U.S. to Invest $9.5 Billion in Chip & PIN Smartcards Says a New Report by Homeland Security Research Corp.

Share Article

The U.S. leads the world in payment card fraud, but is the last to adopt secured cards.

The total cost of payment card fraud is estimated at $8.6 billion per annum, 0.39% of the U.S. $2.25 trillion payment industry

According to the new U.S. Banking, Financial Services, Retail & Payment Cybersecurity Market – 2015-2020 report, published by Homeland Security Research (HSRC), the flood and sophistication of "successful” cyber-attacks during 2013 and 2014, pressed the U.S. administration, retail and payment cards industries to replace over one billion insecure magnetic-stripe payment cards, 1.2 million point of sale (POS) card readers and 7 million card reading terminals with the global EMV (EuroPay, MasterCard, and Visa ) standard Chip & PIN (Personal Identification Number) technology. The report forecasts that this process will cost more than $9.5B and that it will take until 2018 to reach a penetration of 80%. This is in sharp contrast to the retail & payment cards industry commitment to complete the conversion by December 2015.

According to the report, organized cybercrime rings are persistently coming up with new and creative methods of stealing funds and identities. As a result, payment cards customers are losing confidence in the industry’s ability to stop these crimes and frequently change providers after experiencing fraud.

The report also shows that much of the U.S. customers’ vulnerability stems from outdated U.S. payment cards technology. As of January 2014, 95% of U.S. payment cards still use the 1970’s magnetic strip technology. This makes the U.S. the only G-20 country that uses this insecure technology, while more than 100 countries have converted their payment cards to the secure Chip & PIN smartcard technology by 2004.

Smartcards contain an embedded microchip and are authenticated using a PIN. When a point of sale (POS) terminal is connected to the network, the authenticity of the card and chip can be confirmed, along with the PIN, with the bank servers. If the POS terminal is not connected to the network, the chip can confirm to the terminal if PIN was entered correctly. France, for example, has cut face to face and ATM transactions fraud by more than 80% since the introduction of Chip & PIN EMV smartcards

The report concludes that in reaction to the growing payment cards fraud, major retail chains such as Home Depot, Target, Walgreens and Walmart joined Visa and American Express and committed to replace the magnetic stripe cards and POS readers to the secured Chip & PIN technology by December 2015. Signed on October 10th, 2014, President Obama’s “BuySecure” Executive Order lays out a new policy to secure payments to and from the federal government by applying Chip & PIN technology to newly issued and existing government credit cards, as well as debit cards like Direct Express, and upgrading retail payment card terminals at federal agency facilities to accept chip and PIN-enabled cards.

Some US banks issued Chip and PIN cards for their more affluent, frequent-travel customers. However, even though these cards have chips on board, many are in fact “Chip and Signature” cards as they require verification with a signature instead of an encoded PIN. As a result, such cards do not work on standalone kiosks for Chip and PIN cards, and also have similar vulnerabilities to the traditional magnetic swipe cards.

According to the report, the U.S. Financial Services, Retail & Payment Cybersecurity Market is the largest and fastest growing private sector cybersecurity market. Based on our October 2014 survey of financial industry CEOs, CISOs and CIOs, we forecast a onetime 2015/2014 market hike of 23%.

The report examines each dollar spent in the market via two orthogonal money trails: Technology & Service sectors and the Banking & Financial Services Industry sector that procure the products & services. Within these trails, the report is further granulated into 25 sub-markets, 18 technologies, solutions & services and 7 financial industry sectors.

Also included in this report is a roster of 21,643 banking and financial services enterprises that are potential cybersecurity customers. 87% of the listed enterprises include corporate contact information. Provided in an Excel file, the roster is segmented into 10 U.S. financial industry sectors (e.g., Banks, Credit Card Issuers, Credit Unions, Insurance Companies, Pension Funds, Accounting Companies, Stock Brokerage Companies, Stock Exchanges, Mortgage Companies and Real Estate Investment Companies).

The report presents in 704 pages and 259 tables & figures, analysis of 23 current and pipeline services & technologies and 193 leading cybersecurity vendors. It is explicitly tailored for both the cybersecurity industry and banking & financial services industry decision-makers. The report details market & legislation trends, and enables the two communities to identify business opportunities, present and pipeline technologies, market size, drivers and inhibitors. It also provides for each submarket 2013 -2014 data, analyses, and projects the 2015-2020 market and technologies from several perspectives, including:

  • Business opportunities and challenges
  • SWOT analysis
  • Market analysis (e.g., market dynamics, market drivers and inhibitors)
  • 2013-2020 market size data & forecasts, current & emerging technologies & services, key facts, sector background and analysis of the following 18 sub-markets:

1. Endpoint Security
2. Identity and Access Management
3. Mobile Enterprise Management
4. Mobile Security
5. Security Information and Event Management
6. Content Security
7. Data Loss Prevention (DLP)
8. Datacenter Security
9. Firewall
10. Next Generation Firewall
11. IDS/IPS
12. Unified Threat Management
13. Cloud-Based Services
14. Vulnerability/Risk Management & Managed Security Services
15. Consulting Services
16. Integration Services
17. Education and Training Services
18. Forensics, VPN, Web Security, Policy & Compliance and Other Services

  • 2013-2020 market size data & forecasts, key facts and analysis of 7 banking & financial services sectors including:

1. U.S. Banking Industry
2. U.S. Insurance Industry
3. U.S. Payment Card & Mobile Payment Providers and Retailers industry
4. U.S. Government Related Financial Services industry
5. U.S. Stock Brokerages & Exchanges
6. U.S. Pension Funds industry
7. U.S. Credit Unions, Investment Funds, Accountancy Companies & Other financial sectors
The report includes the following 8 Appendices:
1. Appendix A: Other Banking & Financial Services Cybersecurity Solutions
2. Appendix B: Techno-Tactical Trends    
3. Appendix C: Cyberspace Layers    
4. Appendix D: Cybersecurity Standards    
5. Appendix E: The E.U. Banking and Financial Services Security Regulations
6. Appendix F: Payment Card Transactions & Security Systems    
7. Appendix G: Financial Sector Acronyms & Glossary    
8. Appendix H: NIST - Framework for Improving Critical Infrastructure Cybersecurity

  • 191 Cybersecurity companies operating in the market (profiles, contact information & management personnel) including:

41st Parameter, Accenture, Agiliance, AhnLab, Airbus, AirWatch, Akamai, Alert Logic, AlertEnterprise, AlienVault, Alt-N Technologies, Application Security, AppSense Limited, Arbor Networks, Attachmate, Authentify, AVAST Software, Aveksa, AVG Technologies, Avira, Barracuda Networks, Beyond Security, BeyondTrust, Bit9, Bitdefender, BlackBerry, BlackStratus, Blue Coat Systems, BoxTone, Bromium, BullGuard, Cassidian Communications, Inc., Catbird Networks, Centrify, Cenzic, Check Point, CipherCloud, Cisco Systems Inc, Clearswift, Click Security, CloudFlare, CloudLock, Code Green Networks, Commtouch Software, Comodo, CORE Security, Corero Network Security, Courion,Covisint, CrowdStrike Holdings, CSID, Cyber Operations, Cyber-Ark, CyberArk Software, Cyberoam, Cyren, Damballa, DigiCert, Digital Info Security Company, EdgeWave, EiQ Networks, Elbit Systems,Enterasys Networks, Entrust, ESET, Exobox Technologies Corp, Extreme Networks, Faronics Technologies, Fast facts, Fiberlink, Fidelis Security Systems, FireEye, FireMon, ForeScout Technologies, FoxGuard Solutions, F-Secure, Fulcrum IT Services Company, LLC, G2 Web Services,Gemalto, General Dynamics, GFI Software, Good Technology, Guardian Analytics, Guidance Software, Hewlett-Packard Co, HyTrust, ID Analytics, Igloo Security Inc, Imprivata, Intel Security Group, International Business Machines Corp, Intrusion Inc, IOActive, Iovation, Juniper Network,Kaspersky Lab, L-3 Communications, Lacoon Security Ltd, Lancope, LANDesk Software, LogRhythm, Lookingglass Cyber Solutions, Lookout Mobile, Lumension Security, M5 Network Security, Mandiant, Mantech International Corp, Memento, Merlin International, MessageLabs, MetricStream, Mobile Active Defense, Mobile Vault, MobileIron, Mobilityone Ltd, Mocana, MU Dynamics, N-Dimension Solutions, NetCentrics Corporation, Network Security Systems, Nics Tech Co., Ltd., NIKSUN, NSS Labs, Inc., Odyssey Technologies, Okta, OpenDNS, Palantir Technologies Inc, Palo Alto Networks Inc, Panda Security, ParetoLogic, Perimeter Internetworking Corp., PerspecSys, Ping Identity, Prolexic Technologies, Proofpoint, Qualys, Inc., Quick Heal Technologies (P) Ltd., QUMAS, QuoVadis,Radware Ltd, Rapid7, Raytheon Pikewerks Corporation, Red Lambda Inc., ReD plc, RedSeal Networks, Inc., Retail Decisions Plc, RLM Communications, Inc., RSA Security LLC, SafeNet, Inc., SailPoint Technologies, Inc., SAINT Corporation, Salient Federal Solutions, Inc., SecurityMetrics, Senetas Corp Ltd, SilverSky, Skybox Security Inc., SolarWinds, Solera Networks Inc., Sophos Ltd., Sotera Defense Solutions, Inc., Splunk Inc., Stormshield Network Security (Formerly: NETASQ S.A.), Strikeforce Technologies, Symantec Corporation, Sympli ied, Inc., Synectics Plc, Tangoe, TeleSign Corp., Tenable Network Security, Thales, The KEYW Holding Corporation, ThreatMetrix, TIBCO Software, TraceSecurity, Trend Micro Inc, Tripwire, Trusteer, Trustwave, Utimaco Safeware, Inc., Vanguard Integrity Professionals, Inc., Varonis Systems, VASCO Data Security International, Venafi, Veracode, Verdasys, Verint Systems Inc, WatchGuard Technologies, Webroot, WhiteHat Security, Workshare Technology, Zix Corporation, Zscaler

  • The report includes contact information of 87% of the following U.S. financial institutions in an attached Excel file:

6665 Banks    
770 Credit Card Issuers    
6977 Credit Unions    
944 Insurance Companies    
252 Pension Funds    
1277 Accounting Companies    
3817 Stock Brokerage Companies    
18 Stock Exchanges    
831 Mortgage Companies    
92 Real Estate Investment Companies    
Total    21,643

Explore more Homeland Security and Public Safety Reports at http://www.homelandsecurityresearch.com.

About Homeland Security Research Corp. (HSRC)
HSRC is a Washington, D.C. based international market research and strategic consulting firm serving the Homeland Security and Public Safety communities. HSRC provides premium market, present & emerging technologies and industry expertise, enabling our global clients to gain critical insight into the business opportunities that exist within the Homeland Security & Public Safety markets. Government clients include the U.S. Congress, DHS, U.S. Army, U.S. Navy, NATO, U.K., Japan, Korea, Taiwan, Israel, Canada, Germany, Australia, Sweden, Finland, and Singapore; DOD, DOT, GAO, and the EU are among others. HSRC serves over 650 private sector clients, including all major defense and security contractors and many Fortune 500 companies. 70% of our reports are acquired by repeat customers

Share article on socal media or email:

View article via:

Pdf Print

Contact Author

Shelli Amit

Maggie Sela
@HSRC_Analysis
Follow >
Homeland Security Research Corporation

Visit website