EMV was implemented to provide a worldwide standard for the interaction between integrated microprocessor (chip-based) “smart cards”, approved payment devices and ATMs. The standard includes credit, debit and contactless payment transactions.
A wide range of applications can be supported by these chip-based cards, but performing payment transactions that store encryption data for authentication is the most common use around the world. For more than ten years, encrypted data on chip cards has been used to prevent cloning of payment cards. If it is combined with PIN, consumer authentication and the prevention of non-repudiation are achieved.
An EMV terminal reads data stored on the chip card for offline transactions and authenticates that the data is legitimate for general payment applications. This prevents the use of stolen or cloned cards. Strong cryptographic` functions are used to authenticate the card and the cardholder to ensure validity and authenticity.
However, magnetic stripe cards do not have the same kind of data storage. They also do not have a microprocessor, therefore, magnetic stripe cards can’t contain the same security features as chip cards because there isn’t a dynamic data element and the cards are easily cloned. In the case of magnetic stripe cards, the cardholder’s data is encoded on the magnetic stripe on the back of the card. This is similar in theory to a tape recorder.
When the card is swiped, all of the cardholder data, including the account number, name and expiration date is sent in one direction from the payment terminal to the authorization network. The authorization network checks the information, authorizes the charge and provides a payment guarantee to the merchant.
For the most part, since magstripe has worked well, risk is relatively well managed and consumers are happy with the status quo, there has been reluctance all around for bearing the cost of the migration.
Rapid consumer adoption of mobile phones and smart phones is the driving force for new forms of communication, social media, which is widely expected to lead to quick adoption of mobile payment capabilities.
Mobile technology, and more specifically NFC (Near Field Communications), is dramatically tilting the playing field and easing retailer resistance to investing in innovation at the point of sale (POS). Instead of viewing NFC as only another payment acceptance technology, retailers view this as a technology providing a converged solution for integrating payment with applications that increase traffic and sales.
Customers will be driven into stores with the emerging online services such as digital couponing, loyalty rewards, location-based social media and value-added applications. However, those shoppers will expect merchants to integrate these new services with their payments in one transaction.
NFC is a radio-based interaction protocol compatible with existing contactless payment standards which is increasingly being incorporated into mobile smartphones to bridge the previously dissimilar worlds of the internet and the brick & mortar retail environment.
NFC-enabled phones will allow consumers to get information instantly and pay for products or services from their mobile phone-based electronic wallets with just a tap or wave at any NFC-enabled payment device. Additionally, because NFC supports two-way communication, merchants can lure consumers with digital coupons and promotional messages sent directly to their smart phones or interactive loyalty solutions.
Interest in NFC soared in 2011 with the introduction Google Wallet and three wireless service providers, AT&T, Verizon Wireless and T-Mobile, formed a joint venture called Isis with a similar concept that has since won support from MasterCard, Visa, American Express and Discover.
NFC may be the main driver in making EMV viable in the U.S. However, there are many business factors that are converging to make EMV more relevant to the U.S. payments industry.
While the relative cost of card fraud has been mainly consistent and has been built into the fees structure for card acceptance, it still represents a huge sum of money and the issuers are eager to transfer liability for those costs to the merchant.
Cataloging the precise losses from card fraud in the U.S. is difficult, however according to a report by a senior economist with the Federal Reserve Bank of Kansas City, it amounts to more than $3 billion annually. This amount is spread among card issuers ($2 billion), point-of-sale merchants ($837 million), and mail order, telephone and Internet merchants ($900 million).
Organized crime efforts to exploit payment cards have resulted in increasingly sophisticated efforts that have included large heists such as a crime ring in 2008 that was charged with stealing 45 million credit and debit cards from a number of national retailers, and in January 2009 an assault on Heartland Payment Systems that comprised an estimated 130 million card accounts.
More recently, New York City law enforcement officials charged “members of five organized forged credit card and identity theft rings based in Queens County and having ties to Europe, Asia, Africa and the Middle East” with stealing the personal credit information of thousands of unwitting American and European consumers “and costing these individuals, financial institutions and retail businesses more than $13 million in losses over a 16-month period.”