Mobile 2 Go Blog: Visa Holds to EMV Stance
Talk with Visa legal officer shows aversion to change
OAKBROOK TERRACE, Ill. --While a talk with a Visa representative may not shed new light on how mobile payment will develop in the United Sates, it does highlight the credit-card giant's determination not to give up certain payment methods already in place.
It proves to be a curious dichotomy. Because at the same time, it's preaching movement to a chip-based technology it believes will better serve the public.
Often criticized for holding onto the traditional signature-based card system, problematic from the point of data security, Visa is squarely intent on moving to a chip-based solution, said spokesperson Ellen Richey in a discussion with me on the corporate viewpoint.
"We think the most important thing for this industry from a security standpoint is to move to chip [card technology]. Not chip and PIN [personal identification number], just chip; not chip and signature," said the chief enterprise risk officer and chief legal officer for the Foster City, Calif.-based Visa Inc. Referring to a technology also called "Europay MasterCard Visa" or "EMV," she said, "The chip creates a dynamic cryptogram, a one-time message with every transaction, so … even if a thief gets into a retail store or its systems and steals data, he can't make a usable counterfeit card."
Such a move will cost the petroleum and c-store industry millions of dollars in upgrades, I said. To which she replied that Visa has been mindful of the needs of all stakeholders and hoped that the 2017 deadline for automated fuel dispensers was an adequate time for what she called, "terminal replacement cycles" to unfold on their own. In other words, old equipment would eventually have to be replaced, and so an upgrade to EMV would naturally occur over that timeline.
Richey addressed other issues. She agreed EMV was itself an older security method—a big concern in light of how sophisticated data thieves have become and how they continue to get better at what they do.
"The EMV chip [method] has been out there for more than 20 years now and has not been broken," Richey said. "I've been to test labs where they to try and break the chip, read it and hack into it. There's very elaborate ways to do it … and there have not been successful attacks in the POS environment."
And as Visa has been more than eager to declare, the deadlines won't mean that merchants who fail to upgrade won't be able to process cards. But those retailers will have to assume the liability for data that's stolen.
Finally, many in the industry who've voiced concerns over Visa's stance allude to how the credit-card firm has a lot invested in what's in place and would find change—especially the loss of signature-based cards—potentially devastating. Visa's position is to focus on the migration to chip.
"It's important that we get the chip out there as quickly as possible," Richey said. "If we try to change consumer behavior, [change clerk routines] and the bank environment, it will slow us down."
And while I, just another observer of this continuing payment evolution, can see the validity of what she's saying, I'm not necessarily swayed to think Visa isn't just trying to hold onto its golden goose.
That said, each party along the food chain has its own interests at heart, including c-stores.
For more on data security and mobile commerce, see the May issue of CSP magazine.