Community
The Atlanta Federal Reserve's Cindy Merritt -- assistant director of the Retail Payments Risk Forum -- offers a refreshing, plain talking critique of the PCI-DSS regime. She goes to the heart of the matter; the rewards for organised crime are simply so vast that a process and audit based security regime like PCI-DSS doesn't stand a chance. PCI (like policy based security generally) mitigates against accidental loss or amateur attack, but it is nearly useless against concerted sophisticated attacks or inside jobs.
While stakeholder in the US struggle with the business case for EMV, it may help to look a little beyond EMV, because on its own, it still leaves the system open to Card Not Present fraud. The experience worldwide is that organised crime in each market turns to CNP when their skimming methods are throttled by the introduction of chip.
If deployed artfully, chip cards from the EMV system can also thwart CNP attack by introducing strong asymmentric cryptography (digital signing) to Internet transactions.
While the US bricks-and-mortar retail environment faces major switching costs, and they make take years to upgrade their termianl equipment, e-tailers have a wonderful opportunity to foster the use of chip cards to secure payment data in online shopping, for the price of a smartcard reader for each customer.
This content is provided by an external author without editing by Finextra. It expresses the views and opinions of the author.
Alex Kreger Founder and CEO at UXDA Financial UX Design
14 July
Milko Filipov Senior Manager at valantic
Md Rezaul Karim Director Business Development at Dandelion Payments
13 July
Srinathprasanna Neelagiri Chettiyar Shanmugam Manager - Banking and Financial Services at Aspire Systems
11 July
Welcome to Finextra. We use cookies to help us to deliver our services. You may change your preferences at our Cookie Centre.
Please read our Privacy Policy.