Gartner Research

Avoid Pitfalls With Payment Card Security Technologies and PCI

Published: 12 January 2015

ID: G00271391

Analyst(s): Avivah Litan

Summary

Recent events, such as the introduction of EMV tokens used by Apple Pay payments and EMV fraud scams, highlight potential pitfalls with new payment card security technologies and PCI. All parties responsible for card transactions should use this research to understand and avoid these pitfalls.

Table Of Contents
  • Impacts

Analysis

Impacts and Recommendations

  • Criminals have taken advantage of poor implementations of EMV chip payment applications, committing extensive fraud that defeats EMV controls for everyone in the payment card ecosystem
  • EMV tokens, as first implemented by Apple Pay and the payment card networks, are based on different protocols than the tokenization systems merchants use to limit the scope of PCI audits, leading to potentially conflicting token implementations
  • Many P2PE solutions that encrypt data on card swipe are not yet PCI-certified, leaving payment acceptors questioning their adoption

Gartner Recommended Reading

©2019 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. and its affiliates. This publication may not be reproduced or distributed in any form without Gartner’s prior written permission. It consists of the opinions of Gartner’s research organization, which should not be construed as statements of fact. While the information contained in this publication has been obtained from sources believed to be reliable, Gartner disclaims all warranties as to the accuracy, completeness or adequacy of such information. Although Gartner research may address legal and financial issues, Gartner does not provide legal or investment advice and its research should not be construed or used as such. Your access and use of this publication are governed by Gartner’s Usage Policy. Gartner prides itself on its reputation for independence and objectivity. Its research is produced independently by its research organization without input or influence from any third party. For further information, see Guiding Principles on Independence and Objectivity.

Already have a Gartner Account?

Purchase this Document

To purchase this document, you will need to register or sign in above

Become a client

Learn how to access this content as a Gartner client.