Verizon NRF Panel: EMV Alone Is Not Enough
By Bernadette Wilson, Integrated Solutions For Retailers
With the October 1, 2015 date fast approaching when liability for fraudulent card transactions will shift to merchants without EMV-enabled systems, it’s of little surprise that EMV was one of the topics at the panel discussion on securing mobile and retail payments hosted by Verizon Enterprise Solutions at the NRF Big Show 2015.
Michele Dupre, Verizon VP of retail and hospitality, moderated the panel comprised of Roldophe Simonetti, managing director of compliance consulting at Verizon Enterprise Solutions, Greg Buzek, founder and president of IHL Group, and Marianne Johnson, EVP and global head of products and innovation at Elavon.
Dupre asked Simonetti for his perspective on EMV because he moved to the U.S. from France a year ago and witnessed the transition to this form of payment in Europe. “Is it really safe and secure, and is it going to give consumers a level of security?” Dupre asked.
Simonetti said EMV was deployed in many countries in Europe more than 15 years ago and is effective in reducing fraud at the point of sale. He comments, however, “EMV is important, but it’s securing one of the many channels we can use to process payment.” He adds that EMV in combination with PCI compliance is a good way to improve security.
Johnson agrees that EMV provides a layer of protection, but she points out it also has acted as a catalyst to bring security to the forefront. She says businesses are “having to look at tokenization or having to look at encryption. We’re looking at all of those things at one time. If [businesses are] going to make that big of a change or an investment, they need to look at it holistically. It’s been a good catalyst, not only from a security standpoint but just really bringing capabilities to the market.”
Buzek adds, ”I agree with both of them, in the sense that it’s part of a solution, but it’s not the solution … The issue with EMV is it doesn’t solve what we all do. Mobile transactions were up over 50 percent on Black Friday. EMV doesn’t help on a mobile transaction. It does not help an online transaction.”
“EMV, to me, is trying to solve a problem from ten years ago. It would not solve a breach. None of these breaches would be solved if we were EMV compliant,” Buzek adds, “I think it’s going to drive more people online. It’s going to drive the bad guys online, which is really what’s happened in Europe.” He says because of the October deadline, however, it’s where a lot of budgets are allocated this year.
Simonetti added a challenge is to have a good balance of managing standards and leveraging technology, such as tokenization and encryption, to make sure systems are secure. “Everything should be about supporting the business, and sometimes we just try to make things compliant and secure … Making sure first that we focus on the business and what we really need is important, because too many times, I see companies that are trying to secure credit card data they don’t even need to store.”
Johnson says, as technology use in the space continues to evolve, the need is arising for an opportunity to share information to comprehensively address security threats: to facilitate “credible, knowledgeable data sharing around what’s happening and how those threats are evolving.”