Close to 75% of Point of Sale merchants in the U.S. either aren’t ready or aren’t aware of the switch to EMV, which will be happening on October, 1st. To hackers and fraudsters, this is possibly the best news in a long time!
Since EMV cards are almost impossible to penetrate, hackers will eventually turn to e-commerce stores. It’s nothing new. The same thing was witnessed in the 90s and early on in the millennium in Europe when e-commerce was just finding its foot there. Then more recently, we saw the same thing in Canada as the country moved from the magnetic stripe cards to EMV. When hackers discovered that they couldn’t penetrate EMV, they turned to e-commerce businesses.
And, if you think that having learned from the Europe disaster and most recently the Canadian affair that Americans may be better equipped to deal with possible threats, think twice. In fact, some experts warn that the consequences could be far worse.
In both cases, and particularly the Canadian debacle, a common threat was the “card-not-present” (CNP) fraud. Merchants trying to process cards would receive the CNP message even if a card were indeed present. It caused massive outrage and the economy suffered for several weeks.
Experts predict that the same trend could be observed in the U.S. post October, 1st. “I think it will be worse,” says Ed Black, a director of business compliance and PCI at Comodo. “With only 25% of the merchant population aware of the EMV switch, it could be a disaster.” He cites a recent Verizon report which indicates that only 29% of American merchants bother to stay PCI compliant within a year of attestation, saying that all these statistics point to a very gloomy future for merchants.
- Upgrade operating systems – hackers are known to prey on users of older operating systems such as Windows XP. XP no longer keeps up with security upgrades and hackers won’t waste time in exploiting such weaknesses.
- Quarterly PCI Scans and penetration testing – PCI scanning costs less that $100 per year and penetration testing can cost upwards of $7,000 per year. If you think they’re necessary, you need to invest in the two.
- Invest in TLS certificates – it’s also important to upgrade from SSL to TLS 1.2 to better protect your computer systems.