It’s summertime! It barely seems like the year should be half way over. I like to take this time of year to reflect on what has happened in both hospitality and in the payments space, as well as look forward to things yet to come. We are after all, still “only” half way through the year.
In reflection, it has been a very busy year at Merchant Link with conferences, trade shows and events not to mention product releases and new client boarding.
Our year kicked off with participation at NRF (National Retail Federation) annual conference in New York. The Merchant Link team took advantage of having so many top-level retailers in one location to learn more about what they consider “pressing technology” and immediate innovation needs. This of course was a little overshadowed by the then recent breach and several Tier 1 retailers. Helping to break down the barriers and misconceptions between Point-to-Point Encryption and EMV (Euro/Mastercard/Visa) with the attendees was enlightening. It always amazes me how the media can make the simplest thing so confusing – referencing of course, P2PE and EMV is not simple.
Since 2008 Verizon has been putting together a report outlining the impact of global cybercrime and the importance of information security. Often our memories are “short” and we cling to the last thing we heard in the news. This year of course it is the breach that Target experienced; which is disappointing, in that Target was not the only big box retailer to be hit, but for some reason they were the most memorable. Verizon works with the top security companies and agencies in putting together the Data Breach Investigation Report and in spite of headlines surrounding breaches at Target and other retailers, the news on closing security holes is actually positive.
There was an unprecedented new development in the aftermath of the Target data breach this week. By now everyone living above ground is aware that hackers were able to penetrate the Target network to install malware on POS systems by hijacking the credentials from Target’s HVAC vendor. The hackers were able to take off with 100 million account records including some 40 million card numbers. The projected costs to Target are expected to be in the billions.
The news cycle and buzz surrounding the recent card security breach at Target, Neiman Marcus, and Michael’s continues to have legs, even the card associations have jumped into the discussion.
This week, Bob Russo, General Manager of the PCI Security Council testified before congress. During his testimony he made several interesting statements. The one I find of most interest was “Moving toward EMV Chip technology is an important piece of improving data security, but it is not a solution in and of itself. Used together, EMV Chip and PCI Standards, along with many other tools will provide strong protections for payment card data.” Indeed, looking at what we know of the Target breach, PCI standards 8.3 and 8.5, if properly implemented do address the source of the breach. I agree with Mr. Russo in his above comments. EMV is indeed a piece of the puzzle. It is not, however, the ultimate solution.