Monday, December 5, 2016

EMV adoption delayed by Visa

Visa Pushes Back EMV Adoption Timeline Plans By Three Years

Installing these new payment terminals, however, comes at a rather steep cost, which most gas station owners are not necessarily willing to pay right now. Then again, it is in their best interest to deal with increasing fraud numbers and skimming attempts.  Now that Visa is effectively giving them a reason to delay increasing payment security, things are not looking good for the consumer.
US fuel stations are notorious for being behind the curve when it comes to embracing costly updates, even at the risk of less secure payments. Chip card readers are expensive and can cost up to US$10,000 per gas station. That is quite a lot of money, and most locations simply cannot afford such a change during these times of economic crisis.
It remains to be seen what Visa plans to do against these organized crime outfits who are targeting fuel stations with card skimmers. Several Southern US states are seeing an increase of  stolen card details of late, and it is apparent that something will need to change sooner rather than later. Even though some skimmers can steal PIN data as well, card swiping needs to phased out before things get out of hand even more.
Background issues on security boil down to the usual, the security risk is comes from assigning the intelligence to the  banker.  Fraud starts and stops at the card.  The Secure Smart Card is peer to peer secure, two cards, unaided, should be able to securely transfer digits.

Bankers and start ups ate using the wrong model, it is not humans talking to bankers, it is two cards exchanging, no humans involved. So, in the worse case, someone wants gas, take your card to the shop and exchange with the card the clerk has.  This worst case exchange of digits is transactionally free, except for the one time per year $40 payment. There is hardly a measurable capital equipment cost.  Card skimmers do not work, placing hidden code in routers or readers will not work  Fake cards do not work because the secret key is never revealed.

Repeat: Card are not counterfeitable. Cards keep secret keys among themselves and can genetically recognize any card coming from a valid fab. All transactions are encrypted, card to card.

Where is the confusion about security?  Everyone wants the humans involved to preserve security, but it is that attitude that has creates insecurity.

No comments: