Preparing for the Migration of Fraud

Fraud , Payments Fraud

EMV Migration Forum's Vanderhoof on the Need for Multichannel Fraud Prevention

To fight the growth of payment card fraud, retailers need to address fraud prevention from a multichannel perspective.

See Also: Rethinking Endpoint Security

EMV, while critical for reducing card-present fraud at the physical point-of-sale, does not address card-not-present fraud online, says Randy Vanderhoof, executive director of the EMV Migration Forum, a cross-industry body focused on supporting EMV chip implementation technology and processes in the U.S.

Thus, Vanderhoof says EMV, on its own, is not enough. "You really have to look at fraud mitigation as a full system," Vanderhoof says during this video interview at Information Security Media Group's recent Fraud and Data Breach Summit in San Francisco. "So it's not just about the card-present fraud, using the physical cards at the retail point-of-sale; it's also about protecting the other channels where fraud is likely to migrate."

Vanderhoof points to Target, which suffered a massive data breach in late 2013, as an example of a retailer that's now taking a multichannel approach to fraud prevention.

As Target upgraded its POS terminals for EMV chip card acceptance, it also invested in tokenization and end-to-end encryption to help shore up security for its online, e-commerce transactions, Vanderhoof says.

"It's really a suite of security measures that are needed in order to protect payments systems today," Vanderhoof says. "And so the smart retailers, when they realized that they were going to have to do some major structural changes to their payments systems, decided, 'Let's look at this from a broader perspective, and not just do the minimum to support card-present fraud with EMV."

The goal for larger retailers has been to address data security from a "systemwide approach," he adds.

"We need to protect the data that's going to stay in the system before all of the EMV chip cards have migrated into the market ... to make sure that all of the data is protected," Vanderhoof says. "Retailers need to] look at it from a systemwide approach of card-present, card-not-present, and managing the data that's at rest and in motion in their environment."

During this video interview, Vanderhoof also discusses:

Why the debate over chip-and-PIN versus chip-and-signature still continues; How fraud is expected to continue migrating in the wake of EMV rollouts; and Work the EMV Migration Forum is doing to ensure that retailers of all sizes are considering security across all sales channels as they upgrade to EMV.

In addition to serving as director of the EMV Migration Forum, Vanderhoof is executive director of the Smart Card Alliance, a multi-industry association of more than 180 member firms working to accelerate the widespread acceptance of smart card technology.