<<

FACT SHEET

Why EMV Is Not Enough Protection

While EMV is a great solution to prevent and detect counterfeiting, it is limited in protecting card data from monetization. The following provides clarity as to EMV’s value proposition and how Heartland Secure™ —through E3 end-to-end and tokenization—protects EMV and magstripe cardholder data by taking clear text card data out of the transaction and the merchant’s ecosystem.

EMV Security Where EMV Is Lacking EMV’s payment security approach is With all the security needed to prevent The second consideration is the speed based on smartcard technology that counterfeiting and maintain cardholder of adoption of EMV by businesses in the adds dynamic security data to the integrity, EMV does not encrypt U.S. While the Liability Shift begins on transaction stream, rendering replay the cardholder account number or October 1, 2015, there is widespread of payment transactions impractical. discretionary data that hackers can disagreement as to the percentage of Additionally, every card contains its steal and monetize. While stolen EMV points of purchase that will be EMV- own microprocessor chip, making the card data cannot be used to create a enabled by that time. “By the end of cards nearly impossible to counterfeit. counterfeit magnetic stripe card, it can 2015, 70% of U.S. credit cards and 41% Using EMV improves the security of be used for card-not- transaction of U.S. debit cards will be EMV-enabled,” payment transactions in three areas: fraud such as e-Commerce. Merchants says Aite Group. Others think it will not § Dynamic card that experience a of EMV card happen so quickly. protects against counterfeit cards; data that is used fraudulently are liable In reality, countries and regions that for that misuse. have previously migrated to EMV did so § Cardholder verification using PIN Additionally, each EMV card issued in in time frames that were much longer authenticates the cardholder and the U.S. will carry a magnetic stripe than expected. Cost, value proposition protects against acceptance of lost that can be skimmed and used to for implementing EMV and complexity and stolen cards; and create a magnetic stripe card. While are among the reasons for the elongated § Transaction using that counterfeit card cannot be used rollout. One needs to consider that the issuer-defined rules to authorize at an EMV-enabled terminal or PIN pad, U.S. is the largest payments infrastructure it can be used at a non-EMV device and in the world. The Javelin Group suggests transactions reduces the chance processed successfully. that the cost of the U.S. EMV migration for transaction interception or will exceed $8 billion. It will take “man-in-the-middle” attacks. There are two other considerations. The frst is the fact that Visa, the largest card considerably more time beyond 2015 brand in the U.S., has stated that there for the U.S. to migrate. These two is no “sunset” date for magstripe. Why? considerations point to the magstripe Issuers do not want their cardholders to being with us for a very long time.

be without the ability to use their credit Continued card to make a purchase anywhere they go. Even European issuers, who were the frst to issue EMV cards, still put a magstripe on the cards they issue.

© 2015 Heartland Payment Systems, Inc. The Value of Heartland Secure — How Do End-to-End Encryption E3 End-to-End Encryption and and Tokenization Protect EMV Tokenization Transactions? Heartland Secure is a comprehensive Ofered to Heartland customers for E3 end-to-end encryption encrypts EMV card solution that combines no extra service fees, Heartland and magnetic stripe cardholder data, three powerful technologies, working Secure combines: making card data indiscernible as it together, to provide merchants with enters the payment cycle. In the event of § EMV electronic chip card technology the highest level of security available frewalls or breaches, to authenticate that a consumer’s to protect against card-present data hackers and criminals gain nothing of fraud. Featuring the only warranty of card is genuine; saleable value. Captured and encrypted its kind in the payments industry, this § Heartland’s end-to-end encryption card data cannot be used to make exclusive solution is designed to provide technology, which immediately counterfeit cards or fraudulent phone/ businesses with security against point- encrypts card data as it is entered mail/online purchases. of-sale (POS) intrusions, insider misuse so that no one else can read it; and Magnetic stripe and EMV transactions and other common sources of data are encrypted within the terminal’s § Tokenization technology, which fraud, by eliminating the opportunity tamper-resistant security module for criminals to monetize card data. replaces card data with “tokens” so the transactions and cardholder that can be used for returns and is sent encrypted through repeat purchases, but have no value the business’s network, over the , to outsiders. and to Heartland without being readable. Tokenization eliminates the need to refer to a customer card number for returns, voids, card on fle and recurring transactions. Both E3 and tokenization combine with EMV to provide optimal transactions.

Summary EMV leaves cardholder data exposed, resulting in the opportunity for hackers who have breached the business’s network and POS system to steal clear text EMV and magnetic stripe card data. The breached business will then incur fnes, assessments and additional PCI costs. Heartland Secure’s E3 end-to-end encryption and tokenization eliminate clear text card data from the transaction The certifed EMV device encrypts cardholder data and sends transaction request to and the merchant’s business, making Heartland for authorization. Heartland then replaces card data with a “token” and it impossible for hackers to steal and returns authorization—terminal passes response to POS system to fnish transaction. monetize card data.