POS Breaches in 2015: The Good, the Bad and the Ugly

Retailers had a tough year. With Target's massive point-of-sale breach at the end of 2013 to a steady stream of retail breaches throughout 2014, it seems like cyber criminals continue to win the battle over consumer data. If 2014 was the year of the POS breach, then what will 2015 bring?

The good news is that there is a deadline for U.S. retailers and card issuers to adopt EMV chip-and-pin technology by October 2015. Due to what is being called the Payment Networks' Liability Shift, financial institutions will no longer assume financial responsibility for fraudulent transactions if a merchant is using non-EMV compliant technology, including POS systems. It's no surprise that financial institutions are incentivizing merchants to move to a more secure transaction method. Every year Americans lose $8.6 billion to fraud, according to the Aite Group, and this number is expected to reach $10 billion by 2015, according to the Nilson Report. The shift to EMV is starting slowly and will take at least a year to see any positive effects.

While financial institutions and retailers are moving in the right direction to create a more secure payment standard, there may be repercussions due to the lag time it takes to shift the systems. The bad news is that as retailers start seriously making the shift toward more secure payment technology, Experian's Data Breach Industry Forecast predicts that payment breaches will increase as the window closes for cyber criminals to profit from this type of attack.

Additionally, there may be merchants that decide not to comply with the new security standard due to high cost to replace POS devices. According to Javelin Strategy & Research, changing to an EMV-compliant system will total $8.65 billion: $6.75 billion to replace 15 million POS devices, $500 million to replace 360,000 ATMs and $1.4 billion to replace over 1.13 billion credit and debit cards.

Nevertheless, there is light at the end of the tunnel. As we have seen in Europe, EMV-compliant systems are incredibly more secure than systems without EMV. In fact, EMV has cut card fraud by 65 percent in the last 10 years. That being said, U.K.-based card fraud expert Neira Jones believes that fraud has simply shifted from face-to-face fraud to card-not-present fraud. In 2012, card-not-present fraud increased by 21 percent in Europe, according to the European Central Bank, and has likely grown by 15 to 20 percent each year since 2008.

What does this mean for U.S. merchants and shoppers? We must work together to stop cyber criminals from exploiting technology and bank accounts for their personal gain. There are several ways to fight against cyber crime next year:


Invest in your future by switching to an EMV-compliant system. This call to action especially rings true for the smaller shops that may be affected by POS breaches. Believe it or not, cyber criminals do not just target the large enterprise-sized retailers. They also aim for small, local shops. Not to mention, it typically takes a company a full year to recover from reputation damage after a data breach, and many small businesses do not recover at all.


The safest form of payment in store is by using cash. You may also want to try using gift cards and store apps, since they don't share credit card information with the register, reports Gartner security analyst Avivah Litan. Take the time to find out when you can receive a debit and/or credit card with chip-and-pin technology from your financial institution.

While it likely will get worse before it gets better, merchants and financial institutions are taking baby steps toward a more secure payment future.