EMV and Encryption + Tokenization: A Layered Approach to Security
Several card brands have taken the position that EMV is the preferred way forward for reducing payment card fraud at the point of sale (POS) in the United States. EMV is already an accepted standard in every major market except the U.S., and it has proven its worth in other regions. Recognizing the positive outcomes elsewhere, Visa and MasterCard have announced EMV initiatives in the U.S., with requirements and deadlines that affect merchants, issuers, acquirers/processors, and ATM operators.
Consequently, merchants need to understand the business and security implications of moving to the EMV standard, as well as what EMV will—and won’t—do to help them. While EMV is a global standard that is proven to reduce card fraud, it isn’t the all-encompassing security remedy that the payments industry would like to have. Additional layered safeguards are still needed—in particular for data security beyond the POS, and also for eCommerce and other card-not-present (CNP) situations. This paper explains where EMV fits into the payments security spectrum and highlights the additional measures that provide security where EMV does not.