Spurred on by the fall-out from last year's Target data breach, 86% of US financial institutions plan to begin issuing EMV-based chip cards within the next two years, according to the annual debit issuer report from Pulse.
The Target breach has undoubtedly acted as a call to action for the US payments industry and has indeed spurred the adoption of EMV and largely silenced the sceptics. But while EMV adoption will radically reduce the growing incidence of face-to-face card
fraud, the impact of data breaches will only be substantially mitigated by tokenization being adopted by all 'card-on-file' merchants. If card details are replaced by aliases, which themselves are constrained to usage in a single channel or even at a single
merchant, stealing these tokens becomes a futile exercise, but no doubt the hackers will turn their attention somewhere else...
It's right to say that EMV adoption will shift fraud from card-present to card-not-present channels. However, we need to be careful about the expectations that tokenization could reduce e-commerce fraud. In the tokenization framework proposed by EMVCo, tokens
are created from the original card data, including the PAN, and revert to the original card data for processing. Some of the proposals to apply this framework will require e-commerce merchants to collect and handle card data including the PAN. If the card-on-file
database is converted to tokens, it may present less of a risk, but as we saw with Target, the point-of-sale infrastructure can be breached to capture card details as consumers present them.
© Finextra Research 2014