The Personal Data Notification & Protection Act, unveiled earlier this month to the Federal Trade Commission, would set a national standard for how companies respond to cybersecurity breaches. But it may not be the quintessential solution in data protection – not without the implementation of proactive technologies.
Writing for PaymentsSource, Martin Ferenczi, Oberthur Technologies’ President of North America, suggests that employing EMV-enabled cards and cards with dynamic CVVs will be essential in upholding the proposed law.
As Ferenczi explains, EMV-enabled cards help to reduce fraud for card-present transactions by utilizing a chip that stores the cardholder’s information and creates a unique encrypted code for each transaction that cannot be reused or replicated, making the data useless to thieves. Therefore, even if a company’s data is breached, the information gathered would be of no use to a criminal.
Dynamic CVV, an even newer technology, protects data in card-not-present (i.e., online) transactions. It enables the current static 3- or 4-digit security code on a card to change at a pre-selected time interval, diminishing the value of a stolen debit or credit card.
As written, the Personal Data Notification & Protection Act requires any business involved in interstate commerce that collects personally identifiable information of more than 10,000 people to notify both the individuals and the media within 30 days of discovering a data breach. Violations of the 30-day notification requirement would be subject to penalties as unfair or deceptive acts or practices in violation of FTC regulations.
Where Ferenczi finds the Act lacking is that it is primarily only helpful in informing consumers after a breach. The key, he advocates, is to take away the value of the information stolen. Offering consumers additional security tools, like EMV cards and Dynamic CVV cards, would serve this purpose to a tee, in the process strengthening the proposed law.