Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
EMV Is Coming. But Is It Too Little, Too Late?
Newest First  |  Oldest First  |  Threaded View
Page 1 / 2   >   >>
NJ Online Casinos
NJ Online Casinos,
User Rank: Apprentice
7/10/2014 | 5:58:24 AM
Re: Marketing Challenge
The most important contribution by EMV is focused on strengthening transaction security through additional authentication. The focus on the legitimacy of the transaction and the ability to prevent fraud at the ATM or PoS through additional layers of authentication specifically the PIN number will help reduce fraud and at least remove the U.S. from the status of countries where the opportunity to commit fraud is now the greatest due to its legacy magnetic stripe card infrastructure. Coupled with new standards of 'tokenization' that will/have been established by the card networks, this will start to make a difference on how consumers perceive the industry is moving to help them feel more secure, while initiating payments around the world. 
MarkS229
MarkS229,
User Rank: Apprentice
3/17/2014 | 10:32:20 PM
EMV won't solve the problem, but this will
I agree wholeheartedly with everything said in the article.

The trouble with any system that uses fixed credentials, is that these can be intercepted, copied and re-used. This goes for biometrics, too, since the data is digitised for transmission.

What is needed is an authentication process that doesn't use passwords, PIN codes, biometric data or multi-level encryption, and is still proof against network snooping, spy cameras and malware.

In your head is a keyword (or two) which only telepathy can reveal. When you login, you are presented with an alphabet coupled to a random assortment of 1's and 0's (or any other numbers) which you match against your keyword. Doesn't matter how the hackers intercept this, since the random assortment will be different next time. The technical details of such a system are described in www.designsim.com.au/What_is_SteelPlatez.ppsx togethere with its application to POS terminals, ATM's and online banking.

The best part, is that no fancy cards are required, and POS terminals would only need an extra HTML page.
PMCarrollVS
PMCarrollVS,
User Rank: Apprentice
3/17/2014 | 8:32:47 PM
Re: Marketing Challenge
Thanks kgordon597. I am a great believer in Contactless payment technology, which has to be the ultimate consumer experience in terms of convenience. What we need is Convenience with security, not versus security, and the problem with contactless remains the threat of fraud which results in low transaction limits. However, contactless (cards or mobile) can be combined with new technology which I discuss in my follow-on article and is capable of addressing the fraud issue with virtually 100% reliability.
jagibbons
jagibbons,
User Rank: Strategist
3/17/2014 | 8:20:18 PM
Re: Marketing Challenge
There are no easy solutions to the card fraud problem. EMV will help in many cases, and should be adopted as broadly as possible. However, the article is right in that theives will turn their focus to other payment methods when cards become more secure.
PMCarrollVS
PMCarrollVS,
User Rank: Apprentice
3/17/2014 | 8:16:02 PM
Re: Card Not Present
You are correct that EMV is effectively designed for Card Present transactions, and this article is primarily concerned with EMV in this context. I do refer briefly to the difference between CP and CNP transactions, which is also referenced in the follow-on article. For completeness I should add that EMV payment cards can be equipped with features designed to add security to card-not-present transactions, such as one-time-passwords, on-card displays, or for use with personal card readers.  However such applications of the EMV card add to the production/deployments costs which can render their widespread distribution infeasible. 
PMCarrollVS
PMCarrollVS,
User Rank: Apprentice
3/17/2014 | 7:51:02 PM
Re: Declined
Correct, the perception in some countries is that non-EMV transactions are so risky that many banks are declining them by default (unless you specifically call in and notify them you'll be travelling to the US (or other non-EMV country), but even calling the bank in advance is no guarantee that the transaction will not be blocked). The follow-on article will outline technology available today that can enable issuing banks to differentiate between legitmate and fraudulent transactions with virtually 100% accuracy, and works irrespective of whether the card is EMV or non-EMV.
kgordon597
kgordon597,
User Rank: Apprentice
3/17/2014 | 6:42:20 PM
Marketing Challenge
I am looking forward to your further additions to this column, Pat. EMV is not going to be the answer for the long- term. It is decades old technology that is expensive to implement and still poses security issues. Better encryption and an absence of fraudulent attacks has led to consumer trust of companies like PayPal, and ease-of-use concerns in a retail environment have been answered with contactless payment methods like NFC, BLE and QR codes. The dilemma of convincing consumers and retailers that these alternative payments methods hold more long-term viability is a challenge for marketers. The retailers are the ones who are going to need to partner with payment companies in order to add value to the consumer experience with targeted messaging and promotions. Merchants have to be in the conversation and collaborating with the innovators to develop a more secure payments process that can be more easily updated over time.
Lorna Garey
Lorna Garey,
User Rank: Ninja
3/17/2014 | 1:40:59 PM
Re: Declined
OK, that makes sense. Talk about a PR nightmare otherwise -- card declined, possibly a language barrier to boot.
allieluvzkittnz
allieluvzkittnz,
User Rank: Apprentice
3/17/2014 | 1:20:31 PM
Re: Declined
No, what he's saying is that non-EMV transactions are so risky that many banks are starting to decline them by default unless you specifically call in and notify them you'll be travelling to the US (or other non-EMV country). Issuing a non-EMV card would be far, far WORSE for them. Disabling stripe transactions by default isn't radical, it's smart. Most banks in the US disable foreign transactions by default, too...
wayne.allen
wayne.allen,
User Rank: Apprentice
3/17/2014 | 12:58:24 PM
Card Not Present
The author aluded to it, but didn't clearly point out that EMV does nothing for card not present transactions.
Page 1 / 2   >   >>


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Black Hat USA 2022 Attendee Report
Black Hat attendees are not sleeping well. Between concerns about attacks against cloud services, ransomware, and the growing risks to the global supply chain, these security pros have a lot to be worried about. Read our 2022 report to hear what they're concerned about now.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-2734
PUBLISHED: 2022-08-09
Improper Restriction of Rendered UI Layers or Frames in GitHub repository openemr/openemr prior to 7.0.0.1.
CVE-2022-2729
PUBLISHED: 2022-08-09
Cross-site Scripting (XSS) - DOM in GitHub repository openemr/openemr prior to 7.0.0.1.
CVE-2022-2730
PUBLISHED: 2022-08-09
Authorization Bypass Through User-Controlled Key in GitHub repository openemr/openemr prior to 7.0.0.1.
CVE-2022-2731
PUBLISHED: 2022-08-09
Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to 7.0.0.1.
CVE-2022-2732
PUBLISHED: 2022-08-09
Improper Privilege Management in GitHub repository openemr/openemr prior to 7.0.0.1.