SlideShare a Scribd company logo

Heartland Secure PPT

R
Robert Tarrant

The document discusses a comprehensive card data security solution from Heartland Secure that combines EMV, encryption (E3), and tokenization technologies. EMV verifies the authenticity of cards and transactions. E3 immediately encrypts card data at inception. Tokenization replaces card data with tokens, preventing criminal use of data. Together these solutions secure card-present transactions and remove card data from merchants' environments.

1 of 16
Downloaded 14 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
12/16/2014 A comprehensive card data security solution combining three powerful technologies working in tandem to provide merchants with the highest level of security available against card-present data fraud.
12/16/2014 Verizon 2014 Data Breach Investigations Report: http://www.verizonenterprise.com/DBIR/2014/ 285 Number of security breaches that occurred in American restaurants, hotels, grocery stores, gas stations and other brick-and-mortar outlets >1,000 Vast majority breaches occurred against companies with fewer than 1,000 employees 148 POS intrusions accounted for 31 percent of the 148 retail breaches, with payment card skimmers accounting for another six percent 137 POS intrusions accounted for 75 percent of the 137 accommodation sector breaches. Card Data is Not Secure
12/16/2014 Card Data in the Clear Standard Output of a Non-Encrypting MSR Wedge “Clear-Text” Track 1 Card Number “Clear-Text” Track 1 Cardholder Name “Clear-Text” Track 1 Expiration Date “Clear-Text” Track 1 Discretionary Data “Clear-Text” Track 2 Card Number & Expiration Date & Discretionary Data %B 4012002000060016^VI TEST CREDIT ^251210118039000000000396?;4012002000060016=25121011803939600000?+E?
12/16/2014 Introducing Heartland Secure… A Comprehensive Card Data Security Solution Combining Three PowerfulTechnologies  EMV proves that a consumer’s card is genuine and transaction authentic  Heartland’s E3™ end-to-end encryption technology immediately encrypts card data at inception to prevent monetization  Tokenization replaces card data with “tokens” used for returns and repeat purchases, unusable by criminals
12/16/2014 Facts About EMV There are over 15 million magnetic stripe POS devices, 609.8 million credit cards, and 520 million debit cards in circulation in theUS.1 The cost estimated by JavelinStrategy and Research to implement EMV in the US is at least $8 billion for POS systems.2 1 The Nilson Report 2 Ben Woolsey and Matt Schulz, “Credit Card Statistics, Industry Facts, Debt Statistics  Standard governing interoperability of chip cards and payment devices 1  Global interoperability and improved card security are main reasons card brands are migrating the U.S. to EMV  EMV card acceptance is not a government or card brand mandate for merchants or card holders  All EMV cards distributed by U.S. issuers will include a magnetic stripe
12/16/2014 U.S. EMV Timelines Oct-2012 PCI validation relief1 Apr-2013 Processor support for chip processing Oct-2015 POS liability shift, non-AFDs Oct-2017 POS liability shift, AFDs Oct-2016 MC ATM liability shift Oct-2013 MC ADC relief takes effect (50%) 2012 2013 2015 201720162014 1 Applies to Level 1 & Level 2 merchants where 75% of their transactions come from a dual interface, chip-enabled, terminal Oct-2015 MC ADC relief (100%) Oct-2017 Visa ATM liability shiftApril-2014 Visa unattended liability shift Oct-2016 Visa GCAR relief
12/16/2014 Understanding the Liability Shift Visa MasterCard Today After liability shift Today After liability shift Counterfeit Issuer is liable today Liability shifts to the merchant if a counterfeit chip card is used at a mag stripe terminal Issuer is liable today Liability shifts to the merchant if a counterfeit chip card is used at a mag stripe terminal Lost & Stolen Issuer is liable today Liability remains with issuer Issuer is liable today Liability remains with issuer if:  A lost or stolen mag stripe card is used at a chip terminal  A lost or stolen chip & signature (no PIN support) card is used at a chip & PIN supporting terminal  A lost or stolen chip & PIN card is used at a chip & PIN supporting merchant
12/16/2014 Card Authentication  Authorization Request Cryptogram verifies the card is authentic  Authorization Response Cryptogram verifies the issuer is authentic to the card EMV Card and Security Validating Card Use Transaction Certificate (TC) value that provides evidence to the issuer that the card was present and was used for payment Combating Replays The Application Transaction Counter combat replay attacks Validating the Cardholder Offline or online PIN validate the cardholder
12/16/2014 Where Does EMV Fall Short?  In the event that crimeware has found its way into the retailer’s POS system or network, the cardholder data will be stolen and used fraudulently.  Implementing a payment system using only the EMVco and Card Brand EMV specifications leaves a customer’s primary account number (PAN) and discretionary data exposed and in the clear.
12/16/2014 E3 Safeguards EMV Transactions!  E3 encrypts the EMV transaction in the same way it encrypts a magnetic stripe transaction, protecting the cardholder information.  This end-to-end protection keeps the cardholder’s data safe and prevents criminals from monetizing it
12/16/2014 E3 Encrypted Data E3 Encrypting MSR Wedge Output <E1047311%B 4012001000000016^VI TEST CREDIT ^251200000000000000000000?|Juo1ja9sowQX5yOlrQwd68LAO7TJUvWzR8 CAoFGAgEH1AINShV78RZwb3NAc2VjdXJlZXhjaGFuZ2UubmV009rwLCTKtT+v01IzT3gobnixA3TxjqiuXxfOieON5TNSUxmbYEbz oW6OE1dTAMc6NE7W9KVmu9etcQ/Fe2MctBtL9BW1iel24ReH/CzOMosyzby9rtoo+6Mz6U6dQYn8M3AKnf+MHD/RF5QIvPKPP8 +Ul zx0M1JGPEkS4lgidS0ATmpEfb+WiEs+t6QchtVXrSa+p2tf+sstd5kPiYgLPtN0jzTZ GRyDpugJBbZ47FNgZzqOlOA|11;4012001000000016=25120000000000000000?|9nOnxGjxBnaL9slmqUGfA5wsNFn|00||/wECAQE Obfuscated Track 1 Card Number; 1st 6 & last 4 Left in clear for BIN routing and receipt printing z “Clear-Text” Track 1 Cardholder Name for receipt printing Obfuscated Track 1 Discretionary Data Encryption Block sent in transmission.
12/16/2014 Over 70,000 Merchants in the United States Benefit from E3’s Encryption Security and Our Warranty! 1 https://www.cisco.com/web/offer/gist_ty2_asset/Cisco_2014_ASR.pdf 2 Heartland Payment Systems E3™ MSR Wedge Technical Assessment White Paper, Coalfire, January 4, 2011  E3 removes consumer card data from the merchant’s environment by encryption the cardholder’s primary account number (PAN) and discretionary data  E3 eliminates the risk of hackers monetizing stolen card data. Hackers cannot profit from encrypted card information  E3 is a strong response to “all organizations should assume they’ve been hacked,” as written by the authors of the Cisco 2014Annual Security report 1  E3 reduced a merchant’s PCI scope as documented in a paper written Coalfire 2
12/16/2014 Tokenization Removes Card Data  Tokenization and E3 work together to make an EMV transaction safe  Tokenization removes any direct reference to the card number by substituting the consumer’s card number with a token  As a reference number with the retailer needs to preform a post-sale transaction such as a void or refund  As a representative of the card for future transactions such as card of file, recurring payments or customer analysis
12/16/2014 Magnetic Stripe, E3 and Tokenization Magstripe data decrypted in Heartland PCI compliant data center for authorization Transaction wrapped in SSL encryption Magstripe card is swiped at E3 wedge and encrypted Single use token returned to POS (reference number)  E3 encrypts cardholder information at the earliest point of the transaction – at card swipe, key entry, tap or insertion  Tokens eliminate reuse of the card data
12/16/2014 EMV, E3 and Tokenization  E3 offers an additional layer of security for EMV transactions  As the EMVco specifications are presently written, when an EMV transaction is processed at the point of sale the transaction is sent in the clear to the acquirer or processor for authorization  E3 encrypts the EMV transaction in the same way it encrypts magnetic stripe transaction, thus protecting the cardholder information  Tokens eliminate the need to reuse card data Cardholder data decrypted in Heartland PCI compliant data center for authorization Transaction wrapped in SSL encryption EMV card is inserted in The terminal and encrypted Single use token returned to POS (reference number)
12/16/2014 Heartland Secure Comprehensive Card Present Security Cisco 2014 Annual Security report https://www.cisco.com/web/offer/gist_ty2_asset/Cisco_2014_ASR.pdf Heartland Payment Systems E3™ MSR Wedge Technical Assessment White Paper, Coalfire, January 4, 2011  EMV and E3 remove ability to skim and monetize card data through combinations of verification and encryption  EMV and E3 eliminate “man-in-the-middle” attacks  E3 and tokenization remove card data from the merchant’s environment  E3 eliminates the risk of monetizing stolen card data  E3 and tokenization are a definitive response to “all organizations should assume they’ve been hacked”  E3 and tokenization reduce a merchant’s PCI scope as per Coalfire’s study

More Related Content

PDF
EMV: What you Need to Know
Total Merchant Services
 
PDF
emv-ebook
Richard Dover
 
PPT
Emv overview-payscape-2015 (1)
Karina Khemani
 
PDF
EMV: Preparing for Changes to the Retail Payment Process
- Mark - Fullbright
 
PDF
Emv chip card buyers guide
3D Merchant powered by CenPOS
 
PPT
Introduction to emv
Anil Chaurasiya
 
PPTX
So you want to be an EMV Issuer...
Ainsley Ward
 
PPTX
EMV 201 EMF June 2016
Philip Andreae
 
EMV: What you Need to Know
Total Merchant Services
 
emv-ebook
Richard Dover
 
Emv overview-payscape-2015 (1)
Karina Khemani
 
EMV: Preparing for Changes to the Retail Payment Process
- Mark - Fullbright
 
Emv chip card buyers guide
3D Merchant powered by CenPOS
 
Introduction to emv
Anil Chaurasiya
 
So you want to be an EMV Issuer...
Ainsley Ward
 
EMV 201 EMF June 2016
Philip Andreae
 

What's hot (19)

PDF
Emv Explained in few words
Banque Populaire Du Rwanda
 
PDF
EMV Overview
Kona Software Lab Limited.
 
PPT
Vn online payment
action.vn
 
PDF
VTC Pay Presentation
Lucas Nguyen
 
PDF
EMV and Smartcards
NEXTEP Processing
 
PDF
EMV Liability Shift: Why Financial Institutions Should Get Their ATMs in Line...
NAFCU Services Corporation
 
PDF
EMV Migration Webinar / Lessons Learned + Next Steps
Ingenico Group
 
PPTX
EMV - Is your business ready?
Shannon Walcott
 
PPTX
The end of passwords: Two-factor-authentication and biometrics are coming 2019
JanSobczak5
 
PPTX
EMV Card Migration: How the EMV Transaction Flow Works
AnnMargaret Tutu (AMT)
 
PPT
Data Breach Prevention - Start with your POS Terminal!
Halo Metrics
 
PDF
What is A Smart Card
Philip Andreae
 
DOCX
EMV and Chip-Pin Cards
Ryan Thomas, CEBO
 
PDF
Key Things to Know About EMV
Corral Solutions
 
PPTX
Online Payment Gateway System
Mannu Khani
 
PDF
BFSFCU_Visa_Brochure4rev
Paige Dean
 
PPTX
EMV Chip Cards
txheaven
 
PDF
The Cookie Gateway - EMV Overview
The Cookie Dining
 
DOC
payment gateway for tech support
Kristinajozy
 
Emv Explained in few words
Banque Populaire Du Rwanda
 
EMV Overview
Kona Software Lab Limited.
 
Vn online payment
action.vn
 
VTC Pay Presentation
Lucas Nguyen
 
EMV and Smartcards
NEXTEP Processing
 
EMV Liability Shift: Why Financial Institutions Should Get Their ATMs in Line...
NAFCU Services Corporation
 
EMV Migration Webinar / Lessons Learned + Next Steps
Ingenico Group
 
EMV - Is your business ready?
Shannon Walcott
 
The end of passwords: Two-factor-authentication and biometrics are coming 2019
JanSobczak5
 
EMV Card Migration: How the EMV Transaction Flow Works
AnnMargaret Tutu (AMT)
 
Data Breach Prevention - Start with your POS Terminal!
Halo Metrics
 
What is A Smart Card
Philip Andreae
 
EMV and Chip-Pin Cards
Ryan Thomas, CEBO
 
Key Things to Know About EMV
Corral Solutions
 
Online Payment Gateway System
Mannu Khani
 
BFSFCU_Visa_Brochure4rev
Paige Dean
 
EMV Chip Cards
txheaven
 
The Cookie Gateway - EMV Overview
The Cookie Dining
 
payment gateway for tech support
Kristinajozy
 
Ad

Viewers also liked (7)

PDF
Card_Processing_Deck 11032015
Hannah Murray Duncan
 
PPTX
Heartland 2014 power point
Pella Christian Grade School
 
PDF
Introduction To Confirm Pay
toddturner
 
PDF
Introduction To Heartland 360 Pos
toddturner
 
PDF
Cyber Risks Looming in the Transportation Industry
HNI Risk Services
 
PPTX
The College of New Jersey Presentation 11 30-15
Robert Carr
 
PPT
Geopolitical theory
cindipatten
 
Card_Processing_Deck 11032015
Hannah Murray Duncan
 
Heartland 2014 power point
Pella Christian Grade School
 
Introduction To Confirm Pay
toddturner
 
Introduction To Heartland 360 Pos
toddturner
 
Cyber Risks Looming in the Transportation Industry
HNI Risk Services
 
The College of New Jersey Presentation 11 30-15
Robert Carr
 
Geopolitical theory
cindipatten
 
Ad

Similar to Heartland Secure PPT (20)

PPTX
EMV chip cards
Dilip Kumar
 
PDF
key-trends-in-merchant-security
Kerri Lorch
 
DOCX
Target@ Data Breach2edit
Kehinde Adelusi
 
PDF
Embedded System Security: Learning from Banking and Payment Industry
Narudom Roongsiriwong, CISSP
 
PDF
The Path to Payment Security
Tom Cooley
 
PDF
Iiw13 identifying with_your_bank
Steve Sidner
 
PPTX
EMV - The Chips are Coming - Ken Givens U.S. Merchant Payment Solutions 11-15
Ken Givens
 
PPTX
EMV for Merchants
WCapra
 
PPTX
Emv for merchants 031715
WCapra
 
PPT
Pcitf iiw10
Steve Sidner
 
PPTX
Chip Cards: EMV Updates for Parking
Creditcall
 
TXT
Smart card emv for dummies
BACKSEATRIDER
 
PDF
SBMS EMV Doc
Craig Saling
 
PDF
2014 Card and Payments Fraud Forecast
EMC
 
PDF
NTXISSACSC3 - EMV and the Future of Payments by Branden Williams
North Texas Chapter of the ISSA
 
PDF
Sploitego
London School of Cyber Security
 
PPTX
Digital banking cards
DhatshanaG
 
PDF
What Businesses Need to Know About Changes to Credit and Debit Cards
businessforward
 
PDF
EMV Myths Debunked / Fact vs. Fiction
Ingenico Group
 
PPTX
Eight Months of EMV: Early Fraud Shifts and Trajectory
TransUnion
 
EMV chip cards
Dilip Kumar
 
key-trends-in-merchant-security
Kerri Lorch
 
Target@ Data Breach2edit
Kehinde Adelusi
 
Embedded System Security: Learning from Banking and Payment Industry
Narudom Roongsiriwong, CISSP
 
The Path to Payment Security
Tom Cooley
 
Iiw13 identifying with_your_bank
Steve Sidner
 
EMV - The Chips are Coming - Ken Givens U.S. Merchant Payment Solutions 11-15
Ken Givens
 
EMV for Merchants
WCapra
 
Emv for merchants 031715
WCapra
 
Pcitf iiw10
Steve Sidner
 
Chip Cards: EMV Updates for Parking
Creditcall
 
Smart card emv for dummies
BACKSEATRIDER
 
SBMS EMV Doc
Craig Saling
 
2014 Card and Payments Fraud Forecast
EMC
 
NTXISSACSC3 - EMV and the Future of Payments by Branden Williams
North Texas Chapter of the ISSA
 
Sploitego
London School of Cyber Security
 
Digital banking cards
DhatshanaG
 
What Businesses Need to Know About Changes to Credit and Debit Cards
businessforward
 
EMV Myths Debunked / Fact vs. Fiction
Ingenico Group
 
Eight Months of EMV: Early Fraud Shifts and Trajectory
TransUnion
 

Heartland Secure PPT

  • 1. 12/16/2014 A comprehensive card data security solution combining three powerful technologies working in tandem to provide merchants with the highest level of security available against card-present data fraud.
  • 2. 12/16/2014 Verizon 2014 Data Breach Investigations Report: http://www.verizonenterprise.com/DBIR/2014/ 285 Number of security breaches that occurred in American restaurants, hotels, grocery stores, gas stations and other brick-and-mortar outlets >1,000 Vast majority breaches occurred against companies with fewer than 1,000 employees 148 POS intrusions accounted for 31 percent of the 148 retail breaches, with payment card skimmers accounting for another six percent 137 POS intrusions accounted for 75 percent of the 137 accommodation sector breaches. Card Data is Not Secure
  • 3. 12/16/2014 Card Data in the Clear Standard Output of a Non-Encrypting MSR Wedge “Clear-Text” Track 1 Card Number “Clear-Text” Track 1 Cardholder Name “Clear-Text” Track 1 Expiration Date “Clear-Text” Track 1 Discretionary Data “Clear-Text” Track 2 Card Number & Expiration Date & Discretionary Data %B 4012002000060016^VI TEST CREDIT ^251210118039000000000396?;4012002000060016=25121011803939600000?+E?
  • 4. 12/16/2014 Introducing Heartland Secure… A Comprehensive Card Data Security Solution Combining Three PowerfulTechnologies  EMV proves that a consumer’s card is genuine and transaction authentic  Heartland’s E3™ end-to-end encryption technology immediately encrypts card data at inception to prevent monetization  Tokenization replaces card data with “tokens” used for returns and repeat purchases, unusable by criminals
  • 5. 12/16/2014 Facts About EMV There are over 15 million magnetic stripe POS devices, 609.8 million credit cards, and 520 million debit cards in circulation in theUS.1 The cost estimated by JavelinStrategy and Research to implement EMV in the US is at least $8 billion for POS systems.2 1 The Nilson Report 2 Ben Woolsey and Matt Schulz, “Credit Card Statistics, Industry Facts, Debt Statistics  Standard governing interoperability of chip cards and payment devices 1  Global interoperability and improved card security are main reasons card brands are migrating the U.S. to EMV  EMV card acceptance is not a government or card brand mandate for merchants or card holders  All EMV cards distributed by U.S. issuers will include a magnetic stripe
  • 6. 12/16/2014 U.S. EMV Timelines Oct-2012 PCI validation relief1 Apr-2013 Processor support for chip processing Oct-2015 POS liability shift, non-AFDs Oct-2017 POS liability shift, AFDs Oct-2016 MC ATM liability shift Oct-2013 MC ADC relief takes effect (50%) 2012 2013 2015 201720162014 1 Applies to Level 1 & Level 2 merchants where 75% of their transactions come from a dual interface, chip-enabled, terminal Oct-2015 MC ADC relief (100%) Oct-2017 Visa ATM liability shiftApril-2014 Visa unattended liability shift Oct-2016 Visa GCAR relief
  • 7. 12/16/2014 Understanding the Liability Shift Visa MasterCard Today After liability shift Today After liability shift Counterfeit Issuer is liable today Liability shifts to the merchant if a counterfeit chip card is used at a mag stripe terminal Issuer is liable today Liability shifts to the merchant if a counterfeit chip card is used at a mag stripe terminal Lost & Stolen Issuer is liable today Liability remains with issuer Issuer is liable today Liability remains with issuer if:  A lost or stolen mag stripe card is used at a chip terminal  A lost or stolen chip & signature (no PIN support) card is used at a chip & PIN supporting terminal  A lost or stolen chip & PIN card is used at a chip & PIN supporting merchant
  • 8. 12/16/2014 Card Authentication  Authorization Request Cryptogram verifies the card is authentic  Authorization Response Cryptogram verifies the issuer is authentic to the card EMV Card and Security Validating Card Use Transaction Certificate (TC) value that provides evidence to the issuer that the card was present and was used for payment Combating Replays The Application Transaction Counter combat replay attacks Validating the Cardholder Offline or online PIN validate the cardholder
  • 9. 12/16/2014 Where Does EMV Fall Short?  In the event that crimeware has found its way into the retailer’s POS system or network, the cardholder data will be stolen and used fraudulently.  Implementing a payment system using only the EMVco and Card Brand EMV specifications leaves a customer’s primary account number (PAN) and discretionary data exposed and in the clear.
  • 10. 12/16/2014 E3 Safeguards EMV Transactions!  E3 encrypts the EMV transaction in the same way it encrypts a magnetic stripe transaction, protecting the cardholder information.  This end-to-end protection keeps the cardholder’s data safe and prevents criminals from monetizing it
  • 11. 12/16/2014 E3 Encrypted Data E3 Encrypting MSR Wedge Output <E1047311%B 4012001000000016^VI TEST CREDIT ^251200000000000000000000?|Juo1ja9sowQX5yOlrQwd68LAO7TJUvWzR8 CAoFGAgEH1AINShV78RZwb3NAc2VjdXJlZXhjaGFuZ2UubmV009rwLCTKtT+v01IzT3gobnixA3TxjqiuXxfOieON5TNSUxmbYEbz oW6OE1dTAMc6NE7W9KVmu9etcQ/Fe2MctBtL9BW1iel24ReH/CzOMosyzby9rtoo+6Mz6U6dQYn8M3AKnf+MHD/RF5QIvPKPP8 +Ul zx0M1JGPEkS4lgidS0ATmpEfb+WiEs+t6QchtVXrSa+p2tf+sstd5kPiYgLPtN0jzTZ GRyDpugJBbZ47FNgZzqOlOA|11;4012001000000016=25120000000000000000?|9nOnxGjxBnaL9slmqUGfA5wsNFn|00||/wECAQE Obfuscated Track 1 Card Number; 1st 6 & last 4 Left in clear for BIN routing and receipt printing z “Clear-Text” Track 1 Cardholder Name for receipt printing Obfuscated Track 1 Discretionary Data Encryption Block sent in transmission.
  • 12. 12/16/2014 Over 70,000 Merchants in the United States Benefit from E3’s Encryption Security and Our Warranty! 1 https://www.cisco.com/web/offer/gist_ty2_asset/Cisco_2014_ASR.pdf 2 Heartland Payment Systems E3™ MSR Wedge Technical Assessment White Paper, Coalfire, January 4, 2011  E3 removes consumer card data from the merchant’s environment by encryption the cardholder’s primary account number (PAN) and discretionary data  E3 eliminates the risk of hackers monetizing stolen card data. Hackers cannot profit from encrypted card information  E3 is a strong response to “all organizations should assume they’ve been hacked,” as written by the authors of the Cisco 2014Annual Security report 1  E3 reduced a merchant’s PCI scope as documented in a paper written Coalfire 2
  • 13. 12/16/2014 Tokenization Removes Card Data  Tokenization and E3 work together to make an EMV transaction safe  Tokenization removes any direct reference to the card number by substituting the consumer’s card number with a token  As a reference number with the retailer needs to preform a post-sale transaction such as a void or refund  As a representative of the card for future transactions such as card of file, recurring payments or customer analysis
  • 14. 12/16/2014 Magnetic Stripe, E3 and Tokenization Magstripe data decrypted in Heartland PCI compliant data center for authorization Transaction wrapped in SSL encryption Magstripe card is swiped at E3 wedge and encrypted Single use token returned to POS (reference number)  E3 encrypts cardholder information at the earliest point of the transaction – at card swipe, key entry, tap or insertion  Tokens eliminate reuse of the card data
  • 15. 12/16/2014 EMV, E3 and Tokenization  E3 offers an additional layer of security for EMV transactions  As the EMVco specifications are presently written, when an EMV transaction is processed at the point of sale the transaction is sent in the clear to the acquirer or processor for authorization  E3 encrypts the EMV transaction in the same way it encrypts magnetic stripe transaction, thus protecting the cardholder information  Tokens eliminate the need to reuse card data Cardholder data decrypted in Heartland PCI compliant data center for authorization Transaction wrapped in SSL encryption EMV card is inserted in The terminal and encrypted Single use token returned to POS (reference number)
  • 16. 12/16/2014 Heartland Secure Comprehensive Card Present Security Cisco 2014 Annual Security report https://www.cisco.com/web/offer/gist_ty2_asset/Cisco_2014_ASR.pdf Heartland Payment Systems E3™ MSR Wedge Technical Assessment White Paper, Coalfire, January 4, 2011  EMV and E3 remove ability to skim and monetize card data through combinations of verification and encryption  EMV and E3 eliminate “man-in-the-middle” attacks  E3 and tokenization remove card data from the merchant’s environment  E3 eliminates the risk of monetizing stolen card data  E3 and tokenization are a definitive response to “all organizations should assume they’ve been hacked”  E3 and tokenization reduce a merchant’s PCI scope as per Coalfire’s study