About Me

Basic Information

Gender
Male
Job Title
Information Security GRC Consultant

Business Information

Business Name
ISMS Consulting
Country
United Kingdom

Education

Experience

Other
-CISM
-CISSP
-ISO 27001 Lead Auditor
-ITIL v3
Who's Online
Leandro Malaquias
Leandro Malaquias
  • Karma
  • Member since
  • Tuesday, 31 August 2010 17:05
  • Profile views
  • 218 views
myblog

Community Feedback - to the question: Is EMV the answer to Payment Security?

 

Tapomoy Koley

Sr Associate - Projects at Cognizant Technology Solutions

 

Yes it seems so.

* The countries where EMV adoption is high the CNP fraud percentage share is increasing.

 

* The countries where EMV adoption is low is having more POS and ATM frauds.

 

Check out the European central bank press release and report:

a) http://www.ecb.europa.eu/press/pr/date/2014/html/pr140225.en.html

b) http://www.ecb.europa.eu/pub/pdf/other/cardfraudreport201402en.pdf?e50b929264594aabb07bba92a0a26b3f

Like (2) Reply privately Flag as inappropriate 4 days ago Stanislav P., Fernando Fonseca like this

 

 

Alexandre Augusto

Incident Manager at Tata Consultancy Services

 

Yes I think so, but about risk percentage and fraud, its depend of which country we are talking about. For example, In Brazil the levels of fraud is too high and in the other way the security controls is also too high with also high level EMV adoption

Like Reply privately Flag as inappropriate 4 days ago

 

 

Paul Watson

Payments Solutions and Financial Services Consultant

 

As Mr. Koley points out, EMV is certainly plugging a security hole. Is it THE answer? Obviously not, as CNP transaction volume continues to grow. But, just because it doesn't plug every hole, doesn't mean it shouldn't be implemented. It is a very big hole!

Like Reply privately Flag as inappropriate 4 days ago

 

 

Christian McMahon

Product Manager at Merchant Link

Top Contributor

 

I don't believe EMV is a security solution, it's more of a fraud prevention solution (two different ideas). I think EMV will work very well in retail and somewhat in restaurant, but not so well in Hospitality/lodging since there are so many card not present transactions (reservations, back office, web payments, etc..) Further, I am unsure how fast EMV will be adopted without government fiat. My hospitality customers are largely waiting to see how much it will cost, what behavioral changes Americans must buy into, and whether the fraud risk benefits outweigh their internal network support and hardware costs. I still think that EMV + other technologies (such as tokenization, encrypted devices, and single use cards) combined are truer security.

Like (4) Reply privately Flag as inappropriate 4 days ago Bill Poletti, Alexandre A. and 2 others like this

 

 

 

 

 

Tom Beck

Product Manager at TD Merchant Services

Top Contributor

 

If other countries are any indication, the answer is yes. But as other indicate, there are no "final" answers to payment security. It will always be a moving target.

Like (1) Reply privately Flag as inappropriate 4 days ago Ira C. likes this

 

 

Michael Hopewell

Senior Consultant, PCI QSA, PA-QSA

 

If based on statistics, I think EMV is useful technology to reduce the rate of fraud. With regards to information security then this revolves around people, process and technology. Because of this, I would say that EMV is not "THE" solution to payment security as often there is a vulnerability due to people and process.

Like (3) Reply privately Flag as inappropriate 4 days ago Erana R., Ira C. and 1 other like this

 

 

Abraham Motana

Software Development

 

If I applied and utilized in earnest, it is secure, however the processes to acquire a transaction is acted upon by people; from the developer on the card acquiring device, a operator in a merchant, people involved in keys management etc. at any of those stages processes could be compromised, then your payment security falls flat. I think the true value can be measured by the secure payments vs the fraudulent ones.

Like Reply privately Flag as inappropriate 4 days ago

 

 

John Miglautsch

For 30 years, growing both sales and profits. Catalog and eCommerce companies are my sweet spot

 

Looking at adoption in other countries, fraud does move away from card-present situations. But eCommerce and Catalog companies should be working now to improve their encryption from end to end. Historically the fraud moves to internet attacks. Most of the merchants I talk with are not preparing for 2015.

Like (2) Reply privately Flag as inappropriate 3 days ago Erana R., Bill Poletti like this

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Bill Poletti

Retired

 

As noted earlier, EMV does nothing to address fraud in the growing CNP channels. It only addresses the shrinking face2face transaction channels. Fraud WILL and IS migrating to CNP.

 

I recently read an article on the quiet development of quantum computing solutions. It does not seem very far off. Though this might seem a little off-topic, quantum computing will end encryption as we know it. That will render the estimated U$31 billion in infrastructure upgrades for EMV a total waste.

 

I might have a "glass half empty" view and attitude, but EMV has been sold as the complete security solution which is clearly isn't. It will reduce fraud in a shrinking face2face acceptance market but meets no long term growth acceptance channels. It just gives a false sense of security to the average and sub-average cardholder.

Like Reply privately Flag as inappropriate 3 days ago

 

 

Bill Poletti

Retired

 

We will see more of this as EMV rolls out.

 

http://www.itproportal.com/2014/07/04/brazilian-hackers-steal-up-to-375b-in-what-could-be-the-biggest-electronic-theft-in-history/

Like Reply privately Flag as inappropriate 3 days ago

 

 

Christian McMahon

Product Manager at Merchant Link

Top Contributor

 

So I've heard that the thieves migrate to the lowest hanging fruit (ie. from Europe, to Asia, to Canada and North America as each rolled out EMV) basically running to where EMV was not. I know they are not going to give up. They might focus more on card not present or will they double their efforts to try to crack the EMV magic. I've been trying to figure out what's the next "thing" after EMV? Obviously any technology will have to support mobile as it's growth in the payments space is on a tremendous upward track. Thoughts?

Like (1) Reply privately Flag as inappropriate 3 days ago Ira C. likes this

 

 

Parama Raj

at Planet Payment Inc

 

There is enough to be earned by fraud now from the earlier technologies. When the focus shifts to EMV, in my opinion there are sufficient opportunities in EMV to result in significant losses. Advances in electronics since the introduction of EMV will enable fraud to effectively compromise EMV and then create havoc. Implementations of CHIP and PIN might not be as secure as it appears to be. Take the example of the photo card, very quickly it was shown that the fraud reductions reported were skewed.

Like (2) Reply privately Flag as inappropriate 3 days ago Ira C., Bill Poletti like this

 

 

 

 

 

 

Enkelejda BALLIU (POPA), MSc

Banking Professional, Bank Card Management, Risk and Fraud Subject Matter Expert

 

Simple, No. EMV is the secure way for card present transactions always when is implemented correctly and combined with other measurements of preventing and/or detecting fraud. Yes, it is true the thieves have migrate they activity to non EMV countries. This because a cloned EMV card will be used through magstripe in a non EMV environement which is a pure magstripe transaction as the CHIP will not be read ( the cloned card will not have a chip so will be swiped or entered in ATM). This is the traditional way for them to secure fast cash. The criminals today aim to steel big data through data breaches, This is the fraud biggest trend. They will try to use them mostly in non EMV environemet. So it is important that the industry to implement unified security measures globally and imlementimg EMV in non EMV countries now is a must. If we cut the source of usage of the stolen data for me is crucial to prevent the data breaches. EMV helps a lot.

Like (1) Reply privately Flag as inappropriate 3 days ago Ira C. likes this

 

 

Bill Poletti

Retired

 

And even AFTER the US implements EMV, there is still a huge non-EMV environment that will be exploited in CNP. EMV is ONLY effective in card present and only for a limited time. When quantum computing is developed, EMV will no longer be an effective tool against fraud. The Brazillian fraud case is an example of what will happen because cardholders will become complacent. After all, EMV has been sold as the complete security solution for bankcard.

Like Reply privately Flag as inappropriate 3 days ago

 

 

Bill Poletti

Retired

 

Parama - For 18 years, almost to the day, I have been pointing out that EMV is not the total solution. By 2000, it was obvious that the industry should not pursue EMV because of the booming e-commerce CNP growth. Retail face2face is shrinking by comparison. Now, EMV is being implemented globally and card fraud is starting to migrate to the path of least resistance. Everybody is pushing EMV, but ignoring CNP exploding fraud.

Like Reply privately Flag as inappropriate 3 days ago

 

 

Gary Smythe

President and Co-founder at Catalyst Card Company

 

It seems to me that the decision has already been made and that EMV migration has begun. The discussions regarding whether or not we should pursue this technology in the US are moot. Let's all work together to make the transition as successful and secure as possible, and let's tackle CNP to improve the entire environment. In other words, let's move on.

Like (3) Reply privately Flag as inappropriate 3 days ago Enkelejda BALLIU (POPA), MSc, Ira C. and 1 other like this

 

 

 

 

 

 

 

Bill Poletti

Retired

 

Oh, the decision has been made. The marketers, consultant and vendors have sold it to the world. The lawyers will take over when it doesn't work as predicted.

Like Reply privately Flag as inappropriate 3 days ago

 

 

Tom Beck

Product Manager at TD Merchant Services

Top Contributor

41 days ago

myblog

JP Morgan are looking to hire for several positions within the Global Strategy and Infrastructure Compliance team.

259 days ago
friends
Cinthia Pilar and Thiruvadinathan A are now friends
421 days ago
myblog

We are pleased to announce the grand opening of the GRC Marketplace!

The IT GRC Forum an online resource and networking platform for the Governance, Risk Management and Compliance (GRC) Community.

  • Reach key decision-makers with responsibility in purchasing GRC products & services.
  • Activate your complimentary listing, and increase your company's exposure to our buyers
Activate your free listing here

453 days ago
myblog

JAZD, the leader in online B2B directory service platforms, and Executive IT Forums Inc., publisher of ITGRCForum.com, announced today their new online Governance, Risk Management, and Compliance industry marketplace, GRCMarketplace, is now live and open to buyers here.

GRCMarketplace, powered by the JAZD directory platform, delivers complete listings of companies and products, deep industry content, user ratings & reviews, geographical search, side-by-side product comparisons, videos, webinars, downloadable product specifications, pricing and marketing literature, along with an array of social tools for users to share information and network with peers. This infrastructure combined with highly-engaged suppliers and buyers provides a new, more effective directory experience for the GRC industry.

"The launch of the GRCMarketplace is a perfect extension of the ITGRCForum," said Jamie Bedard, Founder and CEO at JAZD. "Working with Executive IT Forums Inc, we are able to provide their audience a full range of research, purchasing, education and networking tools."

463 days ago
friends
Cinthia Pilar and Mauricio Mule are now friends
496 days ago
friends
Cinthia Pilar and Keith Swanson are now friends
532 days ago
events
538 days ago
events
  • Join GSMI in Boston, MA on April 9-11, 2013 for the 8th installment of the Governance, Risk Management and Compliance Summit and save 15% with the d ...
538 days ago
friends
Cinthia Pilar and Chris Cruthirds are now friends
545 days ago
friends
Cinthia Pilar and Wasim Malik are now friends
560 days ago