President Obama has signed an executive order to accelerate the adoption of EMV (chip-and-PIN) cards in the United States ahead of the planned October 2015 transition timeline. The White House said that Home Depot, Target, Walgreens, and Walmart promised to start activating EMV-compatible terminals by January 2015. American Express and Visa have also pledged to work with small business owners and consumers to help them understand the changes that will occur.
The president’s “Buy Secure” initiative is a powerful validation of the security challenges facing merchants, consumers, and financial institutions alike. Read the full media advisory here: http://www.whitehouse.gov/the-press-office/2014/10/17/fact-sheet-safeguarding-consumers-financial-security
The adoption of EMV cards is an important piece of a more comprehensive solution to the challenge of payment data security. EMV is designed to validate that a card and a cardholder are linked, but does not address the broader concern of securely transmitting payment data through a merchant’s point-of-sale system and network. Deploying EMV technology in conjunction with PCI security standards is the key to protecting consumers’ payment card data.
A Point-to-Point Encryption (P2PE) solution at the point-of-sale removes all cardholder data from the merchant’s environment. The PCI Security Standards Council has documented a rigorous set of controls that defines the procedures that a payment solution provider must adhere to, and in doing so, enables merchants to process payments securely while keeping their network environment completely out of scope for PCI security audits.
By the PCI council declaring and publishing a standard against which to validate solutions, there is now a technology standard that can completely secure a merchant’s payment infrastructure. With P2PE, transactions are entirely encrypted before they even enter the merchant’s location, essentially removing cardholder data from the merchant’s POS and network. For more about PCI-Validated P2PE, click here to download FreedomPay’s white paper by Chris Kronenthal, FreedomPay’s Chief Technology Officer and payment security authority.
The shift to EMV, along with P2PE, and emerging NFC solutions like Apple Pay and Google Wallet, are compelling merchants to make upgrades to their payments systems to deliver the security and convenience that consumers expect. So buyer beware: not all solutions are the same. There are any number of imposters making claims that cannot stand up to the unambiguous facts as stated by the PCI Council. Merchants should look to solutions that have been audited and validated to meet the rigorous standards set forth by the PCI Security Council, or face the fear, uncertainty and doubt of a solution that can only say “trust me,” and does not have the independent certification to back it up.