EMV- CHIP & Choice..not Chip & PIN…Start Moving! March 23, 2015Posted by Chris Mark in Uncategorized.
Tags: Chip & PIN, Chris Mark, data breach, EMV, EMVCO, fraud, Liability Shift, mastercard, PCI, visa
add a comment
After deviating from my ‘security’ theme, I am back to talk about InfoSec. Last week I had the opportunity to attend Visa Accredited EMV Consultant Training at Visa’s Headquarters in Foster City, CA. As always, Visa put on a top tier program with numerous experts in Payment Card ‘chip’ technology. Since the topic was EMV most of the experts were from Across the Pond. Thanks to Mark, Chris and the others for great training!
For those who are new, EMV or “Europay, MasterCard, Visa” is a technology where a microprocessor ‘chip’ is embedded in a payment card (credit card, debit card, etc.). It is often erroneously referred too as “Chip & PIN” but EMV really only applies to the Chip technology. If a region or issuer wants to prefer PIN, they are able. Visa has a “Chip and Choice” model where they allow Chip with signature, no signature, or PIN depending upon the issuer, the risk and type of transaction (ie. Debit for Cash or ATM require a PIN). There was too much information over 2 days to talk about in this post but there was one point I learned and wanted to pass on..
In October 2015, Visa is offering a ‘liability shift’ for merchants who adopt EMV. My belief (it was wrong) until I attended the training was that the EMV liability shift only affected those merchants who 1) accepted a ‘chip’ card and on ‘chip’ transactions. These are known as ‘chip on chip’. It is critical that Merchants understand that the liability shift occurs for merchants who accept transacitons over a dual interface terminal (Chip and NFC) who accept transactions of ANY form. As an example, if you accept 99% mag stripe transactions but you have dual interface terminals…the fraudulent transacion due to counterfeit have liability shifted to the issuer! It does NOT have to be a Chip on Chip transaction.
The Second important point to remember is that Visa is offering a Technology Incentive Program (TIP) that states if a Level 1 Merchant accepts 75% of transactions over a Dual Interface terminal, they do not have to validate compliance with an onsite assessment. There are some caveats to this so make sure you read the rules!
To get ready for implementation, ensure you download the Visa Merchant Readiness Acceptance Guide here.
Chris Mark in May 2014 TransactionWorld Magazine May 4, 2014Posted by Chris Mark in Uncategorized.
Tags: AT&T, Breach, Chris Mark, Data, data compromise, information, mastercard, PCI, Practice Director, QSA, security, visa
add a comment
You can Chris Mark’s (my) latest article in May, 2014’s edition of TransactionWorld Magazine. Titled “5 Common Security Practices that Put You At Risk” This particular article is about how common errors companies make in security and compliance and how to reduce the risk of compromise. By now we all recognize that 100% security can never be achieved. By following well established security practices you can can minimize the risk to which your organization is exposed.
Chris Mark in Jan 2013 TransactionWorld: “Only Certainies are Death, Taxes, and PCI DSS.” January 2, 2013Posted by Chris Mark in Uncategorized.
Tags: Chris Mark, data breach, Heather Mark, InfoSec, mastercard, PCI DSS, security, transactionworld, TSYS, visa
add a comment
Chris Mark (this guy with two thumbs) is in the January 2013 edition of TransactionWorld Magazine. You can read my article titled: “In 2013 the only certainties are Death, Taxes, and the PCI DSS” in which I opine about the need for PCI DSS and other security standards as we enter 2013. The bio on the article is not accurate and still references an old position I had at ProPay. That being said, ProPay is a great company for which I was fortunate and proud to have worked, a company at which my illustrious wife, Dr. Heather Mark still works, and a company who deserve a big Congrats for being acquired by TSYS!..all in all…no harm, no foul.
Chris in October 2012 Issue of PenTest Magazine October 30, 2012Posted by Chris Mark in Uncategorized.
Tags: Chris Mark, credit card, mark consulting group, mastercard, PCI, PCI DSS, penetration testing, pentest, security, visa
add a comment
Check out the October 2012 issue of PenTest Magazine for tons of valuable information on the PCI DSS and how Pen Testing can be used to support compliance and validation. I have an article in the magazine titled: “Introduction to PCI DSS for the PenTester” You need to register as a user or subscribe to access the articles.
Tags: compliance, cybersecurity, data breach, data security, mark consulting group, mastercard, PCI DSS, security, visa
add a comment
Chris and Heather Mark both have articles in the August 2012 issue of TransactionWorld Magazine. Chris’ is titled: “The Impact of the Fortress Mentality & Today’s Compliance Strategies” while Heather’s is titled: “After the Compromise; Security Incident Response and Mitigating the Damage”
One note. I apparently forgot to update my bio with the Editor in Chief so the article erroneously references me as the Executive Vice President of Data Security and Compliance for a payment processor. You can visit Mark Consulting Group at the following: www.MarkConsultingGroup.com