Target, Wal-Mart On EMV: The Metric System Of Payment
Written by Evan SchumanApril 27th, 2011
EMV may become the metric system of payment, a process that almost everyone in the world adopts, with the U.S. stubbornly refusing. In a panel discussion on Wednesday (April 27), Target and Wal-Mart agreed that EMV Chip-and-PIN is an extremely desirable way to go. But hardly anyone has a concrete plan for making it happen in the U.S.—in a meaningful way—anytime soon. Still, both chains were certain of one thing: If magstripes could magically be made to go away tomorrow, the retail world would be a happier place.
"If we can envision a world where magstripe doesn't exist, Chip-and-PIN would virtually eliminate all counterfeit, lost and stolen fraud as well as almost 99 percent of PCI costs," said Mike Cook, Wal-Mart's VP and assistant treasurer. "So you no longer have to have your database encrypted. You no longer need to have the secure lines. You're no longer storing data that could be used by somebody else. The PCI costs become significant cost savings."
This Story Is Only Available For Premium Subscribers. Click Or Login In Below To Read The Rest Of This Story.
Already a Subscriber? Login Here
6 Comments | Read Target, Wal-Mart On EMV: The Metric System Of Payment
Leave a Reply
Readers, specifically those who want to comment on a story:
Our Comment SPAM system is getting very aggressive these days and has been blocking legitimate comments. If you post a comment and don't see it appear within 2 hours or so, can you please send a heads-up to customer-service@storefrontbacktalk.com? Ideally, please include the time you posted the comment. That will allow us to try and hunt for it. Thanks! P.S. We're working on fixing the system, but we don't want to lose any valuable comments in the meantime.
Our Comment SPAM system is getting very aggressive these days and has been blocking legitimate comments. If you post a comment and don't see it appear within 2 hours or so, can you please send a heads-up to customer-service@storefrontbacktalk.com? Ideally, please include the time you posted the comment. That will allow us to try and hunt for it. Thanks! P.S. We're working on fixing the system, but we don't want to lose any valuable comments in the meantime.
-Christine
April 28th, 2011 at 7:33 am
Mr. Cook doesn’t seem to understand that EMV is not a data protection scheme. It’s an authentication scheme. Using EMV doesn’t mean cardholder data goes away – it’s still there.
April 28th, 2011 at 8:43 am
A good place for large retailers like WMT and Target who believe in EMV and new authentication schemes is to start with their own private label/co-brand credit and debit card programs.
More important, to engage the majority of retailers, networks need to create financial rewards for small and large merchants to invest in new technologies. Without the incentives – not to mention a card base, there is little momentum for adoption.
Retailers stumbling out of a nasty recession are facing many demands for limited investment dollars. Merchants are hesitant to allocate any money on the necessary EMV hardware and deployment. There are just too many other things to spend money on.
Adding complexity to the decisioning, in the rapidly changing payments landscape, merchants in the U.S. I know are wondering if a better mousetrap is just around the corner.
April 28th, 2011 at 5:00 pm
Chip-and-pin is not foolproof. According to Ross Anderson, “Chip and Pin Is Broken,” Feb 2011, “the flaw is that when you put a card into a terminal, a negotiation takes place about how the cardholder should be authenticated: using a PIN, using a signature, or not at all. This particular subprotocol is not authenticated, so you can trick the card into thinking it’s doing a chip-and-signature transaction while the terminal thinks it’s chip-and-PIN.” http://www.lightbluetouchpaper.org/2010/02/11/chip-and-pin-is-broken/ And this is a flaw both offline and online. The root cause, says Anderson, is that no one normalized all the various protocols from banks and processors to assure there were no missing pieces.
April 28th, 2011 at 7:50 pm
As Marc Massar says, there seems to be a common misunderstanding in the US about what EMV actually achieves. On a personal basis I come up against this preconception repeatedly. EMV can be a great tool to combat lost & stolen and conterfeit fraud (assuming of course that it is implemented in such a way that fallback to magstripe is eventually let go of), but it’s not going to solve your PCI DSS headache – the sensitive data still exists, and so can still be compromised and used for card not present fraud.
May 11th, 2011 at 1:27 pm
Ummm, “EMV is not a data protection scheme; it’s an authentication scheme” — wait until some EMV fanatic reads this. According to EMV fanatics, if the authentication scheme is as strong as EMV, compromised card data is not an issue because forged cards won’t get through the authentication process. But then you ask where MOTO and ecommerce fit into this panacea, and usually the silence is deafening.
May 19th, 2011 at 5:48 pm
“If we can envision a world where magstripe doesn’t exist, Chip-and-PIN would virtually eliminate all counterfeit, lost and stolen fraud as well as almost 99 percent of PCI costs,” said Mike Cook”
Mr. Cook is definitely not an expert on this field and has very false assumptions on what EMV is capable of. If his statement were true, then Europe would have less Credit Card fraud than the United States. However, the facts are that EMV has done little to nothing to prevent the amount of fraud in Europe when compared to the United States online systems. This is why the United States has no motivation to adopt EMV as it is costly and many feel is inferior to the Online Systems that the United States uses to combat fraud.