The US payments industry should use contactless chip cards along with dynamic cryptograms - rather than end-to-end data encryption - in the fight against fraudsters, according to an industry association.
End to End Encryption is not in conflict with smartcard models - in fact, they are achieving the same end-game which is to protect data from attackers along the payments stream from the moment of capture.
However, whilst chip cards certainly have a role to play they bottom line is that many systems around the world have clear credit card data - from POS systems to in house merchant databases, loyalty schemes, e-commerce systems where its not easy to use a
smartcard, recurring payments and so on - least of which the US payment systems have not yet upgraded to chip based systems. Chip and PIN has also focused on cardholder verification - whilst the threats today are acutely targeted at bulk card data repositories
and processing environments.
The pure costs of migrating entire POS processing systems and the cardholder wallet of plastic mag stripe cards cannot be ignored in contrast to much easier to implement end to end encryption technology.
For example, upgrading an entire system to chip and PIN requires substantial hardware and software updates to multiple independent systems which can take many years. In contrast, we have successfully deployed End to End technology in less than 60 days with
merchants and payment processors.
So, I see a future where both end to end encryption and chip and PIN can embrace and mitigate the risk of data threats - but end to end can solve major risk problems on an immediate basis as has been proven in production noted in the article.
Vice President, Product Management
© Finextra Research 2014