Critics call EMV last decades technology, but boosters consider the chip-based security standard as relevant today as it ever has been.
Developed as a fraud-resistant payment standard by a consortium of card networks in the early 2000s, the Europay, Mastercard and Visa system governs point of sale payments in nearly every corner of the globeexcept the United States.
Beginning in a few months, however, liability for fraudulent transactions with magnetic stripe cards in the U.S. will begin to shift from the issuing banks to the merchants. And that liability shift has most players in the payments industry making plans to upgrade their soon-to-be obsolete equipment.
But why upgrade to a standard that is already a dozen years old? Couldnt the United States just leapfrog the EMV standard and become the first nation to adopt whatever new technology comes next? Maybe an NFC-based mobile-only system is where the future lies.
Not so fast, say most opinion leaders in the payments realm. While its nice to dream of whats next, skipping steps isnt just difficultits dangerous, they warn.
Just because there is new technology to implement, doesnt mean we dont need to finish implementing the old technologies, said Gil Luria, managing director for Los Angeles-based Wedbush Securities.
Luria, along with other industry opinion leaders, notes that the United States has held out stubbornly against switching to EMV. That hasnt been the wisest move, they agree.
Randy Vanderhoof, executive director of the Smart Card Alliance, says EMV detractors are railing against the standard because they have some other technology to promote.
I think the only people who are making the claim that EMV is passé and shouldnt be implemented are those folks that are looking to replace it with something they hope will catch on, Vanderhoof said.
Fraud prevention ranks among the biggest selling points for the EMV standard, and its beginning to outweigh one of the biggest selling points of magnetic stripe cardscompatibility.
Mag-stripe advocates cite the systems ubiquity in the U.S. as an advantage. But this country is hanging onto the legacy technology while the rest of the world has moved on, experts say. A day could come when cold, hard cash would be the only way American tourists could pay for dinner during a vacation abroad.
And if the United States just chose to skip over EMV, that scenario would almost certainly play out.
Since the rest of the world has converted to EMV, if we decided to do something else, it would put us at odds, said Deborah Baxley, a New York-based principle for Paris-based consulting firm Capgemini. It would be a little like the metric system all over again.
If the U.S. found a way to skip EMV, it would have to maintain global interoperability while everyone else caught up. And because leapfrogging the world wouldnt solve that odd-one-out scenario, the U.S. would likely be stuck with its half-century old magnetic stripe technology as the common payment denominator.
What EMV does is it helps to secure transactions and it gives global interoperability, says Zilvinas Bareisis, a London-based senior analyst for the research firm Celent. That is not something to be sneezed at.
Dumping cards altogether is not a viable optioneven analysts with the dimmest outlook on the future of cards concede that plastic has at least another five years of relevance. Most predict a much longer life for cards.
And while mobile payments seem like the next logical technological step, there just isnt an existing acceptance infrastructure to make a quick switch.
The serious people in the industry who understand how all the parts of a payments system work and are connectedthey recognize that mobile payments will happen, but we are not going to stop and wait for it to hit maturity, Vanderhoof said.
Developing standards, testing and validating the system requires time and resources.
It takes 10 years to get major changes implemented, Vanderhoof said. The U.S. doesnt have 10 years to fix the problems with outdated security.
With large-scale and high-profile data breaches, and with increasingly sophisticated attacks against the U.S. payments system, America is emerging as the weakest link in the worlds payment security chain.
That big data breachit wasnt Tesco, it was Target, Luria said referring to the British supermarket giant.
Breaches are now coming from all sides, and keeping the antiquated system secure is a never-ending nightmare for security companies.
I have heard people say that with mag stripetrying to secure it from hackers is like putting a steel door on a grass hut, Baxley said.
An expanded version of this article is scheduled to appear in the March print edition of ISO&Agent
