Chip and Skim: cloning EMV cards with the pre-play attack
EMV Technology_Risk Management
1. EMV Technology
Presented by Terrance Phillips, MBA
Vice President/Risk Officer
BCB Community Bank/Risk Management
2. What is EMV?
What does EMV stand for?:
EMV = Europay, Mastercard, Visa
Global standard for credit & debit payment cards
based on chip card technology
4. What’s different about EMV cards?
Visual difference
◦ There will be a small chip inserted on the credit/debit
card
• Functional difference:
•
Unlike magnetic strip cards, EMV cards create a
unique transaction code after each transaction
that cannot be used again.
Traditional credit and debit cards store
unchanging data on the magnetic strip.
5. Who will be affected by the new
EMV requirements?
Merchants who use POS and CC
processing
Banks and Financial Institutions
Consumers
6. EMV Compliance – 10/1/2015
After October 1, 2015 the liability for card present fraud will shift to
whichever party is the least EMV compliant in a fraudulent transaction.
Today, if an in store transaction is conducted using a counterfeit, stolen or
otherwise compromised card, consumer losses from that transaction fall
back on the payment processor or issuing bank.
If a financial institution issued an EMV compliant card used at a merchant
that has not changed its system to accept EVM technology, the cost of the
fraud will fall back on the merchant.
Any parties not EMV ready by October 2015 could face much higher costs in
the event of a large data breach.
Editor's Notes
EMV Technology will minimize the risk of credit card fraud. Many of the companies displayed above experienced some type of cyber threat to their credit/debit card systems over the last 3 years.