Visa and Mastercard’s Latest EMV Window Dressing

by Sarah Grotta 0

An opinion piece in Forbes, rounds up many of the current simmering issues in the payments industry around EMV and the bumpy path that issuers and merchants have taken in the U.S. to migrate to chip technology.

The author first takes issue with M/Chip fast and Quick Chip solutions as nothing more than smoke and mirrors:

MasterCard’s M/Chip Fast solution and Visa’s Quick Chip program are the latest attempt by the card brands to try to smooth over the poorly planned and executed EMV transition – where Americans transitioned from swiping their old magnetic stripe credit card to dipping their new chip card, while retailers began taking responsibility for fraudulent transactions made if they weren’t using chip technology.

That means the M/Chip Fast and Quick Chip will not cut down on actual checkout time but merely create the impression that you are spending less time at the register when, in fact, you are just spending less time with your card inserted in the terminal.

It is true that the transaction in total isn’t faster, but if the consumer has to interact less with the point of sale and spend less time thinking about payments, it’s still a noble endeavor.

The author then tackles the issue that the vast majority of cards are being issued chip and signature without a PIN, giving sophisticated fraudsters the opportunity to get away with compromising the mag stripe on the back of the card:

The cards being shelled out by Visa and MasterCard in the U.S. have a critical security flaw – they don’t use a personal identification number (PIN) as a second layer of protection.

The cards now being used by millions of Americans are referred to as chip-and-signature cards. While it is true that these cards are more secure than the magnetic stripe cards they replaced, they can still be compromised to steal sensitive consumer financial information as researchers recently demonstrated at the Black Hat security conference in Las Vegas earlier this month. What’s more, card issuers chose not to replace signature verification with PIN verification on the new cards, which has left them unnecessarily vulnerable to fraud.

What is left out in that statement is that hackers will hack, but issuer processors will be able to decline the transaction and fraud will be avoided in the scenario demonstrated at the security conference.

And finally, the author takes issue with the fact that using a signature to verify a transaction is so useless, that it is not required for many low value transactions:

The signature has been obsolete for decades now and can be described as a formality at the register, at best. In fact, it has become so useless that card issuers have increased the limit to $50 on no-signature-required programs that encourage retailers to not require a signature for low cost purchases.

Let’s not forget that many retailers also don’t require PIN on low value transactions even when PIN is available to get customers through their check-out lines expeditiously.

Overview by Sarah Grotta, Director, Debit Advisory Service at Mercator Advisory Group

Read the full story

Featured Content