CONTINUE TO SITE »
or wait 15 seconds

Article

EMV, encryption and tokenization: the payment fraud 'holy trinity'

Taken together, these three key pieces of security technology can ensure that the good guys continue to stay one step ahead of the fraudsters.

Sverd i fjell ('Swords in Rock') monument, Hafrsfjord fjord, Norway

December 4, 2014

Taken together, these three key pieces of security technology can ensure that the good guys continue to stay one step ahead of the fraudsters.

by David Divitt, product marketing manager, Alaric Systems Ltd.

As more payments are made electronically, the market for criminals widens and becomes increasingly attractive. In this environment we are relying on just a handful of ways to keep our financial details safe. Central to this are three key pieces of security technology, the payments 'holy trinity,' that taken together, can ensure that the good guys continue to stay one step ahead of the fraudsters.

The three technologies are EMV, encryption and tokenization. An in-depth study from the Smart Card Alliance looks at all three and how they work in tandem to secure card payments.

EMV

Chip technology has revolutionized payment cards and is widely used in most places around the world. Figures from EMVCo show around 2.3 billion EMV chip cards have been issued globally since 1996 and 36.9 million point-of-sale terminals now accept EMV chip cards.

The key benefit of EMV is effectively stamping out counterfeiting — the secure chip means cloning cards to use in a face-to-face environment is virtually impossible. The Smart Card Alliance report notes that EMV "improves the security of a payment transaction by providing cryptographic card authentication that protects the merchant and issuer against the acceptance of counterfeit card."

Of course, there are other benefits from being able to securely store data on a card. For example, with EMV it's possible to define flexible cardholder verification; while it also offers improved card authentication methods that rely on "dynamic data and strong cryptographic techniques."

EMV adoption in the U.S. is discussed in the study, and while some have questioned the longevity of the standard, the Smart Card Alliance authors are in no doubt that it will continue to be the basis for payment card security for many years.

"While the core EMV specification is over 20 years old, it is continuously updated to counter new security threats and provides a proven global platform for secure payment card transactions well into the future," they write, adding that continual improvements to circuit technology means EMV can evolve as required.

Encryption

Effectively this approach eliminates the opportunity for a criminal to derive value from stolen card data.

There are two approaches to encryption commonly used in the payments sector. First, end-to- end encryption, where the cardholder data is encrypted at the point of entry — e.g., when the card is swiped and decrypted at the intended recipient end.  The other version is point-to-point encryption, in which the data is decrypted at each stop in the payments cycle – merchant to processor, processor to issuer, issuer to merchant.

Tokenization

Tokenization is a hot topic right now as industry players look at developing an interoperable global standard. EMVCo, PCI SSC and The Clearing House are all investigating its potential and working on standards.

It means replacing sensitive card data with 'tokens' that are completely useless to a fraudster. In most cases we are talking about the payment card primary account number being replaced with a random code, or token.

"Tokenization is one approach that can be used to safeguard payment credentials from being stolen and used for fraudulent transactions. Merchants using tokenization may be able to reduce the scope of a PCI DSS assessment," explains the Smart Card Alliance study. Tokens can be single use or multi-use; stored and managed in the cloud, in a token vault, or at a merchant location.

The key benefit is to limit losses from a data breach by reducing the value of the information that is compromised. Instead of millions of PANs being stored in retailers' systems, all that the fraudster can harvest are random tokens.

All for one and one for all

The report concludes:

EMV provides strong card authentication through the use of cryptograms to prevent counterfeit transactions. Encryption protects account numbers and other critical transaction elements that are sent through the payment system. Tokenization completes the protection of the payment card data by removing the PAN and expiration date from EMV chip, CNP and mobile transactions.

Taken together, these three technologies offer a good defense.

However, even these three security technologies aren't the answer to stopping all fraudulent transactions, and it is essential that financial institutions and others in the payments lifecycle invest in fraud detections systems that can look at each individual transaction and assess whether it is genuine or not. To protect against the criminals, a good fraud detection system remains an essential fourth component. To mix metaphors a bit, rather like the d'Artagnan to our valiant three musketeers.

This post appeared first on Industry News (news.alaric.com).

photo courtesy norwaylodging.com

Related Media

Security
Examining biggest ATM security issues and 4 strategies to prevent them
Security
Banking privacy: 5 benefits for banks, customers
Security
Protecting an ATM's hardware, software by slowing down criminals
On-Demand Webinar
A Masterclass in ATM Security: Global Best Practices and Trends
Presented by Diebold Nixdorf
Recent Posts
Bank of England softens tone on stablecoins, say they should be regulated
Ross, Pennsylvania Chase ATM set ablaze for alleged anti-government protest
4 strategies for Independent ATM Deployers
America First Credit Union to open 8 branches in Arizona
Bank of America to provide $12M for Hurricane Helene recovery


©2025 Networld Media Group, LLC. All rights reserved.
b'S1-NEW'