This is my last post on EMV which I am sure will please a number of people. Although I know this debate will only continue. There are a lot of people out there that have taken large swigs of the Kool Aid and blindly believe that EMV is nothing but good and perfect with no bad side.
After all of these posts bashing EMV you probably believe that I despise EMV, but I do not. What I despise is that EMV is portrayed as the savior and it is not. This is no different than how the card brands portray the PCI DSS as “the be all to end all” of security standards which it is not.
Just like the PCI DSS will never eliminate all breaches, EMV will never eliminate all fraud. However, in both cases, they will reduce their number of respective incidents that occur to a more manageable and acceptable level.
In part 2 I pointed out that from a card present fraud perspective; EMV really brings no incentive to change. In part 3 I pointed out that EMV has security issues, so it is not a perfect solution. So what can be done to give EMV a feature or attribute that would improve its adoption through the rest of the world?
I stated in my original post that EMV can be used to also secure on-line transactions, but are not used to secure on-line transactions because the banks, card brands and Web developers could never agree on a standard for such functionality.
Not that the banks, card brands and Web developers really tried to come together and create a standard. However, without such a standard, it is impossible for Web sites to cost effectively implement their end of the EMV on-line security solution.
Card not present fraud is out of control. It is growing at 25% to 30% annually around the world, even in those places that have EMV. No one seems to be doing much about it. However, EMV could provide a solution to a tremendous reduction in card not present fraud if such an on-line security standard were developed.
The beauty of this solution is that the hardware and software already exist for the most part on the client end. What is missing is the standard between the client and the Web site that would create an authentication between the card and the Web site that would be nearly impossible to replicate.
The bottom line is that EMV could be used to take a lot of the risk and threat out of on-line transactions with little effort. So let us lobby the banks, card brands and e-Commerce vendors to come together and create something good of EMV.
Cross-posted from PCI Guru