EMV adoption is accelerating across the United States - the biggest market historically for the magstripe card, and also the world's biggest target for payment card fraud. But as adoption of EMV and tokenization across the United States grows, there are concerns that cybercriminals may begin looking elsewhere for new targets, warns Jeremy King, international director at the PCI Security Standards Council (see Why U.S. EMV Migration Will Spur Global Fraud Shift).
"When the door closes on criminals being able to clone American magstripe-based cards, attention is going to turn to the card-not-present space," King says. "Will the criminals then still target the U.S., or will they start looking at regions that are comparatively less secure?"
King has been advising Europe and the rest of the world to be on alert during the U.S. migration to EMV, because card-not-present fraud is going to be the next big thing, he says. With the U.S. also looking at improving its encryption and tokenization practices, parts of the rest of the world could soon become fraudsters' next target, based on various regions' data security practices, King says (see Fighting Fraud Post-EMV).
"You've got to change mindsets; you've got to become aware of security and take it seriously," he says. "Because the criminals take it seriously - their sole objective is to break into an organization and steal data and monetize it.
Security and compliance can never be a one-off check box; it has to be a continuous process, he advises. And when organizations start building security into their business processes, security is no longer an inhibitor, and in fact, puts one in a better position to deal with issues ranging from adopting emerging technologies, to the rapidly changing threat and business risk landscape, he says.
King was in Mumbai as a keynote speaker at a conference organized by payment security specialists SISA InfoSec. In this exclusive audio interview with Information Security Media Group (see link below photo), King details some of Asia's unique challenges and contrasts it with the payment security landscape in the west. Among other things, he also shares specific insights on:
- Securing payment systems in the post-EMV landscape;
- The future of payments security;
- What organizations must do now to improve their payment card data security.
King leads the PCI Security Standards Council's efforts to increase global adoption and awareness of PCI security standards. His responsibilities include gathering feedback from the merchant and vendor community, coordinating research and analysis of PCI-managed standards in European markets and driving educational efforts and council membership through involvement in local and regional events. He also serves as a resource for approved scanning vendors and qualified security assessors. Before joining the council, King was the vice president of the payment system integrity group at MasterCard Worldwide.