EMV Standard Combats Payment Card Fraud

As recent events demonstrate, the magnetic stripe-based payment cards used by the vast majority of U.S. retailers, banks, payment processors and card issuers are vulnerable to fraud. The Europay, MasterCard, Visa (EMV) standard used by the rest of the developed world stores sensitive customer data on an encrypted chip, rather than on a magnetic stripe, making payment card fraud much more difficult. Erik Vlugt, VP product marketing for electronic payment solutions vendor VeriFone Inc., recently shared insight on the advantages EMV can offer U.S. retailers and their customers and what needs to happen to make widespread EMV adoption in the United States a reality.

What advantages does the EMV standard offer?

At the top level, there are two advantages that EMV offers. It makes card fraud, in terms of stealing data from a customer’s card and making your own duplicate card, impossible. And also global interoperability. The U.S. is the last developed country not on the EMV platform. Adopting EMV in the U.S. would allow people from other EMV-compli-ant countries to use chip cards in the U.S., and vice versa. Going to Europe and using a magnetic stripe card can cause issues.

How do EMV-compliant cards authenticate a customer?

The EMV standard covers three forms of authentication — personal identification number (PIN), signature and no cardholder verification method (CVM) at all. You might have no CVM for a low-ticket item where you just tap your card on a reader, such as at a fast food restaurant. On the equipment side, Verifone enables EMV-compliant capture for all three types of verification. Card issuers will issue EMV cards with a preference. You will likely see Visa promote chip and signature and MasterCard promote chip and PIN. PIN authentication is more secure than signature authentication, but also more complex. There is an argument about whether PIN authentication is worth the extra complexity; existing POS equipment already supports signature authentication.

What effort would be involved in widespread EMV adoption in the United States?

Large retailers and national chains would have a reasonable effort. They would need to upgrade and support acceptance equipment on the hardware side. On the software side, retailers must upgrade downstream POS software and switch software, and the processor must certify their new system and test end-to-end data capture to the payment network before allowing them to operate. There is a lot of incremental effort. Smaller retailers typically use a third party to certify their payment networks, so it’s less of an effort for them.

What impediments exist to adoption of EMV in the United States?

The cost of upgrade, as well as the large U.S. market with a wide variety of acceptance types — POS terminals, ATMs, kiosks, etc. — are impediments. However, three years ago Visa put in a liability shift (that goes into effect October 2015) as an incentive. The U.S. is the only developed country where you can easily commit card fraud.

What is VeriFone doing in terms of EMV-compliant technology and assisting retailers in switching from magnetic stripe technology?

We are providing lots of education; we are a very consultative company. This includes webinars and one-on-one meetings. We also help our clients upgrade their magnetic stripe card acceptance systems beyond EMV compliance. A common misconception is that once you start using EMV-compliant technology, card data is secure. In actuality, the data is secure on the card but once the card is inserted into the reader, the customer’s card number travels in the company’s network in unencrypted form. VeriFone seals the customer’s data in encrypted form as it travels through the network and doesn’t decrypt it until it gets to the processor.