Bank Systems & Technology is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


10:33 AM
Connect Directly

Experts Debate the Security of EMV

While many in the financial industry acknowledge that the EMV standard is not 100-percent secure, some say it may be the best option available for securing POS payments.

EMV, the chip-based payment standard used in many countries around the world, has been lauded for reducing point-of-sale card fraud. But while some financial industry professionals are encouraging an EMV rollout in the U.S., others are saying that the standard is flawed.

"My biggest concern with EMV is how safe it will be in another 10 years," says Dena Hamilton, detection and fraud expert at Guildford, UK-based intelligence solutions provider Detica. "One of the greatest security risks to EMV that people have not really acknowledged is that we’re talking about a technology that’s almost 15 years old and has yet to be adopted by one of the single largest producers of transactions -- the United States. How long will it take to roll this out across the U.S.?" Ideally, a rollout would take about four years, according to executives at Visa (San Francisco), who recently announced a plan to help speed up adoption of EMV contact and contactless chip technology in the U.S. The company has set a goal to have a working EMV payment system in the U.S. by October 2015.

Others, such as Julie Conroy McNelley, senior analyst at Boston-based Aite Group's retail banking practice, are not so optimistic about a quick rollout. "There's no way we're going to be there that soon," she says of Visa's goal. She says that putting the infrastructure in place to facilitate all of the loyalty aspects that could help drive EMV acceptance among consumers, on top of getting NFC terminals at the point of sale, presents "a really big hurdle" that will make a widespread rollout more difficult.

Hamilton agrees with McNelley, adding that the security of the technology will be compromised by the time a rollout actually happens. The EMV standard has already been compromised, according to researchers at The Security Group in the Computer Laboratory of the University of Cambridge in England. In 2010, researchers Steven J. Murdoch, Saar Drimer, Ross Anderson and Mike Bond published a technical paper called "Chip and PIN is Broken." The paper identifies security flaws they found in the type of payment that requires PIN authentication along with an EMV-based chip card at the point of sale, a method widely used in the U.K. and many other countries throughout Europe.

1 of 2
Register for Bank Systems & Technology Newsletters
Bank Systems & Technology Radio
Archived Audio Interviews
Join Bank Systems & Technology Associate Editor Bryan Yurcan, and guests Karen Massey and Jerry Silva from IDC Financial Insights, for a conversation about the firm's 11th annual FinTech rankings.