Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

8/9/2011
03:35 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Visa To Accelerate Chip Migration, Adoption Of Mobile Payments

Visa dynamic authentication road map will reduce fraud and enhance international acceptance

San Francisco, August 9, 2011 – Visa Inc. (NYSE: V) today announced plans to accelerate the migration to EMV contact and contactless chip technology in the United States. The adoption of dual-interface chip technology will help prepare the U.S. payment infrastructure for the arrival of NFC-based mobile payments by building the necessary infrastructure to accept and process chip transactions that support either a signature or PIN at the point of sale.

“By encouraging investments in EMV contact and contactless chip technology, we will speed up the adoption of mobile payments as well as improve international interoperability and security,” said Jim McCarthy, global head of product, Visa Inc. “As NFC mobile payments and other chip-based emerging technologies are poised to take off in the coming years, we are taking steps today to create a commercial framework that will support growth opportunities and create value for all participants in the payment chain.”

Not only will chip technology accelerate mobile innovations, it is also expected to secure payments into the future through the use of dynamic authentication. Chip technology greatly reduces a criminal’s ability to use stolen payment card data by introducing dynamic values for each transaction. Even if payment card data is compromised, a counterfeit card would be unusable at the point of sale without the presence of the card’s unique elements. By reducing static authentication, we diminish the value of stolen cardholder data, benefiting all stakeholders.

“Dynamic authentication is the key to securing payments into the future,” said Ellen Richey, chief enterprise risk officer, Visa Inc. “Adding dynamic elements to transactions makes account data less attractive to steal and takes more merchant systems out of harm’s way, shrinking the battlefield against criminals. The migration to chip technology will be an important security layer and a critical step in a comprehensive strategy to use dynamic authentication across all markets and all channels.”

Globally, Visa will continue to support a range of cardholder verification methods including signature, PIN and no-signature for low-value, low-risk transactions. In the longer term, we expect that the use of static verification methods such as signature and PIN will be reduced or eliminated entirely as new and dynamic forms of cardholder verification are implemented.

Visa’s plan to encourage the U.S. adoption of dynamic chip authentication technology includes the following three initiatives:

Expand the Technology Innovation Program to Merchants in the U.S. Effective October 1, 2012, Visa will expand its Technology Innovation Program (TIP) to the U.S. TIP will eliminate the requirement for eligible merchants to annually validate their compliance with the PCI Data Security Standard for any year in which at least 75 percent of the merchant’s Visa transactions originate from chip-enabled terminals. To qualify, terminals must be enabled to support both contact and contactless chip acceptance, including mobile contactless payments based on NFC technology. Contact chip-only or contactless-only terminals will not qualify for the U.S. program. Qualifying merchants must continue to protect sensitive data in their care by ensuring their systems do not store track data, security codes or PINs, and that they continue to adhere to the PCI DSS standards as applicable. Build Processing Infrastructure for Chip Acceptance Visa will require U.S. acquirer processors and sub-processor service providers to be able to support merchant acceptance of chip transactions no later than April 1, 2013. Chip acceptance will require service providers to be able to carry and process additional data that is included in chip transactions, including the cryptographic message that makes each transaction unique. Visa will provide additional guidance as part of its bi-annual Business Enhancements Release for acquirer processors to certify that their systems can support EMV contact and contactless chip transactions. Establish a Counterfeit Fraud Liability Shift Visa intends to institute a U.S. liability shift for domestic and cross-border counterfeit card-present point-of-sale (POS) transactions, effective October 1, 2015. Fuel-selling merchants will have an additional two years, until October 1, 2017 before a liability shift takes effect for transactions generated from automated fuel dispensers. Currently, POS counterfeit fraud is largely absorbed by card issuers. With the liability shift, if a contact chip card is presented to a merchant that has not adopted, at minimum, contact chip terminals, liability for counterfeit fraud may shift to the merchant’s acquirer. The liability shift encourages chip adoption since any chip-on-chip transaction (chip card read by a chip terminal) provides the dynamic authentication data that helps to better protect all parties. The U.S. is the only country in the world that has not committed to either a domestic or cross-border liability shift associated with chip payments.

Today’s announcement builds on similar international programs to encourage the migration to EMV chip. In February 2011, Visa announced the Technology Innovation Program for international merchants. The program, which was available beginning March 31, 2011, was intended to recognize the security benefits of dynamic authentication, enabled by EMV chip, and offer tangible benefits to merchants who update their POS infrastructure to accept chip cards. Visa has now expanded this program to include U.S. merchants, but will require terminals to support both contact and contactless chip payments.

Moving forward, as the point-of-sale payment infrastructure evolves from the static magnetic stripe to intelligent devices such as EMV chip cards and NFC mobile phones, it is critical to ensure that cardholders can continue to conduct convenient, secure and reliable payments for card-not-present transactions as well. Visa is designing its new digital wallet with “click-to-buy” functionality able to support dynamic authentication across multiple channels including the eCommerce environment. Visa will also continue to enhance intelligent network-based fraud detection tools such as Visa Advanced Authorization and cardholder transaction alerts to complement dynamic and risk-based authentication methods. As always, effective fraud prevention requires multiple layers of security.

Industry Support

Today’s announcement supports an increasing interest in chip technologies from across the industry:

“As the leading global foodservice retailer, McDonald’s already has a great deal of experience with chip technology, including in the U.S. where we have deployed contactless chip terminals to help us serve our customers even faster,” said Dave Weick, Chief Information Officer and SVP Shared Services, McDonald’s Corporation. “We’re pleased that Visa has provided a roadmap that will allow us to move towards the next generation of payment technology, while at the same time take advantage of the security benefits of EMV chip and dynamic authentication.” “Visa’s plan to encourage chip adoption and lay the groundwork for mobile payments is a positive development,” said Kevin Knight, executive vice president Nordstrom, Inc. “We appreciate their efforts to promote improved technology so that our customers have more reliable and secure card use and payment for their purchases.” “There is no security silver bullet. But smartcards and smartphones using EMV adds a strong layer for payment transaction security as well as online banking, access to medical records and more,” said George Peabody, director, Emerging Technologies Advisory Service, Mercator Advisory Group, Inc. “The roll-out of EMV in the U.S. gets much needed dynamic data into the authentication mix. This is a welcome step toward lowering fraud at the point of sale and online. It’s time.”

To read more, visit the Visa Viewpoints Blog at http://blog.visa.com/.

About Visa Inc.: Visa is a global payments technology company that connects consumers, businesses, financial institutions and governments in more than 200 countries and territories to fast, secure and reliable digital currency. Underpinning digital currency is one of the world’s most advanced processing networks—VisaNet—that is capable of handling more than 20,000 transaction messages a second, with fraud protection for consumers and guaranteed payment for merchants. Visa is not a bank and does not issue cards, extend credit or set rates and fees for consumers. Visa’s innovations, however, enable its financial institution customers to offer consumers more choices: pay now with debit, ahead of time with prepaid or later with credit products. For more information, visit www.corporate.visa.com.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Data Leak Week: Billions of Sensitive Files Exposed Online
Kelly Jackson Higgins, Executive Editor at Dark Reading,  12/10/2019
Intel Issues Fix for 'Plundervolt' SGX Flaw
Kelly Jackson Higgins, Executive Editor at Dark Reading,  12/11/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The Year in Security: 2019
This Tech Digest provides a wrap up and overview of the year's top cybersecurity news stories. It was a year of new twists on old threats, with fears of another WannaCry-type worm and of a possible botnet army of Wi-Fi routers. But 2019 also underscored the risk of firmware and trusted security tools harboring dangerous holes that cybercriminals and nation-state hackers could readily abuse. Read more.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-5252
PUBLISHED: 2019-12-14
There is an improper authentication vulnerability in Huawei smartphones (Y9, Honor 8X, Honor 9 Lite, Honor 9i, Y6 Pro). The applock does not perform a sufficient authentication in a rare condition. Successful exploit could allow the attacker to use the application locked by applock in an instant.
CVE-2019-5235
PUBLISHED: 2019-12-14
Some Huawei smart phones have a null pointer dereference vulnerability. An attacker crafts specific packets and sends to the affected product to exploit this vulnerability. Successful exploitation may cause the affected phone to be abnormal.
CVE-2019-5264
PUBLISHED: 2019-12-13
There is an information disclosure vulnerability in certain Huawei smartphones (Mate 10;Mate 10 Pro;Honor V10;Changxiang 7S;P-smart;Changxiang 8 Plus;Y9 2018;Honor 9 Lite;Honor 9i;Mate 9). The software does not properly handle certain information of applications locked by applock in a rare condition...
CVE-2019-5277
PUBLISHED: 2019-12-13
Huawei CloudUSM-EUA V600R006C10;V600R019C00 have an information leak vulnerability. Due to improper configuration, the attacker may cause information leak by successful exploitation.
CVE-2019-5254
PUBLISHED: 2019-12-13
Certain Huawei products (AP2000;IPS Module;NGFW Module;NIP6300;NIP6600;NIP6800;S5700;SVN5600;SVN5800;SVN5800-C;SeMG9811;Secospace AntiDDoS8000;Secospace USG6300;Secospace USG6500;Secospace USG6600;USG6000V;eSpace U1981) have an out-of-bounds read vulnerability. An attacker who logs in to the board m...