Skip to content

Is EMV the Silver Bullet for Payment Security?

EMV Paypal Tweet

Recently, PayPal president David Marcus tweeted that his EMV chip enabled card was skimmed while in the United Kingdom. 

While I think it’s a stretch to insinuate that such a breach wouldn’t have happened if PayPal was accepted by the merchant, it does raise another point in the argument for EMV in the United States. It is more than likely the magnetic stripe portion of his card was compromised and info taken from those tracks (which Marcus himself later tweeted was the likely culprit), versus someone cracking the code within the embedded chip.  My guess would be these transactions were done via the U.S., where a plethora of EMV-enabled fraud comes to take advantage of the ever-vulnerable mag stripe system. 

For retailers, the recent Target breach has prompted a ramped up timeline on rolling out their own chip enabled smart cards, to the tune of $100 million (go ahead, do that Dr. Evil finger pose). This has pushed the fraud and EMV conversation to the forefront—from the desks of Fortune 500 CEOs, who are asking their internal staffs if they are protected against such a breach, to the Senate Judiciary Committee. When your CEO and the federal government start paying attention, it’s prudent for retailers to have a strategic plan in place for EMV implementation. 

EMV is not by itself a silver bullet against fraudulent activities, but crooks are going to look for chinks in the armor, and right now, that chink is mag stripe in the U.S. By not adopting the EMV standard that stretches the globe, the fraud is being shifted to other areas that are most vulnerable, like card not present transactions. Fraudsters are a resourceful bunch and stand to reinvent themselves as their methods are thwarted. Once EMV becomes a standard in the U.S., we’ll probably be looking at yet another method being used to crack the proverbial code. For retailers, bottom line is that EMV is one piece of the proverbial security puzzle, not the solution on its own.