SALT LAKE CITY -- Recently, Visa announced that EMV, short for Europay MasterCard Visa, is going to become the standard payment technology for the United States. This technology, also known as Chip and PIN, requires all credit cards to be reissued with a smart chip. Consumers may also be required to start using a PIN to use the new cards.
Click here to read Visa's announcement on the rollout.
Certainly retailers can appreciate the desire to provide a standard for such systems. But there's a problem; this technology doesn't go far enough. EMV is a 20-year-old technology that already has known deficiencies--no security for online use, no security of the card number, and susceptible to man-in-the-middle attacks.
U.S. merchants don't want old technology. U.S. merchants want the next generation of EMV. We want EMV2.0; we want a technology that protects the card number so that PCI compliance requirements are thrown out and online fraud is addressed.
The U.S. is a clean slate at this point. Merchants don't want to continue spending money on credit-card companies' security problems. Visa's EMV announcement is short-sighted and will be obsolete within the next 10 years. Visa needs to offer a solution that solves the data security problem for the consumer, the merchant and the banks.
Chip and PIN is not going to be good enough for U.S. consumers. Pay attention to companies such as iTunes, Google and Paypal that are starting to offer solutions to consumers that protect credit-card data through the use of smartphone apps and other online wallets. These solutions understand customers' desire to use current technology--their smartphones--will provide better security, and will speed up transactions instead of slowing them down.
Merchants have spent the last five years spending money to protect the credit-card companies' even older technology, the magstripe. Now we're being told to spend more money on an inadequate technology that doesn't address these same problems. This must stop. Give merchants a solution that fixes data security of the cards. Give merchants a solution that eliminates PCI issues and addresses online fraud.
EMV is old, costly and inadequate. Visa needs to stop dressing this up as a fraud solution for the consumers, merchants and banks. Visa, stop pretending this lipstick addresses the data security problem.
Trinette Huber is the manager for Sinclair Oil's PCI program, which provides support for more than 2,700 retail petroleum locations. She has been working on PCI and security-related projects since 2004. She also manages information security and privacy for Sinclair's corporate offices, refineries, hotels and resorts, which includes the Grand America Hotel in Salt Lake City and the Sun Valley Resort in Idaho.
Do you agree with Huber? Do you disagree? Share your opinion in the "comments" section below.
Members help make our journalism possible. Become a CSP member today and unlock exclusive benefits, including unlimited access to all of our content. Sign up here.