Upload
crystal-guliford-mls-pmp
View
173
Download
2
Embed Size (px)
Citation preview
Chip and Pin vs. Magnetic Stripes for
Credit Cards
CRYPTOGRAPHY IN THE ENTERPRISE
CHIP AND PIN 05/04/2016
C. GulifordCIS 6323May 4th, 2016
What is EMV? EMV -- which stands for Europay, MasterCard and Visa -- is a global standard for cards equipped with computer chips and the technology used to authenticate chip-card transactions. In the wake of numerous large-scale data breaches and increasing rates of counterfeit card fraud, U.S. card issuers are migrating to this new technology to protect consumers and reduce the costs of fraud.
CHIP AND PIN 05/04/2016
What is Chip and Pin? Payment cards that comply with the EMV standard are often called chip-and-PIN or chip-and-signature cards, depending on the exact authentication methods required to use them.
CHIP AND PIN 05/04/2016
What are Magnetic stripe Cards? Card capable of storing data on a Magnetic Stripe The first modern charge card was issued by in 1950 Can be more easily copied Magstripe can be damaged over time
Magnetic cards can be easily used by everyone, whereas the new smart chip readers have a slight learning curve for merchants and customers.
CHIP AND PIN 05/04/2016
Disadvantages of Magnetic Stripe Cards Magnetic stripes are easily cloned Terminals perform little or no risk assessment The authentication data is static Host cannot recognize cloned cards
If someone copies a magnetic stripe, they can easily replicate that data over and over again because it doesn't change.
CHIP AND PIN 05/04/2016
Advantages ofChip and Pin Added peace of mind. Increased security against unauthorized use your card. Increased security against counterfeiting and skimming.
CHIP AND PIN 05/04/2016
The Pro’s…To the Banks
Decreased liability for banks Reduced costs in authorization calls Security against counterfeit or ‘skimmed’ magnetic stripe cards Generally lower risks due to PIN Verification Protection against organized crime
CHIP AND PIN 05/04/2016
The Pro’s…To the Consumer
Able to be present during card authorisationImproved customer experience at the point-of saleFaster AuthorisationMore Piece of mind
CHIP AND PIN 05/04/2016
The Pro’s…To the Merchant
Possibility of reduced bank charges and charge-backsInsulates retailers from effects of fraud liability shiftIncreased sales conversion and improved efficiency due to authorization speedLess paperwork (Receipts)
CHIP AND PIN 05/04/2016
PCI DSS v3 Payment Card Industry (PCI) Data Security Standard Developed to encourage and enhance cardholder data security and facilitate the broad adoption of consistent data security measures globally. Provides a baseline of technical and operational requirements designed to protect cardholder data.The new 3.0 version requirement 11.3.4, effective July 2015, requires annual penetration tests to validate that the segmentation methods are “operational and effective.”
CHIP AND PIN 05/04/2016
How this all relates to PCI DSS v3 and cryptography in the enterprise?
Compliance is required on systems including those that actually handle card data, all the unrelated systems that connect to the same network, and the systems that can affect their security (authentication servers, firewalls, web redirection servers, etc.).
This has been clarified and made explicit in the scope section of 3.0 and may come as a shock to merchants that have only addressed compliance on the systems that directly handle card data.
CHIP AND PIN 05/04/2016
Conclusion There is a concern that ineffective segmentation can lead to a false sense of security and inaccurate scoping. The PCI compliance scope also involves any third-party that could affect the security of, or handles card data on the behalf of a merchant.
CHIP AND PIN 05/04/2016
Thank You
CHIP AND PIN 05/04/2016
References:
1.http://www.networkworld.com/article/2687097/security0/three-critical-changes-to-pci-dss-3-0-that-every-merchant-should-know.html2.http://www.creditcards.com/credit-card-news/emv-faq-chip-cards-answers-1264.php3.https://www.pcisecuritystandards.org/document_library