Go to:

May 2018
< Apr Jun >
Leaguer Email Subscription

You are not currently subscribed. Click Subscribe below to receive the Leaguer email.

Holes in EMV-Enabled POS, ATM Systems Open Vulnerabilities
Wednesday, June 21, 2017 6:30 AM

Having an EMV-enabled system in place is not a total guarantee against breaches. Holes in updated point-of-sale (POS) infrastructures may have instigated recent compromises, and credit unions need to aware as well.

According to EMV chip data from The Strawhecker Group, more than 52 percent of merchants enabled their system to accept chip payments. Glenbrook Partners recently reported that 63 percent percent of all cards in the market are chip cards.

Nevertheless, what's troubling to merchants and financial institutions is that recent breaches occurred despite EMV-compliant devices in use at those locations. At the recent Kmart breach, the company acknowledged that malicious code infected its payment data systems despite the retail chain having implemented EMV-compliant POS systems.

Ashley McAlpine, fraud prevention manager for Rancho Cucamonga, Calif.-based CO-OP Financial Services, said their fraud prevention team learned that some merchants are not setting up their EMV technology for return transactions, only for the purchases. Consumers in those instances are susceptible to compromise.

“Why that is important for us to recognize that is when we’re looking for common point of purchases, a lot of time credit unions only focus on where the authorization is taking place and not necessarily looking at other points of the transaction, such as the returns,” McAlpine said.

Who's responsible for EMV usage? It’s not up to the member to make that decision; right now it's up to the merchant to ensure that their practices are in line. So, McAlpine notes, they're using not only the same EMV technology for purchases but also for returns and other transactions.

In all instances, the EMV-enabled POS terminals, if configured correctly, should read the 201 service code (101 is for mag-stripe only) when a dual-mode card is swiped and direct the consumer to dip the chip portion of the card in the correct place at the bottom of the terminal.

The CO-OP fraud prevention manager warned that some credit unions are not always configuring their EMV-enabled ATM systems correctly either. A lot of credit unions are setting up their outside ATM terminals with EMV but may not recognize the need to enable the same EMV technology on in-house ATMs.

Source:  Credit Union Times