BankThink

EMV Gives Retailers a False Sense of Security

Some retailers falsely think that if they are using EMV chip credit cards that they have eliminated any chance of security breaches at the register since the EMV approach is stronger than conventional credit cards.

The EMV chips do improve security, but there are still lots of holes, including:

Since the U.S. isn't requiring a PIN, pretty much anybody can use an EMV chip card, whether it might possibly be a lost card or a stolen card

The magnetic stripe on the EMV chip credit card is still vulnerable to being read by malware

Stores allowing both the dip-the-chip and the swipe method often lazily allow their staff to choose which way to go, and the staff frequently steer shoppers to the traditional swipe method since it is more familiar to shoppers.

Ironically, whereas store staff might be angling shoppers away from the chip, Interactions latest Retail Perceptions found that 71% of shoppers indicate that using a chip makes them feel more secure when shopping. If your staff are steering those savvy shoppers away from using the chip, it can create tremendous confusion for shoppers and make them think twice about shopping at your establishment.

In fact, shoppers are already wary about whether retailers are really doing what is necessary to help protect their information. 

Nearly half of shoppers (43% don't trust companies to keep their personal information safe.

Furthermore, about a third of shoppers (30%) doubt that companies are investing enough in security measures.

All of this distrust by shoppers is a sign that retailers are potentially going to lose the goose that laid the golden egg by not taking the appropriate system security precautions put in place.

Even the rise of mobile payments is not a panacea to solve the security payment issues.

With mobile phones there is the chance of malware being on the phone itself, or of a crook grabbing the phone and cloning it.

The one good sign for retailers is that at least shoppers are aware that security breaches are a cat and mouse game with the cyber-crooks, and that it is hard for retailers to continually stay ahead of the criminals.

Nearly two-thirds of shoppers (64%) reluctantly say that they "accept" that security breaches are now a part of the shopping process.  This acceptance does not mean that they are happy about it, but just that they realize the tough problem of trying to make the shopping experience secure.

Retailers would be wise to audit their security mechanisms and see where there are gaps that need to be filled. The gaps are not only about the technology, but also about the proper processes and training of staff to make sure that system security is job number one.

There is a bottom line impact. When your business suffers a security breach, did you know that nearly 40% of shoppers say they’ll spend less than before the breach?

There’s no doubt that when your systems and information are compromised your business suffers. According to Retail Perceptions, long term effects are unavoidable as well. The survey showed that 69% of shoppers say that they won't sign-up for a store credit card once there's been a breach at the retailer, and likewise about 56 percent say they would not be willing to sign-up for a loyalty card after there's been a breach.

Lance B. Eliot is global vice president of information technology for Interactions.

For reprint and licensing requests for this article, click here.
Analytics Data security Retailers
MORE FROM AMERICAN BANKER