Payment Card Breach Hits Supervalu Retail Chain - Page 2

Finding a solution to POS data breaches is challenging, but there are a number of options. Some suggest that the use of chip-and-PIN credit cards, also known as EMV technology, can be used to reduce the risk.

"Incorporating chip-and-pin technology into POS systems is one of the strongest measures that retailers can take to protect their customers," Hord Tipton, executive director at ISC2, said. "Unfortunately, without mass adoption, retailers will continue to deal with the fallout associated with losing valuable customer information, further weakening public trust in performing credit and debit card transactions with confidence."

EMV technology, however, is not necessarily a silver bullet for POS security. At the recent Black Hat USA security conference, multiple researchers detailed vulnerabilities and risks with EMV card systems.

AccessData's Zaichkowsky noted that he and several other payment security specialists recommended that merchants deploy card readers that perform full encryption and that they use one supported by their payment processor that acts as the decryption point.

"The card reader should support encrypting the traditional magnetic stripe, EMV chips and manually keyed-in card numbers," Zaichkowsky said. "With point-to-point encryption implemented from the card reader to the payment processor, the merchant POS systems never handle payment data in the clear."

Sean Michael Kerner is a senior editor at eWEEK and Follow him on Twitter @TechJournalist.

Sean Michael Kerner

Sean Michael Kerner

Sean Michael Kerner is an Internet consultant, strategist, and contributor to several leading IT business web sites.