Protecting your identity one swipe at a time!
This summer’s latest blockbuster movie? No, but EMV and PCI are definitely creating excitement for companies that uses credit card readers or support the industry.
Something many people know. The new chip enabled credit cards in your wallet are a result of EMV (EuroPay, MasterCard, Visa). Much of world outside the US, implemented the technology several years ago and it is now hitting the US. EMV is the standard designed to prevent the use of fraudulent credit cards during face to face transactions. EMV authenticates the card for each transaction by using advanced cryptographic keys within the chip on the credit card. EMV focuses on credit card security.
Something many people did not consider. If the credit card operates on a new standard, so must the credit card reader and that is where things get exciting. Making tens of millions of credit cards is one expense. Making millions of new card readers is an entirely different challenge with much larger expense. ATMS, gas pumps, POS terminals, hand-held readers and so on, they all require new card readers in order to be EMV compliant. The business owner must purchase and install EMV qualified card readers or else they are potentially liable for charges made on fraudulent cards. In many cases, a new card reader means an entirely new piece of equipment; often expensive equipment.
Something many people did not know. EMV implantation dates recently changed, extending the date from 2017 to 2020, to give businesses additional time for implementation. This change impacted the entire supply chain. Companies once running extra shifts to keep pace with the initial implementation schedule are now scaling back as demand drops.
Something only crooks and engineers think about. What about preventing the data from being stolen in the first place? This is where PCI (Payment Card Industry) comes into the picture. PCI Security Standards protect credit card data (personal data) from getting stolen from a card reader. The new card reader protects against using fraudulent cards and must also protect against card data being stolen directly from the device. The PCI standard covers data encryption as well as tamper and intrusion safeguards. PCI focuses on data security.
Something fine from Xymox. The printed circuit shown below looks simple (and cool with the blue top coat), but is actually a complex, technology leading security device containing three distinct features protecting the card reader against tamper and intrusion. Metal domes spring open to deactivate the device if the cover is opened, one layer of fine line printed circuitry specifically designed to permanently fail if the security circuit is removed from the device and a second layer of fine line printed circuitry designed to permanently fail if penetrated by an object.
p.s. – The recent news regarding the theft of personal data from large corporations were a result of security breaches on corporate computer systems. EMV and PCI protect your data before it is transferred to corporate networks. Think of EMV and PCI acting like the perfect mail box keeping your mail safe until the point the mail is removed. At that point, it is up to you to make sure it makes it to the house and then to the recycle bin. With EMV and PCI compliant cards and devices, the card data is safe to the point where the data leaves the card reader and moves to the business’s computer system. Typically this is the network or USB connection on the reader and at which point many other systems and standards help protect the data.
Security with each swipe!