EMV technology has been integrated into credit and debit cards over the past three years, in order to increase security, but according to a new study by research firm Gemini Advisory it has not been as effective as expected. With over 60 million payment cards compromised during the past year in the U.S, 93% had already been upgraded with EMV technology. This trend could be due to the inconsistent implementation of EMV outfitted terminals, as well as other issues.
Gemini Advisory looked at data gathered from a variety of criminal forums and marketplaces located on the dark web to gather the data for this report. These sites specialize in selling stolen credit and debit card information. They found that of the 60 million compromised cards 75% (45.8 million) were linked to transactions in which the card owner was present, more than likely due to card-sniffing and point-of-sale (POS) breaches. They suggest that they may well be linked to hacking incidents at a variety of retailers, including Saks, Lord & Taylor, Forever 21, and Whole Foods, as well as others.
Card-not-present fraud is on the rise too
What about fraud that takes place online? They found that 25% of the compromised cards were linked to breaches that took place online. This kind of fraud is growing, with a 14% upswing in Card-Not-Present (CNP) fraud occurring via e-commerce breaches over the last year. This represents a shift by cyber thieves from hacking data at the register to hitting consumers online.
They point out that credit and debit card data that was hacked via Ticketmaster, Orbitz, City of Goodyear and British Airways only makes up a small percentage of the 14.2 million CNP records that have been up for sale on the dark web over the last 12 months.
The United States targeted by hackers
What country has the most compromised EMV payment cards? In this area, the United States takes the lead with 37.3 million compromised records. The US is 868% higher than the other countries in the world when it comes to Card Present and Card-Not-Present fraud.
Clearly, the United States is the most targeted country by hackers, while other countries have successfully used EMV technology to up security.
While EMV technology is being implemented in the U.S all businesses are not up to speed. Gemini Advisory suggests that mobile payment systems like Android Pay, Google Pay, and Apple Pay, are safer for consumers to use because hackers cannot use shimming devices or POS malware to steal their data.