July 1, 2015 •
You are probably aware that chip cards (EMV) will ultimately replace magnetic stripe cards. You are also likely aware that if your business accepts credit cards then you must be able to accept EMV cards by October, 2015, or you may have to pay the cost of fraudulent transactions in addition to fines and fees should your business suffer a breach.
You may have heard that EMV is a safer technology, which is why the banks and card brands want you to use it.
Think of security technologies as those that protect data at rest or in transit. Tokenization and Point to Point Encryption are two great examples of this.
Tokenization: This process replaces a credit card number with a “token” that can then be stored and used later, for example when a guest checks out of a hotel. Now, if someone steals that token, they really can’t use it. This technology secures the credit card number primarily when it is at rest.
Point to Point Encryption (P2PE): This process encrypts a credit card number so that it can only be deciphered by someone who has the proper "key," and it is encrypted from the point of swipe all the way to the card processor, who has the key. If someone steals an encrypted number, unless they have the key, the number can’t be used. This technology secures the credit card number when it is moving from the point of sale (POS) to the payment processor.
EMV is a fraud prevention technology. If someone steals a credit card number, they cannot then use that number to manufacture a fraudulent EMV card. In other words, the EMV technology ensures that the card being presented is not a fraudulent card.
EMV is therefore not a security technology: