While card issuers and payments acquirers are speeding up their EMV rollouts, EMV is not a cure-all, says Kate Larson, regulatory counsel for the Consumer Bankers Association. Banks need to implement other technologies, including tokenization, in their efforts to fight fraud and enhance payments security, says Larson, a featured speaker at Information Security Media Group's Nov. 18 Fraud Summit Dallas.
The need to enhance payment security is getting more attention from the banking industry, Larson says, as the debate between banking groups and retailers over liability in the wake of card breaches heats up (see OCC: Retailers Accountable for Breaches).
"We do have to make the transition to EMV next year," she says. "But we really need to keep our eye on new technologies and not just stop at chip and PIN."
To enhance payments security, card data has to be devalued, Larson says. Because breaches cannot be prevented, banking institutions need to focus their attention on ensuring that any data that is breached useless for hackers, she adds.
Tokenization helps to accomplish this goal, Larson says. Rather than transmitting a card number when a point-of-sale transaction is conducted, a one-time, unique token is transmitted, Larson says. And when tokenization is coupled with EMV and end-to-end encryption, for example, those layers of security make it difficult for hackers to extract any data that still has value, she says.
Larson also says the CBA is pushing for congressional support of national data breach notification legislation to create uniform requirements for all businesses, including retailers.
"I really hope that we are going to make some progress on this. We don't want consumers to lose faith in the payments system," she says. "We need to establish a national data breach notification standard. ... We just really urge that Congress take this issue up."
During this interview, Larson also discusses:
- How the cost of breaches is hurting banks and credit unions more than retailers;
- Why banking groups don't believe EMV alone will improve merchant-level security; and
- Why banking groups believe retailers can be encouraged to play a more active role in the protection of consumer and cardholder data.
At the CBA, Larson serves as the group's lead regulatory counsel, focusing on a wide range of consumer protection issues, including fair lending, privacy, mobile banking and the Community Reinvestment Act. She works regularly with officials on Capitol Hill and regulators at the Consumer Financial Protection Bureau. Prior to joining CBA, Larson served as the director of legislation and research at Williams & Jensen PLLC, where she focused on financial services issues.