2014 was a lucrative year for hackers. Sony, JP Morgan Chase, even Home Depot were all targeted by unprecedented digital attacks. The year before, Target took its place in the crosshairs and ended up taking nearly $150 million in losses due to a massive security breach. So with everyone put on edge about making electronic payments, both in-store and online, it’s no surprise that 2015 will be a year heavily focused on security.
The biggest change in security coming this year is the shift to EMV payments in the United States. If you aren’t familiar with EVM (short for "Europay, MasterCard and Visa"), it’s a new form of payment card that does away with the traditional magnetic strips. Instead, it uses an embedded chip with a microprocessor that offers security measures that were impossible before. You may have noticed a metallic square on some of your credit cards? That’s the chip. But because the U.S. hasn’t fully shifted over to EMV payments, those cards also have a magnetic strip.
The new cards have been widely successful, with over 80 countries now using the payment system. In October of this year, the U.S. will be one of the last major countries to adopt the new system, and start making full use of the chip-based payment system.
So why are these cards so good at preventing fraud? A conventional magnetic payment strip contains a fixed, never-changing set of information. That’s what makes it so easy for fraudulent transactions to occur; once that information is read by a third party, it can be reproduced in myriad ways. With EMV technology, the information in the chip is constantly changing, making it substantially more difficult to replicate.
This great news doesn't come without consequences, however.
In-store purchases will be a tough nut to crack for potential fraudsters, which unfortunately means we’ll start seeing a heavier focus on digital and online fraud. Apps, application processes, and checkouts are expected to be particularly targeted by fraudsters.
If you don’t have SSL encryption already or use a 3rd party payment provider with SSL encryption, a la PayPal, you will be hacked very soon and probably sued out of existence shortly thereafter. A quick Google search will help you find one of dozens, if not hundreds, of reputable SSL certification providers.
For the vast majority of you with SSL encryption in place already, make sure that you are constantly updating and auditing your own security protocols as well as any external service providers responsible for your company’s information security.