In my recent blog post, What’s Up with Credit Card Security?, I detailed some reasons why breaches in credit card security are becoming more prevalent. One key reason is that organizations have been resistant to changing standards for privacy protection. Many cards issued in the United States utilize legacy magnetic strips which can be easily forged. However in light of recent high-profile data breaches experienced by financial powerhouses such as JPMorgan Chase, U.S. banks are beginning to issue credit cards embedded with chip technology.
Prevalent in European commerce, the new credit cards, also referred to as EMV cards, contain a computer chip which looks like a small metallic square. It essentially holds the same information as a magnetic strip. However, unlike magnetic strip cards, every time an EMV card is used, it creates a unique transaction code on its chip which cannot be used again. Rather than providing a signature, EMV cards confirm the cardholder’s identity by requiring them to enter a personal identification number or PIN.
EMV cards can also support contactless card reading using Near Field Communication (NFC). Instead of swiping, the card, a cardholder only has to tap it against the credit card scanner which can pick up the data from the embedded chip. This is the same technology Apple is using with Apple Pay enabling the iPhone to make credit card transactions. The downside of this is that the equipment needed is very expensive. However, many retailers including Walgreens, Target, and Macy’s are already using NFC based contactless pay terminals. Even Android phones compatible with Google Wallet can also use these terminals. The convenience of using your mobile phone rather than a credit card is huge.
The biggest concern around NFC is security. However the mobile payment structure is very complex making hacking or intercepting very difficult. Another benefit of NFC is that the application can include security layers such as biometrics, which require fingerprints to be scanned in order to make a transaction. The use of NFC payment systems is already widespread in Asia. It’s not uncommon to see them in vending machines!
The world’s first fingerprint authenticated payment card was unveiled by MasterCard on October 17, following a partnership with Norwegian startup Zwipe. Similar to a mobile device, the Zwipe MasterCard is NFC-enabled. Its biometric fingerprint sensor makes it extremely difficult for hackers to steal credentials. The Zwipe card is the first card to combine NFC and biometric security, replaying PIN security on other NFC cards. An updated version for the 2015 Zwipe card will feature the added benefit of gathering power wirelessly from the payment terminals. MasterCard’s announcement came just days before the launch of Apple Pay, Apple’s mobile payment system that uses the Touch ID fingerprint sensors found on the latest iPhone and iPad models to verify transactions. Both technologies signal a broader shift towards the integration of biometrics to make payments both quicker and more secure for consumers.
Visiting the HOSTING blog often for the latest news and insights regarding credit card security. You can also contact the HOSTING team of security experts for help creating a custom security solution for your payment systems.