Report: EMV Will Result in More E-Commerce Breaches
June 11, 2015
If you ever wondered why security breaches have come to dominate the headlines, there’s this: attackers net an estimated 1,425 percent ROI in an average breach, according to managed security services provider Trustwave. In the 2015 Trustwave Global Security Report , the Chicago-based company found in the 574 breaches it investigated in 2014 that hackers, who can spend a little less than $6,000 on a kit that enables them to compromise a network and gather sensitive information, are able to charge an average of more than $84,000 selling that stolen information. And, according to Charles Henderson, vice president of managed security testing for Trustwave, the coming implementation of EMV should have e-commerce retailers very nervous not only about the impending wave of card-not-present fraud , but about the security of their networks as well.
In its examination of hundreds of security breaches, Trustwave found the vast majority still targeted retail points of sale and e-commerce sites. Forty-two percent of Trustwave investigations were e-commerce breaches and 40 percent were POS compromises. But, Henderson expects the gap between them to widen as EMV is integrated into more systems in the U.S. Because the information culled in different types of breaches is not equal and the rise of EMV will lead to more card-not-present fraud (simply because card-present fraud becomes more difficult), criminals will value information stolen in e-commerce breaches more.
“The CVV is different in card-not-present transactions than it is in card-present transactions,” he noted. “From a criminal’s perspective, if I’m going to look for cards I can use in card-not-present fraud, I’m going to look for a card-not-present target. This should be the million-dollar eureka moment for card-not-present retailers. That’s why they should be paying attention.”