EMV and PCI Security: The Main Defense for Credit Card Data
While EMV (Europay, MasterCard, Visa) has been making the headlines with the October mandate approaching, another important process in data security consumers shouldn’t forget about is PCI DSS (Payment Card Industry Data Security Standard).
For some background on PCI DSS, it was launched in 2006, after originally being formed by Visa, MasterCard, American Express, Discover Financial Services, and JCB International as the five began collaborating on payment card practices. The practices serve as security controls for making sure customers’ card data is kept secure throughout the entire process.
So some may be asking, what are the major differences between EMV and PCI? If EMV is a more advanced form of data protection, why is PCI necessary? See below for a breakdown of why both are important, both individually and in tandem, according to the PCI Security Standards Council.
Fraud Protection vs. Data Security
EMV chip technology combined with PCI Security Standards offers a powerful combination for increasing data security and reducing fraud. While EMV focuses on fraud protection, mainly from the hardware perspective, with the use of chip-and-pin, PCI focuses on data security both while it is in motion and at rest.
Authentication Technology vs. Data Security Controls
With chip-and-pin technology, the card is embedded with a chip that is tied to a pin number assigned by the cardholder. Authentication technology works when the physical card is present, using the pin number to authenticate the card belongs to the holder. Data security controls focus on the transmission of the data both while it is in motion and at rest. The two processes that fall under those purviews are End-to-End Encryption (E2EE) which focuses on data in motion and Tokenization when data is at rest.
How They Work Together
EMV works in tandem with PCI as EMV offers hardware security while PCI oversees software security. Once the card is inserted, it is authenticated to belong to the owner through chip-and-pin technology before data is transferred through the payment process where PCI standards come into play. Some of the security methods used by PCI standards include patching systems, intrusion monitoring and firewalls.
Operators looking to ensure future financial success need to work towards EMV implementation while adhering to PCI standards. Retail Customer Experience found that 87% of people surveyed are “not at all likely” or “not very likely” to do business with an organization that had suffered a data breach involving credit card details, making proper investments in both vital.