Page 26 - GS250502
P. 26
Insights and Expertise
Revisiting the U.S. EMV of pages of documentation. Each card brand has its
own implementation requirements, creating a web of
transition challenges compliance standards that organizations must navigate.
A payment gateway must correctly handle:
and solutions • Application selection
• Multi-application cards
• Offline data authentication
• PIN management
• Secure cryptogram validation
• Fallback procedures
• Exception handling
For organizations with limited technical resources, these
requirements can seem insurmountable.
Integration nightmares
By Goran Bosankić
Field39 Legacy systems often feature hardcoded dependencies
and tightly coupled architectures not designed for the
hile much of the world embraced EMV chip flexibility EMV demands. Retrofitting EMV functionality
technology years ago, the United States into these systems frequently results in "spaghetti code"
followed a more complex and fragmented that becomes increasingly difficult to maintain.
W adoption path. For ISOs and payment ser-
vice providers (PSPs) operating with legacy systems, this Many ISOs report that what started as a seemingly
transition continues to present significant challenges. straightforward EMV implementation evolved into a
complete system overhaul, absorbing far more resources
Even the large processors are more comfortable with a than initially budgeted.
proper MV capable gateway being placed in front of their Certification bottlenecks
host, rather than handling the complex realm of EMV
payment transactions directly from the terminals. Perhaps the most frustrating aspect of EMV adoption
is the certification process. Each processor and card
Let's explore the gateway-side hurdles these payment brand requires separate certification, creating a matrix
industry players face and how they might navigate these of approvals that can take months—or even years—to
choppy waters. complete.
The legacy landscape
Many organizations find themselves caught in certification
Many payment gateways in the United States were limbo, with merchants ready for EMV but unable to
built during the magstripe era, an architecture that process such transactions because certification remains
fundamentally differs from the more complex EMV incomplete.
transaction flow. These legacy systems were designed for
simplicity: a single message containing the card data, to be Cost concerns
authorized in a straightforward process. The financial investment required for EMV migration
extends far beyond initial development. Organizations
EMV, by contrast, introduces multi-step transactions, must consider:
sophisticated cryptography and a variety of cardholder
verification methods. This isn't merely an upgrade; it's • Development resources
a complete paradigm shift that affects every layer of the • Testing equipment
payment stack. Thus, ISOs and PSPs face multiple key • Certification fees
challenges in navigating the EMV transition, which are
discussed below.. • Ongoing maintenance costs
Technical complexity • Training for support staff
• Documentation updates
EMV implementation requires specialized knowledge
that many smaller organizations lack in-house. The For smaller ISOs operating on thin margins, these costs
technical specifications are extensive, with thousands represent a significant burden.
26
