As more brick-and-mortar retailers transition to EMV chip-technology terminal devices for credit card and other card payments, fraudsters may turn their attention elsewhere: online purchases.
In other words, increased security in stores could shift the efforts of credit-card swindlers to online hacking.
It’s what occurred in the United Kingdom with respect to online purchases, also known as card-not-present transactions. The UK’s spike in online fraud occurred as EMV chip technology took hold a decade ago. (EMV is an acronym for Europay Mastercard Visa.)
So, even with innovative security upgrades, it’s understandable to expect that networks of criminals focusing primarily on physical credit card number and identity theft will find their way to wherever the information is easily available and less protected.
“Hackers have figured out how to crack security certificates,” said Tom Tesmer, chief operating officer of JetPay Payment Services based in Dallas, which has large clients, including Apple Pay.
This means HTTPS portions (the beginning) of certain URLs are not necessarily safe and protected. Hackers never stop evolving their knowledge since security efforts are continually adapted and increased on both ends of the transaction: the Web host and payment processor.
Tesmer referenced PCI compliance as another layer of ongoing security efforts to prevent online credit card theft. PCI stands for payment card industry, and DSS usually follows in its name, signifying data security standard.
PCI DSS requirements managed by the PCI Security Standards Council in Wakefield, Mass., are designed for businesses that have an online merchant identification for digital credit card transactions. Those with IDs have to keep up with these security measures, Tesmer noted.
Randy Vanderhoof is executive director of a nonprofit called Smart Card Alliance based in Princeton Junction, N.J., while also serving as the director of EMV Migration Forum, which is tied to the alliance.
“There are software services to subscribe to that look for fraud patterns at checkout,” Vanderhoof said of online purchases. “One example is that the person who has a card lives in Pennsylvania, but the IP [Internet protocol] address is showing that the transaction is from an eastern European country.”