EMV In The Cloud – A Vision For The Future Of Global EMV Adoption
Jeremy Gumbley, CTO CreditCall
The cost of EMV migration is widely acknowledged as one of the major barriers to the adoption of the new standard. The shift away from the mag-stripe to EMV Chip-card technology brings increased costs for issuers in addition to the considerable expense necessary to upgrade the entire card acceptance infrastructure. The investment burden of this radical overhaul weighs heaviest in countries with very large numbers of payment cards in circulation. The US is one such market – in 2012, 33% adults in this market owned two or three credit cards according to CreditCards.com.
The business case for EMV has already been called into question - do high implementation costs risk pricing some organisations out of the picture and therefore create a barrier to global adoption?
Global adoption will be crucial if the EMV standard is to achieve its central goal of worldwide fraud reduction. The payment chain is not restricted by country borders, and nor are criminals, who expertly seek out and exploit regional loopholes. This fraud migration phenomenon is evidenced in recent data from the European Central Bank. Although fraud in the EMV-mature Single Euro Payments Area (SEPA) fell 7.6% between 2007 and 2011, total fraud with counterfeit cards outside the SEPA zone grew to 78% from 61% in 2010.
The answer to the cost conundrum may lie in a technology, which is already in use across many other areas of financial services – the cloud. Point of sale (POS) manufacturers and integrators are charged with replacing or upgrading all terminals on behalf of their merchant customers. This is a costly and time-consuming process that requires the integration of numerous pieces of hardware, software and management of strict and extensive testing and certification procedures. The certification expense is not limited to initial installation – organisations in EMV mature markets face ongoing software updates and re-certifications in line with specifications from EMVCo, the organisation that manages the EMV standards and associated compliance processes.
Forward thinking manufacturers and integrators are already exploring ways in which they can reduce these costs and the cloud is quickly emerging as a viable solution. With this approach, the EMV Kernel – the set of functions that provide all the necessary processing logic and data to perform an EMV transaction – is hosted in a cloud-based server. The major advantage of accessing the terminal via web service in this way is that it allows for instant software updates. With less software and no transaction data sat within the actual terminal, this technique also simplifies the data management process. With other typical terminal features also provided via a web service, the terminal of the future is likely to be ‘dumb’ – simply providing a human interface to transactions and other services in the cloud. As the payment landscape becomes increasingly complex, this flexible, simple and easy to integrate solution will be appealing for merchants, enabling them to focus resources on their business, rather than the payments infrastructure itself.
Of course, this development would not work for those with no online presence. However, it is likely that the flexibility of the cloud will attract the attention of both traditional and Mobile Point of Sale (mPOS) developers. It is clear that fraud reduction on a global scale requires an initiative at this same level. The industry must collaborate and co-ordinate to smooth the route to global EMV adoption and interoperability. Failure to do so is simply relocating rather than eradicating fraud and will keep the true benefits of the EMV initiative just out of reach.