There's a movement happening in the payments world. With so many retailer data breaches in the past year, consumers, financial institutions, retailers and security professionals are wondering, plain and simple: how can we make shopping more secure?
Today, when you make a purchase, the way you make that purchase - in person, over the phone, online - can determine just how secure your transaction is. It's important to understand which methods of payment are less secure than others, because if a cyber criminal gets ahold of your personal information through these at-risk payment methods, there's a higher chance for you to become a victim of identity fraud - and you don't want to go down that rabbit hole. In fact, one in three data breach victims suffered identity fraud last year, meaning they experienced countless hours on the phone filing identity theft reports, reporting errors to businesses, talking to debt collectors and the like.
Let's take a closer look at what secure - or insecure - payment options are available today.
This is a type of card that stores and transfers data within a magnetic stripe. If you live in the United States, you're likely familiar with the magstripe as it is what you see on credit cards, debit cards, public transportation cards and even office ID cards. Typically, users must provide their signature at the end of a payment.
Security professionals deem this form of payment as less secure than EMV (Europay, MasterCard, Visa), because magstripe cards store cardholder account information within the "tracks" on the magnetic stripe. Cyber criminals can use Point-of-Sale (POS) malware to scrape a business' memory for this track data and then use that data to clone cards.
EMV (Europay, MasterCard, Visa) or Chip and PIN
Many of the European countries use Chip and Pin or EMV cards, hence "Europay" in the acronym. This type of card is seen as a global standard for payment cards because of their secure nature, and the United States is slowly moving towards adopting these types of cards into the mainstream. They are often called IC cards, or "chip cards," because a computer chip is embedded in the card and associated with a PIN. In order for the card to process, the owner must supply their unique PIN number, which is a more secure form of authentication than a signature, as used with magstripe cards.
Cyber criminals cannot extract information from EMV cards during a breach using POS malware because EMV cards create a unique record for every transaction. So even if a cyber criminal managed to extract the one-time unique transaction code, they are unable to use that code for future purchases.
CNP stands for "Card Not Present." These transactions are typically made over the phone or Internet, when a physical card is not presented to the merchant. These kinds of transactions are considered highly insecure and can be major sources of credit card fraud, since it's difficult for merchants to authorize the user's identity.
This is a relatively new kind of payment that uses radio-frequency for transactions. Users can wave a card, device or fob over a POS system to make their purchase. While this form of payment is convenient for users, it can be insecure. Cyber criminals can use malware or even "skimming" as a method of intercepting the card data.
While the methods of payment available to you are often decided by your bank or merchant location, it is important to be aware of the risks associated with each method so that, as often as possible, you can make the decision to shop securely. I would also keep tabs on when certain more secure methods of payment become available to you and consider if they are right for you to adopt.