By Michael Ryan

It’s the time of year. Ghouls and ghosts come out to play making most of us quake in our boots. Some of us love it, others put up with it just to get the goodies and treats. So in the spirit of Halloween, I’ve pulled together a list of myths for the week that may have merchants a bit confused. As a treat, I will address these myths and provide our readers with more insight so that they can put these spooky myths in their graves for good.

Today, we’ll take a look at transaction security. With the number of breaches that have occurred in the retail industry, this myth should really have you quivering in fear. The last thing any merchant wants to see is their name splashed across a news story pointing to the loss of thousands of customers’ credit card data.

Spooky Myth of the Day: EMV is all the transaction security I will need.

For those of you that don’t know, EMV comes from the letters of Europay, MasterCard and Visa, who are the three companies that developed this card standard for authenticating credit and debit card transactions at point-of-sale (POS) terminals and automated teller machines (ATMs).

When I am talking to merchants, I hear it all the time, “Won’t it be great when we have EMV in the US and my transaction security woes will be over?” This is often followed by a debate over the time frame in which we’ll see this revolution.

But don’t be fooled by this myth. The truth is that while several studies have shown how EMV has been effective in preventing fraud at the point of sale in brick and mortar environments it really only addresses counterfeit card creation and usage.

EMV transactions still transmit sensitive cardholder data in the clear so it does very little to mitigate PCI. Merchants processing EMV must still limit data storage and protect data that is stored. EMV does not eliminate potential fraudulent activity with Mail Order or Telephone Order (MOTO) payment processing or with online transactions.

So while EMV may help us prevent fraud committed with counterfeit cards used at the physical point of sale, the data is not automatically secured in-flight or at rest and may be stolen and used to commit fraud in other ways. It is important to remember as well that the data only needs to be stolen (not used) for a merchant to face significant penalties and damage to their brand.

Don’t let these myths fool you. Understand the limitations of EMV and ensure that you have a layered security approach that can secure data in-flight and at rest.

Visit us later this week for the next spooky myth. If you have other myths that you’d like to add, include it in a comment below.