Protection Against Data Breach: Let’s Talk About EMV, Contactless Cards, and NFC
In the wake of recent data breaches at retailers like Target and Neiman Marcus, the payments industry has been abuzz with talk of better card protection, PCI compliance, and other fraud management tools. In particular, EMV, contactless cards, and NFC are popping up in recent payment security conversations. These new technologies are one strong possibility to addressing security concerns, although speculation does exist (according to The Telegraph).
Europe is already down with EMV, but the United States has yet to fully adopt the new technology. Cost is one issue, as the switch would require the installation of new terminals capable of processing payments from contactless cards. According to this article from TechWeekEurope, Target estimated conversion to EMV at roughly $50 million dollars. However, acquirer processors needed to be able to support EMV transactions last spring, and October 2015 will bring about a shift in fraud liability that places responsibility for credit card fraud right on the shoulders of merchants that lack EMV capabilities.
EMV is the standard for all payment instruments and devices (including cards, terminals, mobile phones, etc.) that utilize smart chip technology (embedded microprocessor chips). EMV was developed by Europay, Visa and MasterCard. Sometimes EMV is called “chip-and-pin” or “chip-and-signature.”
Chip-and-pin cards make up over 84% of all cards issued in Western Europe, reports Forbes. Chip-and-pin cards require the insertion of the card into a reader, followed by the customer entry of an associated PIN number.
Some swap the pin for a traditional signature (chip-and-signature), but the microprocessor chip works the same way: it enables sensitive payment data to be encrypted uniquely for each purchase. This makes transactions more secure, as the payment information is constantly changing instead of remaining static and vulnerable.
Then there’s EMV’s slightly quirky younger sister: contactless cards. According to the Smart Card Alliance, contactless payments are “simply payment transactions that require no physical contact between the consumer payment device and the physical point-of-sale (POS terminal).” Using a radio frequency, a card can be waved or held in front of the POS and read instantly.
Contactless cards employ NFC or near-field communication technology, allowing devices to transfer information back-and-forth. We’re already familiar with this: think of your key-fob for work, gym, or apartment entry. Contactless cards are embedded with smart chips, similar to EMV chip-and-pin, but they simply can be “waved” in front of their partner device.
Contactless transactions with NFC are also reported to be fast (Smart Card Alliance), reducing POS time by 30-40% and performing at speeds 63% faster than cash payments and 53% faster than magnetic-stripe cards. They can also boast impressive security measures not available for traditional stripe cards: card-exclusive encrypted keys for each card, dropping the use of a cardholder name during transactions, and even presenting an alternate number to the actual account number, specific to each and every single transaction, not to be repeated.
NFC card payment technologies are also booming. According to a white paper from the Smart Card Alliance, NFC handset counts will increase from under 40 million in 2011 to 544.7 million by 2015.
These solutions are poised to emerge in the United States over the next few years. As EMV adoption grows due to the coming 2015 regulation change, it’s likely that contactless payments and NFC-based solutions will also being cropping up with more frequency. As processors, merchants, and consumers look for solutions following the recent data breaches, payment and card technologies like EMV, contactless cards, and NFC will continue to be ushered in.
Photo credit: la Caixa