Last week in Las Vegas, the Payment Card Industry (PCI) Security Standards Council (SCC) kicked-off its annual PCI Community Meetings. This is where members of the payment industry come together to discuss the current state of affairs, voice concerns and ask questions. It leads to the third version of the PCI Data Security Standards report which will be out in November.
A recent article from Search Security features an interview with two members of the council, Bob Russo and Troy Leach. According to Leach, one of the hottest topics during the meetings has been EMV technology. An entire session was spent just on this area.
"As EMV migrates to the U.S. market, we're going to see a significant shift in fraud, away from face-to-face retail transactions," Leach said. "EMV is a phenomenal technology for authenticating who the cardholder is and authenticating the transaction, but what we're going to need to do over the next three to five years is educate merchants; there will still be a significant need for security."
He went on to say that the role of EMV is to authenticate transactions, not secure them. Cardholder data is still exposed, so there will be a need for collaboration and an increased understanding of how different standards work in the EMV environment. Specifically, companies need to focus on encryption and keeping card information secure as it is processed through the terminal.
Merchants would be wise partner with a payment solution provider to stay updated on all the changes that could be coming down the pipeline.