Page 43 - GS140301
P. 43
ChapterTitleCoverStory
Ratcheting rhetoric
In an open letter published by CNBC.
com on Jan. 30, Chris McWilliams, "I think everybody recognizes now that damage to
President of North American Markets the brand can be a lot worse than financial damage."
at MasterCard, took banks, merchants – George Peabody, Glenbrook Partners LLC
and others to task for "posturing and
finger pointing" over recent data
breaches and EMV migration. "[N]ow
is the time to migrate to EMV in the In fact, most experts expect CNP fraud to skyrocket after the U.S. migration to
U.S.," McWilliams wrote. EMV. "We've seen this trend," said Anush Amiryants, Executive Vice President
at Signature Card Services, headquartered in Los Angeles. "It's been the same
MasterCard Chief Executive Officer every place EMV has been deployed."
Ajay Banga echoed those comments
the next day during an earnings call. To protect against that outcome, Signature and other ISOs are encouraging
According to a transcript of the call, online merchants to implement additional security with tools like 3D Secure
he said, "We've got to get ahead of (previously known as Verified by Visa). MasterCard, JCB International and
this going forward. Otherwise you're American Express Co. also have adopted 3D Secure (under their own names,
going to have this keep coming. The for example, MasterCard Secure Code and J/Secure). "For now this is the only
more often it happens the worse it solution available as an additional security layer for online transactions,"
feels." Amiryants said.
Visa CEO Charlie Scharf delivered Meanwhile, the push is on to get EMV terminals into millions of brick-and-
a similar message during that mortar stores that are using outdated hardware – essentially any terminals
company's Jan. 30 earnings call. Recent installed before 2007, when EMV devices started rolling off production lines.
high-profile card data breaches (like Some ISOs and acquirers are giving away EMV-compliant terminals, concluding
those involving the retailers Target that the liability costs far outweigh the cost of the devices. "But there are many
Corp. and Michaels Stores) have been ISOs out there who can't afford to do that," Amiryants noted.
"terribly unfortunate" and should be
taken as a wake-up call, Scharf said.
He then added, "Visa is committed
to ensuring our network operates at
the highest level of security available
and will continue to move the
industry toward the adoption of new
safeguards, including EMV chip and
tokenization."
George Peabody, Senior Director at
Glenbrook Partners LLC, said he's
not surprised by the rhetoric over
EMV, or that it has found its way to
corporate boardrooms. "It's amazing,
really, how the reputational costs of
prior breaches, although significant,
have not reverberated across the
culture in a big way," Peabody said.
"I think everybody recognizes now
that damage to the brand can be a lot
worse than financial damage."
Shifting fraud to CNP?
EMV, however, is no silver bullet.
"There needs to be a change, and
EMV is certainly a strong way to
address one particularly pernicious
type of attack," namely data breaches,
Peabody said. But it isn't effective
when the merchant being breached
operates in a card-not-present
environment.
43
43
Ratcheting rhetoric
In an open letter published by CNBC.
com on Jan. 30, Chris McWilliams, "I think everybody recognizes now that damage to
President of North American Markets the brand can be a lot worse than financial damage."
at MasterCard, took banks, merchants – George Peabody, Glenbrook Partners LLC
and others to task for "posturing and
finger pointing" over recent data
breaches and EMV migration. "[N]ow
is the time to migrate to EMV in the In fact, most experts expect CNP fraud to skyrocket after the U.S. migration to
U.S.," McWilliams wrote. EMV. "We've seen this trend," said Anush Amiryants, Executive Vice President
at Signature Card Services, headquartered in Los Angeles. "It's been the same
MasterCard Chief Executive Officer every place EMV has been deployed."
Ajay Banga echoed those comments
the next day during an earnings call. To protect against that outcome, Signature and other ISOs are encouraging
According to a transcript of the call, online merchants to implement additional security with tools like 3D Secure
he said, "We've got to get ahead of (previously known as Verified by Visa). MasterCard, JCB International and
this going forward. Otherwise you're American Express Co. also have adopted 3D Secure (under their own names,
going to have this keep coming. The for example, MasterCard Secure Code and J/Secure). "For now this is the only
more often it happens the worse it solution available as an additional security layer for online transactions,"
feels." Amiryants said.
Visa CEO Charlie Scharf delivered Meanwhile, the push is on to get EMV terminals into millions of brick-and-
a similar message during that mortar stores that are using outdated hardware – essentially any terminals
company's Jan. 30 earnings call. Recent installed before 2007, when EMV devices started rolling off production lines.
high-profile card data breaches (like Some ISOs and acquirers are giving away EMV-compliant terminals, concluding
those involving the retailers Target that the liability costs far outweigh the cost of the devices. "But there are many
Corp. and Michaels Stores) have been ISOs out there who can't afford to do that," Amiryants noted.
"terribly unfortunate" and should be
taken as a wake-up call, Scharf said.
He then added, "Visa is committed
to ensuring our network operates at
the highest level of security available
and will continue to move the
industry toward the adoption of new
safeguards, including EMV chip and
tokenization."
George Peabody, Senior Director at
Glenbrook Partners LLC, said he's
not surprised by the rhetoric over
EMV, or that it has found its way to
corporate boardrooms. "It's amazing,
really, how the reputational costs of
prior breaches, although significant,
have not reverberated across the
culture in a big way," Peabody said.
"I think everybody recognizes now
that damage to the brand can be a lot
worse than financial damage."
Shifting fraud to CNP?
EMV, however, is no silver bullet.
"There needs to be a change, and
EMV is certainly a strong way to
address one particularly pernicious
type of attack," namely data breaches,
Peabody said. But it isn't effective
when the merchant being breached
operates in a card-not-present
environment.
43
43
