Will PF Chang's data breach speed EMV?

Many banking and security professionals would argue that the P.F. Chang's credit card data breach discovered on June 10 is a reason for quick EMV migration in the U.S. However, others say EMV is not the be-all, end-all for retail fraud.

P.F. Chang's is just the latest victim of credit card breaches, which have impacted Target (NYSE: TGT), Neiman Marcus, Lowe's and Sally Beauty (NYSE: SBH) this year. On June 9, thousands of newly-stolen credit and debit cards went up for sale on rescator[dot]so, an underground store best known for selling tens of millions of cards stolen in the Target breach, KrebsonSecurity reported.

The data breaches have spurred U.S. retailers to speed up their adoption of chip-and-PIN cards. At the Smart Card Alliance Payments Summit earlier this year, a Walmart (NYSE:WMT) executive said the retailer has EMV chip-enabled terminals in all of its U.S. stores and 118 of its stores are ready to accept chip transactions.

"The best thing we can do is make sure we have the best security in place; you can't argue that signature is more secure than a PIN," John Drechny, Walmart's senior director of payments services, said at the meeting.

Until technologies like EMV and tokenization are implemented, retailers will continue to suffer breaches like the most recent P.F. Chang's case, Seth Ruden, senior fraud consultant at payments processor ACI Worldwide, said in a statement emailed to FierceRetail.

"The best defense against these attacks is through the development of our own networks and communities: information sharing and internal discussion of threats/actors to develop coordinated strategies," he said.

However, implementing chip-and-pin cards will not end credit and debit card fraud in the U.S., according to a recent FICO Banking Analytics blog post, "Fraud is a moving target. Quash it in one place, and history demonstrates that it will pop up somewhere else."

For example, when EMV was rolled out in the U.K., fraudsters quickly refocused their efforts on cross-border counterfeit fraud and card-not-present (CNP) attacks, bypassing new EMV protections.

"Fraud temporarily spiked, driven largely by CNP fraud, which grew in overall volume as well in terms of its percentage of card fraud losses (from about 40 percent prior to the EMV rollout to 72 percent two years later). We've seen similar CNP fraud spikes in other markets adopting EMV," the blog stated.

For more:
-See this KrebsonSecurity article
-See this FICO Banking Analytics Blog post

Related stories:
EMV cards urged at Smart Card Alliance meeting
The story of how Target had chip and PIN cards, but failed to keep them
Retailers say it's PIN, not chip, that cuts card fraud
What retailers need to know about reducing fraud with EMV chip and PCI standards
Sam's Club first to launch chip-and-PIN card