Online marketing has become a crucial component of major businesses and corporations nowadays, and that opened a wide door for attackers. To increase security of online banking and reduce credit card fraud, the Payment Card Industry Security Standards Council defined and mandated a series of basic security practices for organizations that handle branded credit cards. Compliance is verified each year by a self-assessment or an external audit. Among the requirements is that card data must be encrypted when transmitted over public networks. The standard introduced is a global industry initiative that, while not exhaustive, enhances security and security awareness and has denied attackers a one-stop-shopping opportunity for consumer credit card data. It’s made it harder for attackers to steal consumer financial and identity data, and it’s been a major enabler of Internet commerce.
Still, consumers of the banking industry were at risk of credit card fraud or damage from lost cards and copied card stripe information. Accordingly, to reduce the impact of these risks, Europay, MasterCard, and Visa (EMV) credit card standards now require card data to be stored in a chip embedded in the card rather than a magnetic stripe. And they must be validated by a user personal identification number (PIN) rather than a signature, providing two-factor authentication. While there were many early deployments, liability shift (from banks to merchants) didn’t occur in the United States and European Union until 2015.
Chip and PIN technology makes it more difficult for attackers to clone cards. And while it improves security at the point of sale, card-not-present (CNP) transactions—including online payments—receive less protection. As a result, development continues on software solutions that replace the standard, static PIN with a dynamically generated code for online transactions. Such innovations keep hackers searching for ways to break the new systems, and it increases their cost of doing business. But it also offers them more opportunity, because stolen chip-and-PIN-card data is more valuable in cybercrime markets.
While these innovations attempt to enhance the world we live in today, every advancement is dynamic and involves multiple benefits as well as risks. Businesses must be intelligent in choosing the right, affordable and effective security defense mechanisms to facilitate their continuity and growth.