The Green Sheet Online Edition
March 24, 2014 • Issue 14:03:02
MasterCard, Visa form payment security group
In the aftermath of the large-scale data breaches at Target Corp. and Neiman Marcus, a new group hopes to restore consumer, merchant and financial institution confidence in electronic payments. Spearheaded by Visa Inc. and MasterCard Worldwide, the group is calling upon key stakeholders to help ensure payment system security moving forward.
"The recent high-profile breaches have served as a catalyst for much needed collaboration between the retail and financial services industry on the issue of payment security," said Visa President Ryan McInerney, noting that no industry or technology can resolve the issue of payment fraud single-handedly.
Chris McWilton, President of North American Markets for MasterCard, agreed that only through industry collaboration and cooperation will the real and immediate issue of security be addressed – and consumer confidence and trust be maintained.
While the names of other participants in the group have not been disclosed, Visa and MasterCard are urging banks, credit unions, acquirers, retailers, POS device manufacturers and industry trade organizations of all sizes to join in the endeavor.
Tackling EMV first
Initially, the group will focus on advancing the Europay/MasterCard/Visa (EMV) chip-card standard in preparation for the October 2015 deadline when fraud liability in the United States will shift to merchants who fail to adopt the new standard. In most other countries where EMV has been adopted, evidence correlates EMV implementation to reduced card-present fraud activity.
"Every country's financial industry landscape is different, and the EMV roadmap that the United States will follow will vary from others," said Dmitry Tarusov, Senior EMV Engineer at EFT Source Inc. "Because of this, it is impossible to determine if the joint initiative is timely or behind the curve. It is simply the natural progression for the EMV migration in this country. The same applies to other groups that are pursuing similar goals."
The Merchant Risk Council is working with the card brands to address security issues. "We very much support their decision to promote and require chip and PIN cards in the U.S.," said Karisse Hendrick, MRC Program Manager, Americas. "We have included EMV conversion as a topic of education for our members for the last year, in partnership with the card brands, and plan to continue to do so throughout the implementation process."
Another group, the Smart Card Alliance, has made inroads with key stakeholders. "The Smart Card Alliance and the EMV Migration Forum are not part of this new initiative," said SCA Executive Director Randy Vanderhoof, who also serves as Director of the EMV Migration Forum. "The EMV Migration Forum, since its inception in 2012, has the full support of and meets regularly with all payments stakeholders, including all of the payment brands, to work collaboratively on the U.S. move to chip payments."
Lack of resources for EMV migration projects could thwart progress. "In my opinion, the major challenge for financial institutions is the combination of a lack of EMV education and understanding, and limited human resources," Tarusov noted. "Though some portions of an EMV migration can be outsourced, it is very risky to not have an in-house EMV expert to manage day-to-day routines. In addition, these experts need to be available to advise on whether certain investments are worthwhile or unnecessary."
Monitoring EMV's impact on fraud is also critical. "Because we are primarily focused on card-not-present transactions, we have worked with the card brands to deliver statistics and metrics from other geographic locations that have previously implemented EMV across all card brands," Hendrick said. "This advises our members to prepare for an increase in card-not-present fraud as card present fraud is greatly reduced with this change."
Hendrick believes that groups like the MRC will continue to play an important role. "While we focus primarily on merchant fraud, we also work closely with third-party solution providers, acquirers and issuers to know what risks are current and how to mitigate them, as well as to meet with each other, share perspectives and work together for safe and more profitable commerce," she said.
The new group is encouraging participation by all parties through open dialog. "These conversations will serve as a useful forum to share ideas, break down barriers and spur the adoption of next-generation security solutions for the benefit of all," McInerney said.
Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.