Friday, August 5, 2016

Purported EMV Flaw

You've no doubt seen the news stories about hackers discovering an alleged flaw that allows EMV chips to be compromised.  I don't believe this is cause for much alarm.  The stories I've read indicate that the mag stripe on a card can be re-written to effectively turn off the chip.  I'm sure this is possible, but it would require physical possession of the card.  Ideally, your fraud detection, combined with the customer hopefully reporting a lost or stolen card, would serve to protect you.  In addition, the bulk of the story seems to be about merchants not encrypting transactions, chip or otherwise.  That is a very different matter - and you would think that merchants would have learned from the Target breach that encryption is important.

So let's keep our heads straight, and continue to deploy good fraud technology, including the feature that allows customers to temporarily disable a misplaced card - while we plan for partial or full EMV implementation down the road.  Meanwhile, a good dose of employee and customer education about card fraud and safety is probably in order.  You may get calls about this perceived EMV flaw.  Make sure you are ready to respond.

Remember - you control the message or the message will control you.