Profile
Location
Reading
Member since
2006
Reads
Writes about:
Kevin Smith

Kevin Smith

RISK MANAGEMENT & PAYMENTS CONSULTANT at Riskskill
Posts: 0 Comments: 5
Bio Payments and risk management independent consultant Career History 8 years independent consulting, Visa Europe and Visa International, Switch Card Services, Lloyds Bank, Sainsburys Stores

Kevin is Commenting on

UK Finance recommends 18-month delay for new authentication rules

  Common sense is eventually being applied here, albeit very late in the day. SCA is very complex, its implementation across so many stakeholders needs to be viewed as not dissmaliar to the historic national implementation of chip and PIN across Europe. The specifications, guidance and clarification of implementation requirements have been slow in delivery and refinement. It requires the partipcaption, engagement of and communication to all stakeholders. Further to earlier comments and observations, the UK is definitely not alone in flagging these SCA related concerns, all European markets are having similar discussions on "are we really going to be ready by 14/09/19, when will we realistically be ready, what needs to happen, what needs to be communicated and to whom". The real implications of poor understanding, not being ready and the threat of penalties for non-compliance would have significant negative imapct on merchants and consumers as the end users  - not just issuers and acquirers. It has taken strong industry pressure to get UK Finance and FCA to recognise that we collectively are not ready but must have a realistic plan on readiness and compliance with EBA requirements. A suggested delay of 18 months to compliance enforcement will enable stakeholders more time to implement. However, ongoing monitoring and pressure will be critical to ensure parties do not leave everything to the last minute. There will be no more delays. The proposed delay in enforcement after 14/09/19 must be used to ensure that we continue to focus on reducing fraud, educating merchants and consumers and getting the implementation right to minimise adverse impact for merchants and consumers.

US Adoption of Chip and PIN - Pressure Grows

  Agree. The discussion is being deliberately confused and clouded to meet other business drivers from key stakeholders. Why would you install a security door and not draw the bolt. EMV chip alone gives you counterfeit protection, and this is critical where fraud is meerily mag stripe-read and issuer-authorised. EMV chip supports offline and online authorisation, based on parameters set by the issuer and acquirer. So it will go online in the US. No problem. Signature is broken and has been for as long as I have been in payments. It is like no CVM at all, which is also a common even preferred option in the US. That said, PIN verification, whether on or offline, gives you far superior lost/stolen protection, where the fraud will migrate to. Consumers are not daft, they can remember a PIN, theres just a lot of credit card holders in the US to educate. Is PIN as a CVM fall-proof? Not 100%. Cardholders forget that "PIN" standards for Personal Identification Number, you are supposed to keep it secret. As seen elesewhere, there will be more spam emails, shoulder surfing, PIN compromise attempts at ATMs/POS, illicit cameras, etc. There will be concerted attempts to compromise hardware, software, security standards, certification, even the manufacturing process, etc. We have learnt a lot as an industry over the past 20+ years, lets share and use it wisely. There are still plenty of other weak spots in the payment process. The challenge is you manage risk through a layered solution approach, EMV chip and enhanced CVM options is just another example of that.