KEY POINTS

  • The US has a huge problem with credit-card fraud. In 2014, fraud cost US retailers $32 billion, about half of which was perpetrated using compromised payment-card accounts. To help solve this problem, card networks are pushing merchants to upgrade to EMV security, which is standard throughout other parts of the world.
  • EMV cards carry an embedded microchip for added security. The microchip carries out real-time risk assessments on a person's card purchase activity based on the card user's profile. The chip also generates dynamic cryptograms when the card is inserted into a payment terminal. Because these cryptograms change with every purchase, it makes it difficult for fraudsters to make counterfeit cards that can be used for in-store transactions.
  • EMV will mitigate in-store fraud, but will also cause more fraud to move to online channels. When fraud becomes more difficult to perpetrate in stores, fraudsters will increase their focus on online merchants. Online transactions include a CVV number in addition to the card number, expiration data, and other sensitive information. If this data is stolen it can be used to complete fraudulent transactions online.
  • To bolster security throughout the payments chain, encryption is becoming an increasingly popular security protocol. Encryption degrades valuable data by using an algorithm to translate card numbers into new values.
  • Point-to-point encryption is the most tightly defined form of payments encryption. In this scheme, sensitive payment data is encrypted from the point of capture at the payments terminal all the way through to the gateway or acquirer. This makes it much more difficult for fraudsters to harvest usable data from transactions in stores and online.
  • Tokenization increases the security of transactions made online and in stores. Tokenization schemes assign a random value to payment data, making it effectively impossible for hackers to access the sensitive data from the token itself. Tokens are often "multiuse," meaning merchants can store them in their systems for subsequent transactions and not force consumers to re-enter their payment details. Apple Pay uses an emerging form of tokenization that allows consumers to make purchases across merchants with a single token. 
  • 3D Secure is an imperfect answer to user authentication online. One difficulty in fighting online fraud is that it is hard to tell whether the person using card data is actually the cardholder. 3D [...]