GS Logo
The Green Sheet, Inc

Please Log in

A Thing
View Archives

View flipbook of this issue

Care to Share?

Table of Contents

Lead Story

Apple: Friend or foe?


Industry Update

MCX hits the rocky PR road

The line-busting potential of in-app payments

Add smart TV payments to the omni-channel experience


Addressing the digital identity crisis

Mobile payments, mobile acceptance

Preparation is key for mobile prosperity


Growing in giving

Thom Aldredge
The Give Back Campaign Inc.

Dare to think like Square

Alex Nouri
EFT Direct


Street SmartsSM:
Merchant attrition - Part 1: Resisting the tide

Tom Waters and Ben Abel
Bank Associates Merchant Services

POS imitates life

Dale S. Laszig
DSL Direct LLC

Professionalism and pocketbooks

Vicki M. Daughdrill
Small Business Resources LLC

Don't get gouged by pass-through, pass-through, pass-through

Adam Atlas
Attorney at Law

Company Profile

National Merchants Association

New Products

Online fraud protection


NFC made easy

"Tap Into NFC" Developer Program
NFC Forum


Thankfulness breeds prosperity


Readers Speak

Resource Guide


A Bigger Thing

The Green Sheet Online Edition

November 24, 2014  •  Issue 14:11:02

previous next

Readers Speak

How secure is EMV, really?

I've heard that EMV terminals have already been compromised by researchers in at least two ways. In one scheme, and I have no idea how they could have done this, but researchers accurately predicted what the "unpredictable" dynamic CVV for a chip card would be for a particular transaction. In another scenario, researchers convinced an EMV reader that a card requiring a chip and PIN was actually a chip and signature card, which totally negated the extra protection providing a PIN offers.

Why are we going to all this trouble to implement EMV when it's already been proven to be vulnerable? Why not go right to some biometric authentication, like the thumb print Apple Pay uses?

Heather Mulvaney,Merchant Level Salesperson


The truth is that no matter what technologies we put in place, no method will ever be 100 percent safe. With card data being so valuable on the black market, criminals are highly motivated to find ways to circumvent protections, and they strive to do so just as soon as, or even before, new protections are implemented. It feels like they are always one step ahead; however, security experts are also highly motivated to continually find new and better ways to protect the payments ecosystem.

No method of payment acceptance is perfect, but it is generally agreed that Europay/MasterCard/Visa (EMV) chip and PIN transactions are significantly more secure than traditional mag stripe transactions.

While EMV technology is susceptible to attack, it has nonetheless been proven to significantly reduce fraud at the POS in regions throughout the world where it has already been implemented. It is expected that we will enjoy the same results here in the United States. Regions using EMV also experienced an increase in card-not-present fraud after EMV's implementation, but knowing that, savvy payment professionals serving the e-commerce sphere are helping their clients strengthen their data security efforts to thwart increased attention from fraudsters.

The fact that Apple Pay is employing consumers' thumb prints as part of the payment process might be the thing that turns biometrics into a mainstream component of payments. Biometric data is already used for identification in certain corporate and government settings (thumb or hand prints, retinal scans, etc.) for access to restricted information or places on campus, but those are environments in which workers, by and large, have to accept its use as part of their employment. Whether a critical mass of consumers will embrace use of their thumb prints for payments voluntarily remains to be seen. Some folks are highly concerned about their prints being stolen and used fraudulently because, unlike payment card numbers, their prints cannot be replaced. Others feel like it's not a big deal.

As always, our industry is evolving rapidly. We cannot predict what the most convenient and secure payment technologies will be down the road, but we can study the options, and advise our clients about the latest card brand requirements and how best to avoid being an easy target for fraudsters and all the liability typically associated with that.

By asking questions like this one on EMV, you are doing just that, and we hope to continue to contribute to your ongoing education in payments in the years to come.


What's your take on today's payments issues and trends?

What do you think about the looming EMV implementation deadline? Are your merchants prepared? Do you think it's the right solution, or do you favor something else? We'd love to hear your thoughts on this, as well as on other important payments industry issues and trends. And we always welcome your questions and comments. So write that email right now and press Send:

Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.

previous next

Spotlight Innovators:

North American Bancard | USAePay | Impact Paysystems | Board Studios