail Breaches Signal Need to Migrate from Mag-Stripe
In one of the first public statements by a major payment card company in the wake of the Target Corp. and Neiman Marcus breaches, an executive for MasterCard says it is now time for the U.S. to migrate from magnetic stripe card technology to the more secure Europay, MasterCard and Visa chip technology standard.
See Also: The Essential Guide To Machine Data
"This migration is about an upgrade that will drive both innovation and security for all parties, most importantly for consumers and cardholders," says Chris McWilton, president of North American markets at MasterCard, in an opinion piece written for CNBC News.
"For too many years, different parties have relegated the EMV migration decision to a cost vs. benefits spreadsheet analysis," McWilton says. "However, spreadsheets don't consider the cost of losing the public trust, which is immeasurable."
Chip cards using the EMV standard contain an embedded microprocessor that stores and processes encrypted information, making it difficult to copy or counterfeit.
McWilton acknowledges progress has been made on the EMV front, including a number of large U.S. retailers publicly indicating they're installing new terminals at their stores to accept chip cards by October 2015. And many U.S. card-issuing banks have started providing cardholders with chip-enabled cards while planning for massive rollouts over the next two years.
But he also acknowledges the public finger-pointing and posturing seen in the wake of the breaches, as parties discuss who is responsible for fraud losses in the wake of these incidents - the merchant, the card-issuing bank or the card companies themselves.
"All involved - networks, merchants, issuers, acquirers and others - should focus their time, efforts and resources on continuing this migration and further enhancing the security of the U.S. payments system," McWilton says. "The lesson of the recent [breaches] is clear - we should not delay the migration to this global standard any longer."
On Dec. 19, 2013, Visa commented briefly on the Target breach on the Fox Business news website.
"Visa is aware that Target has disclosed unauthorized access to payment card data affecting all major card brands," an e-mail message to the news site said. "When such incidents occur, Visa works with the breached entity to provide card issuers with the compromised accounts so they can take steps to protect consumers through fraud monitoring and, if needed, reissuing cards. Because of advanced fraud-monitoring capabilities, the incidence of fraud involving compromised accounts is actually rare, and Visa fraud rates remain near historic lows."
The breach at Target Corp. compromised as many as 40 million payment card accounts, along with the personal information of about 70 million customers.
On Dec. 23, Target confirmed malware was to blame for an infection of its point-of-sale system that likely exposed the card details between Nov. 27 and Dec. 15.
The retailer reported on Jan. 30 that the breach was the result of hackers stealing electronic credentials from a vendor [see: Target Breach: Credentials Stolen].
Neiman Marcus, in a statement on Jan. 22, confirmed that between July 16 and Oct. 30 last year, more than 1 million credit and debit cards may have been breached. A network malware attack designed "to collect or scrape payment card data" had been identified by forensics investigators, CEO Karen Katz said in the statement.