Monday , November 18, 2024

Security Notes: Too Late for EMV in the U.S.

Gideon Samid • Gideon@BitMint.com

How would you counsel a society that uses manual typewriters? Would you explain the clear advantages of an electric typewriter, or would you point them to computer technology? 

Similarly, for the huge national effort called EMV (Europay-MasterCard-Visa) migration. Consider EMV in light of “pay-phone” technology. Just yesterday the term “pay phone” meant something completely different. Shows you how fast technology moves.

When EMV was introduced, more than a decade ago, people carried quarters around to drop into pay phones. Today, 78% of humanity uses a smart enough phone, always at hand, which has much more computing power than an EMV card would ever have, and which allows people to engage in the payment dialogue as equal partners with the merchant. They can use their own screen, control the sale with their phone buttons, and keep the receipt, screen-visible, and folder-filed—better than entangled with their handkerchief in their side pocket. The smart money bets on the new “pay phone,” the singular payment device to replace today’s deck of cards.

Nobody challenges the advantage of EMV technology over magnetic stripes, much as few disagree that electric typewriters are so much better than manual ones. It would have been a good idea for the United States to join the rest of the world and adopt EMV at the dawn of this century. But it makes little sense now to mount this huge national program, hoping to intercept a technology whose time has come and gone. Phones and small tablets are where the action is. The days of a multi-pocket wallet are over. Everything is going virtual—your identity cards, your medical cards, and your payment cards. The new phone is the new wallet, and it does to plastic what word processors did to typewriters, electric or otherwise.

Only yesterday, we routinely bought black and yellow film rolls. Can you buy one now? The same fate awaits the elegant leather wallet with staggered pockets for cards, a big flop for paper money, a zipped pouch for coins, and a sheer cover for family pictures. The family pictures are screen-sweepable, the coins are useless, the cards virtual, and the cash digital. The leather wallet morphs into the smart phone.

The lessons of EMV are not forgotten. EMV cryptography proved itself. We should build on it, and implement a smarter, faster version of it on the phone. EMV security was designed to frustrate the thief who stole a card. Its strength is based on integrating the live engagement of the card owner.

But this principle is much more pronounced with a phone, which is always on. Crypto security works under the assumption of total exposure to hackers, and we have effective tools against them. As an aside, this means near-field communication (NFC) is not very attractive, not just because it entails an expensive point-of-sale terminal modification, but also because it is based on short distances that, alas, are not sufficient to deter hackers, and, unfortunately, do not allow the casual-distance convenience of other electromagnetic channels.

In many underdeveloped regions of the world, people pay phone-to-phone, using short-messsage-service (SMS) technology. Salespersons in stores will counter-click their smart phone to drop an item on your cart and channel the money from your phone. This pressure alone will drive POS terminal manufacturers to accommodate a POS-phone connection. Until then, some enterprising startups are developing a “generic card” that is dynamically written from a smart phone and then swiped on the old terminals, which think they are talking to the good old mag-stripe.

Hackers have not yet flexed their muscles over EMV, mainly because the U.S. served as fertile ground for mag-stripe hacking. Another reason is that POS terminals, and merchants’ databases, became more data-loaded and hence a juicier target. And then the constant rise in e-commerce attracted very powerful hacking tools (the keyboard logger is a killer!), so why attack EMV per se in a card-present deal?

And then we face the rising tide of loyalty money—coupons, gift cards, reward points. When today’s shopper contemplates a purchase, she first needs to fumble through her coupons and loyalty payment options, then she needs to sort out the various terms of the various credit cards. Modern phone solutions automatically line up all these currencies in a logical order.

Card issuing banks watch out: Crypto money is next. The phone that replaces your plastic cards is about to devour your money-storage business.

Check Also

Celero Marks Another Acquisition and other Digital Transactions News briefs from 11/15/24

Payments provider Celero Commerce acquired Precision Payments. Celero said its total annual North America card processing volume …

Leave a Reply

Digital Transactions