By : Andy Sirmon
May 07, 2015 02:27 PM
Earlier in this series we debunked the myth that EMV is a requirement for complying with PCI Data Security Standards. So while EMV is not a requirement for PCI compliance, can its chip card technology protect cardholder data enough so that businesses don’t need to worry about enacting other data security measures? The answer would be no.
MYTH #7: You don’t need to worry about PCI Data Security Requirements if you use EMV.
While EMV can be one component to your overall data security strategy, it should not be the only component. If it were, you could still run the risk of exposing vulnerable customer card data to potential hackers. It’s important to emphasize a point made in an earlier blog post: while EMV uses technology that authenticates that a card is valid and belongs to the person using it, PCI Data Security Standards involve a broader set of data security controls that protect cardholder data through the entire payment transaction process.
Industry experts agree that EMV alone is not enough to secure payment transactions that flow throughout your business. In a survey conducted by Experian of IT and risk-management executives, 59 percent of respondents believe that chip cards are an important part of their payments strategy, but only 53 percent of respondents believe that EMV will decrease or significantly decrease the risk of a breach. In other words, hackers will still be targeting businesses even after October 1, 2015, the date of the EMV liability shift. EMV technology will make it much harder for criminals to profit from any credit card data they steal, but it will not prevent those security breaches from occurring. The payment network needs more protection than what EMV offers.
According to the 2014 Trustwave Global Security Report, 18% of electronic payment system attacks in 2014 targeted food and beverage establishments. For that very reason, it is important to protect your restaurant and your customers’ card data not only from fraudulent card use, but also from any data security threat. Adhering to PCI Data Security requirements, regardless of whether or not you choose to implement EMV, will help ensure your business stays secure.
The takeaway: It is important to comply with PCI Data Security requirements even if you implement EMV. Although EMV utilizes technology that improves the security of processing credit card transactions, it does not remove your requirement to comply with the Payment Card Industry Data Security Standard in order to protect your entire payment network.
For more information on EMV and PCI Security Standards and how they work together, view this comparison piece on how they offer a layered approach in increasing security and reducing fraud.