FBI bulletin: EMV cards aren't a panacea

October 14, 2015

WASHINGTON (10/14/15)--New chip-enabled payment cards are still vulnerable to exploitation, according to an alert from the FBI, which said in a recent bulletin that no one technology eliminates fraud.

CUNA has made the same point on numerous occasions, that EMV chip-enabled cards--while a marked security improvement--are not a panacea when it comes to stopping data breaches.

Though the chip-enabled cards are more secure than magnetic strip cards, according to the FBI, an EMV chip does not stop lost or stolen cards from being used fraudulently, either online or at point-of-sale. Additionally, the data on the magnetic strip of an EMV card can be stolen if the merchant has not upgraded to an EMV terminal.

“Consumers are urged to use the EMV feature of their new card wherever merchants accept it to limit the exposure of their sensitive payment data,” the FBI’s bulletin states.

CUNA President/CEO Jim Nussle, in an op-ed in The Hill, said that while credit unions and other financial institutions have spent billions of dollars in recent years on cybersecurity, lax merchant practices and a lack of security requirements are the weak link in the payments system.

The FBI has also urged merchants to adopt additional security measures to ensure the authenticity of cards used during transactions.

“At a minimum, merchants should use secure servers and payment links for all Internet transactions with credit and debit cards, and information should be encrypted, if possible, to avert hackers from compromising card information provided by consumers,” the bulletin says. “Credit card information taken over the telephone or through online means should be protected by the retailer to include encrypting digital information and securely disposing written credit card information."

For more information on the topic of cyberthreats, see "Go on the Cybersecurity Offensive" from Credit Union Magazine.