As the number of electronic transactions grow, so do the opportunities for cybercriminals to steal money. As a merchant, you need to provide the best payment security possible, so your customers don’t have to worry about their data. As a customer, you need to be aware of the threats against you – and the technological advances that help combat them.
From the cardboard and celluloid cards pre-1958 to the biometrics, geolocation and tokenization security of today, the merchant services industry has been evolving in the security department since the very beginning. Here are some of the important aspects of payment security and how they’ve developed over the years.
PCI Compliance refers to the security standards established by the Payment Card Industry Security Standards Council in 2006, and they’re an important indicator of security status today. These standards were created to ensure that anyone who processes, transmits or maintains payment data has proper security in place. PCI standards are frequently adapted, and they differentiate security measures for merchants based on both the volume and type of transactions they process. In other words, PCI compliance is both very important, and very confusing.
In 1958, the first plastic payment card was created. By the 1970s, we’d seen the addition of tamper-resistant signature panels, microprint security, and card embossing designed to protect card carriers from nefarious counterfeiters.
Electronic security found its stride in the mid-80s with the development of risk scoring and real-time electronic authorization designed to protect against fraud. In the 90s, we saw the addition of the CVV security code for magnetic stripes, and the first inklings of EMV chip card technology. EMV chips were added into payment cards because of the greater payment security it offers, plus its resilience against “skim” scams compared to magnetic strips. Chip technology also uses encryption and tokenization to further protect against theft. In fact, the Department of Justice estimates that 86 percent of identity theft cases originate with existing account information. This information is protected by EMV chips in the case of a breach.
Speaking of breaches – some major ones took place in the 2000s. In 2003, it was the DPI data breach that saw eight million card accounts compromised. In 2005, CardSystems Solutions was breached; 40 million cards were compromised. In 2010, ALDI debit card accounts and pins were stolen from nearly 1,100 grocery stores, and the following year Michaels was breached for the first of three times in three years, potentially compromising PINs and three million payment card accounts. In 2013, Target was breached with 40 million payment card accounts stolen and an estimated industry cost of $248 million.
This is all to say that, as security tech advances, so do the threats they protect against. This digital arms race continues today, as we shift away from static solutions to dynamic, more resilient technology.
The Future of Payment Security
The payment card industry projected $31.3 billion in global card losses to security threats in 2018. Another study found that retailers stand to lose some $130 billion in fraud between 2018 and 2023. No matter which way you look at it, financial institutions across the globe must push to be more innovative than the fraudsters if they want to keep their – and your – money safe.
Some of those innovations include tokenization, biometric data, geolocation, improved chip tech, and an ever-increasing base of data analytics. In fact, the technology is becoming so impressive that tech-wizard hackers are no longer the only major threat in day-to-day fraud. Instead, it’s the social hackers using card-not-present scams that have begun to take advantage of less tech-savvy audiences – and retailers are ill-prepared to fight it.
The faster we connect, digitize, and innovate our daily transactions, the more risks are introduced. The payment security landscape is akin to the Wild West, and it is more important today than ever before to make sure your electronic payment processing environment is as secure as it can be.
Thankfully, security is a deterrent to fraudsters in itself. Hackers tend to search for low-risk, high-reward options. Much like keeping your Point-of-Sale terminal under lock and key when it’s not in use, adequate payment processing security is usually enough to make your accounts unattractive targets. After all, you can’t get breached if no one is willing to try!