IMGCAP(1)]
As companies push various strategies for the complete encryption of payment card data, the Smart Card Alliance weighed in Monday with what it considers a simpler alternative: wider use of contactless cards, CardLine Global sister publication American Banker reports. The United States-based trade group contends contactless cards eliminate the need to store static information on cards' magnetic stripes. Contactless chip cards already incorporate dynamic cryptograms that change with each transaction, the group says in a report. "End-to-end encryption still leaves the United States with a payments infrastructure that has a glaring weakness — the magnetic stripe," the report says. Randy Vanderhoof, the group's executive director, says wider use of contactless cards could move the United States closer to other parts of the world, where consumers increasingly use chip cards backed by the EMV antifraud standard. "We should be putting our effort and our investment into expanding the use of chip cards, because they introduce this dynamic data which make the information running through the system useless to thieves," Vanderhoof says. Accredited Standards Committee X9 Inc., U.S.-based forum that sets standards in the financial industry, began looking at the issue of complete encryption in April. But as early September the committee had not decided if a standard is needed. Another question is whether to build a standard on top of the Payment Card Industry Data Security Standard administered by the U.S.-based PCI Security Standards Council LLC or to make encryption an independent project, the alliance said in its report. The report is unlikely to persuade everyone. Heartland Payment Systems Inc., a U.S.-based processor, plans to introduce in the fourth quarter a merchant terminal, the E3, that encrypts card data at the point of acceptance. The information can remain encoded until it reaches the card networks. Heartland announced a massive breach in January and has since become aggressive in pushing for encryption of all card information. U.S.-based terminal vendor VeriFone Holdings Inc. plans its own point-of-sale terminals with data encryption. "Even in Europe where chip cards have been deployed, we are talking to acquirers and retailers who believe that end-to-end encryption is needed to more fully protect cardholder data," a spokesperson says, adding the vendor supports migration to chip cards. "VeriFone believes that good security requires multiple layers or facets and should not just rely on a single technology."
