WASHINGTON (3/11/15)--Advancements in card data protection technology may tamp down the frequency of which merchant data breaches take place, but payment data won't be safe until merchants are held accountable for data security, attendees heard at a breakout session Tuesday at CUNA's Governmental Affairs Conference.
|At Tuesday's breakout session, "Stopping Merchant Data Breaches and the Future of Payments Technology," industry experts Mahesh Aditya, Visa chief risk officer (left); Jay Isaacson, CUNA Mutual Group vice president of business protection; and Mark Wiesman, MasterCard group head of fraud management solutions, delve into advancements in card data protection technology. (CUNA Photo)|
Sitting on the panel for the breakout session, titled "Stopping Merchant Data Breaches and the Future of Payments Security," were Mahesh Aditya, Visa chief risk officer; Jay Isaacson, CUNA Mutual Group vice president of business protection; and Mark Wiesman, MasterCard group head of fraud management solutions.
"We are held to a very high data security standard that is examined and supervised, and merchants are not," said Jeremy Dalpiaz, CUNA associate director of advocacy, who moderated the panel discussion. "Some merchants are very good at it, others are not, and (over the last 14 months) it's cost us (more than) $90 million as an industry, and I think that's reason enough for us to be asking for a national data security standard."
A common refrain among the panelists was that no one-time solution exists, and that to significantly reduce data breaches, it will take a layered approach.
That approach certainly includes card security, but it must also include merchant accountability, CUNA says.
"There really isn't a silver bullet," Isaacson said. "There's a lot of things you can do really, really well ... but I think in reality there are still vulnerabilities, and I think what we've seen from fraudsters is that they're very, very good at exploiting vulnerabilities."
Still, panelists did offer some hope to those in attendance about the efficacy of card protection technology.
Wiesman said that countries that have a "critical mass" of EMV technology, for example, have a much lower rate of counterfeit fraud than the United States, where EMV has not yet been widely implemented.
"Does EMV work? Yeah absolutely. EMV works," Wiesman said. "Does it stop all the fraud? It doesn't stop all the fraud. There is no one golden pill that's going to make all these problems go away."
Visa, meanwhile, has a three-pronged approach to the way it is tackling card security, said Aditya, who added that once its full plan has been implemented, which includes point-to-point encryption, EMV and tokenization, it will greatly reduce card fraud.
"I'm really optimistic that over the next 12 to 18 months we will have addressed, for the most part, a lot of the issues that plague our industry right now," Aditya said.
But that doesn't mean that cybercriminals should be underestimated, according to Wiesman.
"These fraudsters are smart, they're sophisticated, they're really motivated in what they do, and technology does not scare them. Not one bit," Wiesman said. "So the more you roll out, the more they feel empowered to try to break what you're doing and try to hack into your system."
(For more coverage of Tuesday's GAC breakout sessions, see related News Now stories: NCUA exam priorities, concerns discussed; CUs layout FOM rule wish list to NCUA; and On tax reform, anything is in play.)