GS Logo
The Green Sheet, Inc

Please Log in

Banner Ad
View Archives

View PDF of this issue

Care to Share?


Table of Contents

Lead Story

Elavon versus Cisero's dispute could have major repercussions

News

Industry Update

Will PayPal hit critical mass with recent deals?

Zappos.com hit with breach, lawsuit

Visa says PIN unnecessary for EMV in U.S.

A European perspective on U.S. EMV

Selling Prepaid

Prepaid in brief

N.J. unclaimed property ruling favors prepaid, sort of

nFinanSe, InComm wrangle over reload network

Views

The CPP exam - before, during and after

Steve Norell
US Merchant Services Inc.

Big changes ahead

Brandes Elitch
CrossCheck Inc.

Education

Street SmartsSM:
Putting the right tools into your tool kit

Bill Pirtle
C3ET Credit Card Consortia for Education & Training Inc.

Strategic planning nuts and bolts

Vicki M. Daughdrill
Small Business Resources LLC

Give your goals some oomph!

Adam Moss and Jeffrey Shavitz
Charge Card Systems Inc.

Turn no into knowledge

Jeff Fortney
Clearent LLC

Are your marketing materials compliant?

Peggy Bekavac Olson
Strategic Marketing

Company Profile

CSR - Compliance Solutions and Resources

New Products

A mobile app for Windows

Aircharge Windows Mobile
Cynergy Data LLC

Inspiration

You, too, can become a CPP

Departments

10 Years ago in
The Green Sheet

Forum

Resource Guide

Datebook

Miscellaneous

2012 Calendar of events

Skyscraper Ad

The Green Sheet Online Edition

February 13, 2012  •  Issue 12:02:01

previous next

Visa says PIN unnecessary for EMV in U.S.

In its push for the adoption of Europay/MasterCard /Visa (EMV) chip cards and near field communication (NFC)-enabled mobile payment devices in the United States, Visa Inc. released a set of best practices designed to clarify issues that concern EMV. One popular myth Visa seeks to dispel is that EMV will require personal identification numbers (PINs).

"There's a lot of confusion around the myth that EMV means 'chip-and-PIN,'" Stephanie Ericksen, Visa Head of Authentication Product Integration, said in a blog published Jan. 13, 2012. "It doesn't in many countries, including the U.S. That's because, in the U.S., we can rely on online processing where transactions are transmitted in real time to the issuer for approval. With that in place, there's no need for the offline authentication that was the genesis of chip-and-PIN."

Ericksen said because the United States will be a late adopter of EMV, it can avoid many of the costs and complexities of EMV implementation around the world and yet still receive the benefits of reducing fraud. Ericksen believes the key to EMV in the United States is to "implement a streamlined, online-only version of EMV chip."

"Our telecommunications system means we can rely on online processing that is fast, and where transactions are routinely analyzed with our real-time fraud scoring system prior to issuer review," Ericksen noted. "By adding the dynamic cryptogram of the EMV chip to online authorization, we'll increase transaction safety even more, yet without the more complex and expensive cards, terminals and processing capabilities that are needed to support offline authorization."

Static authentication supported, not the best

Visa will continue to support a number of static authentication methods after EMV is introduced, Ericksen wrote. The cardholder verification methods that will continue to be supported include signature, online PIN and no-signature for low-value transactions.

"In the longer term, we expect the industry will reduce or even eliminate its use of static verification methods, such as signature and PIN, in favor of new and dynamic forms of cardholder verification," she added, noting that online PIN entry devices must comply with the Payment Card Industry Data Security Standard.

Randy Vanderhoof, Executive Director of the 180-member nonprofit Smart Card Alliance, agreed that PINs need not be part of EMV verification. "The problem with static PINs is they can be copied or wormed and used to commit fraud much like the fraud we have today with cards without PINs," he said. "PINs are not a great solution."

Vanderhoof advocates for a "more dynamic card verification method" that would make it impossible for thieves to access accounts via skimming and phishing scams. "Static authentication methods remain vulnerable to reply attacks," he said, adding that the creation of dynamic authorization will be an important part of the payments industry. He called EMV a "starting point" in the United States' effort to curb card cloning and counterfeiting.

MasterCard Worldwide's own push for EMV adoption in the United States is "forthcoming," Vanderhoof said. Recommended practices

Visa's best practices document, Recommended Practices for EMV Chip Implementation in the U.S., stresses "all chip transactions should leverage the...infrastructure for authorization and authentication" because nearly all U.S. transactions are authorized online in real time. The card brand said its EMV specifications are specifically tailored for the U.S. market.

Visa added, "There are many options for additional complex functionality in the EMV specification, including offline authentication, offline cardholder verification and offline authorization, which are not necessary for chip technology implementation in the U.S."

Among Visa's recommendations for acquirers, acquiring processors and merchants implementing EMV are:

The best practices document can be accessed at www.blog.visa.com/wp-content/uploads/bulletin-chip-recommended-practices1.pdf.

For additional news stories, please visit www.greensheet.com and click on "Read the Entire Story" in the center column below the latest news story excerpt. This will take you to the full text of that story, followed by all other news stories posted online.

Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.

previous next

Spotlight Innovators:

North American Bancard | Harbortouch | USAePay | IRISCRM.COM | Humboldt Merchant Services