Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • The Security Leadership Issue
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
Cybersecurity NewsRetail/Restaurants/Convenience

After the EMV Bubble Burst, 3 Problems Persist

By Seth Ruden Sr.
paymentcard
February 9, 2016

So, here we are, living in the “future”… many of us now finally have chip cards; the G20 nations are all in the post “liability-shift” world; we’re all expecting to be living in the new paradigm.

But it is fairly clear that not all is right in the world. There are still breaches, skimming and fraud, and in fact, they are just as bad as they have ever been…seemingly nothing has changed and depending on whom you listen to, it’s worse. To some degree, and depending on your perspective, this is pretty much the truth. With that, here are three reasons why the new playing field isn’t any better than the old one:

1.     If you’re a merchant, now the pain is in your world: Merchants woke up on October 1, 2015, and now everything is pushed off on them. Worse, the hacking didn’t slow, so now the merchants are targeted on one side by hackers and moreover, the fraud losses fall on them as well. Seems that this EMV thing has been the wrong move…you have to pay for the new technology and terminals, and you’re at even greater risk than you were before. If you’re a brick and mortar merchant, you still hear that POS systems are increasingly hacked, especially at restaurants and hotels. If you’re an eCommerce merchant, you’re hearing that fraud has migrated to your channel, and there is no fix yet. Both of these scenarios may appear to be materializing and perhaps as an indirect result, around a third of POS machines have been updated to EMV. It appears that there is no real incentive, as this is a lose-lose scenario. 

2.     If you’re a U.S. card issuer, you’re working as hard as ever and volumes are spiking: ATM fraud is worse than ever, fuel pumps are getting skimmed like it’s going out of style, pretty much because, well, it very well might be. New fraud types are popping up in volumes that keep teams fighting fires. It appears that while we scale our businesses, the fraudsters are scaling theirs just as fast, if not faster, and that it’s accelerating faster on their side. Compound that with the fact that the merchant EMV acceptance rate is fairly low, and it may appear to be that we’re stuck in neutral. All the re-issues of the magstripes in the world won’t change that.          

3.     If you’re a consumer or other industry watcher, you don’t know what’s happening or what might be the truth. You might be hearing that fraud is shifting, you might be hearing that there is more insecurity in the payments ecosystem, you might be perceiving that there is more friction or you are actually getting more alerts and/or unauthorized transactions passing by your radar. Either way, it appears that there is little good coming out of this and that we’re more or less under-realizing much in the way of any benefit of this conversion. Fraud has not slowed and all stakeholders are unhappy.

The end result is that from wherever you sit, you may hear, see and perceive that there is more fraud. That all these new technologies haven’t solved the problem. That EMV is not going to improve anything or it’s just redistributing the problem. There is also a darker, more sinister fact at play here: that the hackers, fraudsters and foot soldiers on the dark side of this battle have grown in numbers as we’ve slowly moved to increase our dependency on electronic payments. And I’m sorry to burst the bubble, but this is all true. There is a ton of fraud right now, it’s still growing, and the criminal entities who have created, scaled and maintain these dark economies are presently undeterred.

Here’s why all of that is shortsighted…

There is glimmer of hope and that glimmer is not that far in the distance: we’re just in the infancy of the adoption of new technologies that will significantly reduce the impact. EMV has worked in the countries where it has been implemented, it has dramatically reduced counterfeit card fraud. To really put this in perspective, in the USA, we’re only seeing about a quarter to a third of all POS transactions going through the EMV mode right now. So, we have a ways to go before the benefits really take hold.

Tokenizationis showing us that we will further protect the ecosystem with dynamic data that will inevitably be a stronger and more widely supported standard. Authentication is improving and being deployed with less friction using our mobile devices. Fraud alertsare more precisely applied than they have ever been, and are more directly fed to us. This is a transitional period, and unfortunately, the transition is going to be long… perhaps another two to five years until we have a real ring around counterfeit card fraud once we take into consideration all possible manifestations of the mag stripe in our ecosystem. Seriously.  And as we have to be accepting that it’s not going to all fall into place overnight. It’s a period of change where a shuffling of security elements between merchants, terminals and issuers will be exploited by an increasingly target-sensitive fraudster and hacker.

With every new technology, in payments or in any consumer goods, there are typically teething problems… and this is a very complex, global problem where no simple answers exist. The investments in security we are making today can and do pay dividends. In every new breach, it becomes increasingly clear that the business that was compromised may not have put security first, or didn’t adequately prepare for environmental shifts. It is right now that we are in the transition period, and if investments in security have not been made, it is now time to make them, or find oneself in the position of being left behind when the hacker, fraudster or ne'er-do-well sets their site on your organization.

It’s said that luck favors the prepared, and while it may appear that our newest preparations aren’t immediately realizing their desired result, it will certainly be realized that the organizations that didn’t adequately prepare for this transitional environment are the same as those that are actually impacted. Further, EMV is in fact already working for those who moved forward with it. The merchants who already adopted EMV are far less susceptible to suffering from hacking and fraud, and won’t be in the news as the victim of the latest event. The issuers who issue EMV chip cards already have less counterfeit fraud liabilities even when their customers shop at merchants that didn’t transition to the new standard. That’s how it appears from the inside looking out – right now. That’s why EMV is going to work, and why we need and will get more technologies like it. So, let’s not say this is a burst of the EMV bubble, this is just a bit of chop in the EMV froth. 

KEYWORDS: credit card security cyber liability EMV security identity theft retail cyber security

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Seth Ruden, Sr. Fraud Consultant, Payment Risk Solutions for ACI Worldwide, is a Certified Fraud Examiner and Certified Anti-Money Laundering Specialist and has been working with banks in the detection and mitigation of financial crimes since 2004, in the compliance department of one of the largest global banks. Since then, he has worked with Law Enforcement, Regulators, Executives and Analysts in consulting positions beyond the United States, extending to financial services organizations in Asia, the Middle East and North and South America.

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Top Cybersecurity Leaders
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Columns
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Cybersecurity Education & Training
    By: Charles Denyer
Subscribe For Free!
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

  • Duty of Care
    Sponsored byAMAROK

    Integrating Technology and Physical Security to Advance Duty of Care

Popular Stories

Pills spilled

More than 20,000 sensitive medical records exposed

Laptop in darkness

Verizon 2025 Data Breach Investigations Report shows rise in cyberattacks

Computer with binary code hovering nearby

Cyberattacks Targeting US Increased by 136%

White post office truck

Department of Labor Sues USPS Over Texas Whistleblower Termination

Internal computer parts

Critical Software Vulnerabilities Rose 37% in 2024

2025 Security Benchmark banner

Events

September 29, 2025

Global Security Exchange (GSX)

 

November 17, 2025

SECURITY 500 Conference

This event is designed to provide security executives, government officials and leaders of industry with vital information on how to elevate their programs while allowing attendees to share their strategies and solutions with other security industry executives.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • wearable-enews

    Return of the Lost and Stolen: Authenticating Wearables

    See More
  • incident-response-freepik1170x658v6.jpg

    A 3-step approach to cyber defense: Before, during and after a ransomware attack

    See More
  • banking 2 responsive default

    The EMV Transition – A 6-Month Checkup

    See More

Related Products

See More Products
  • facility manager.jpg

    The Facility Manager's Guide to Safety and Security

  • databasehacker

    The Database Hacker's Handboo

See More Products
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing