“EMV ‘A Swear Word’”

What's Next In Payments®
3:00 AM EDT March 27th, 2014

In her commentary column in the March 24 PYMNTS newsletter, Market Platform Dynamics’ CEO Karen Webster asked whether now is the time to hit the pause button on EMV.  She’s not alone in sharing that view, as more payments-industry insiders are wondering whether the push for EMV is solving the wrong problem 10 years too late.

Among the others questioning the efficacy of rushing toward EMV as a card-security panacea is Cortex MCP’s founder and CEO Shaunt Sarkissian. PYMNTS.com caught up with Shaunt for a podcast interview just after he very directly shared his opinion on EMV during the Innovation Project 2014’s Security Panel discussion.

(Jump to: 0:29) “I think I called EMV a swear word. I think the problem with EMV is that it is solving one granular piece of fraud. But the underlying payment mechanism is still that 16-digit number,” Sarkissian said. “So it’s a bit of bubble-gum and duct tape around the underlying method that is really not all that secure to begin with.”

EMV may be a solution politicians and the card brands like to tout, but it will do very little to deter fraudsters, who will just move on to a new weak point to attack, Sarkassian said. Adopting EMC will, however, require merchants to invest heavily in the system, he added.

Instead of implementing an essentially old technology to fix a new problem, businesses instead need to focus on building new solutions that don’t massively disrupt the commerce experience, Sarkassian said.

(Jump to: 2:09) “We could give a DNA sample at the point of sale, right, but the gears of commerce are going to come grinding to a halt,” he noted.  “On the flip-side, we could have a very loosey-goosey payment system where I walk in and say, ‘Oh, it looks like a picture that looks like you,’ and that might work in a vacuum in downtown San Francisco, but try doing it in Macy’s at Christmastime; it’s not going to happen.”

To build the innovative new solutions, smaller players, such as Cortex, are going to have to sign on with larger, more established partners, Sarkissian stressed.

(Jump to: 2:53) “For young companies like us, I could go out and get every merchantand every consumer on board” he said. “I would have to raise $5 billion just to go in and get that done.  I think smaller companies need to partner with larger companies to get these technologies to market.”

To hear the entire conversation with Sarkassian at IP 2014, click here.

PYMNTSAudioLogo2

*If you have trouble with the audio player above, click here.

 

Topics:
Comments
  • Chris Braceland

    “EMV ‘A SWEAR WORD’”… “Meh”, I don’t think so. This is a good word to the rest of the world who have adopted EMV. Especially when it come to solving a BIG piece of the fraud problem. More like the BIG rock in front of the granular stuff. Not the other way around. Bubble gum, band-aids, and duck tape, is what it will be until the US adopts EMV. Large US retailers doing business in Canada and other parts of the world, who have adopted EMV, do not think it is a bad word.
    Sooner or later, the rest of the world will not accept mag stripe cards. Americans will have to pay with cold hard cash unless they have a chip & pin card. Retailers will just not accept something (MS) that may put them at risk. Really, can you blame them..?
    The technology (EMV Chip & Pin Cards with P2PE) may be over 20 years old, but it works, and works well. No business sense to stay with a technology (MS) that is 60 years old.

  • Echo Michael Victor

    Another anti-EMV editorial posing as news, and again someone blaming EMV because it only does what it is designed to do – stop card present counterfeit fraud with a card present solution. I’ve not heard anyone familiar with EMV represent it as a panacea. It is a tool in the toolkit. It’s like complaining that a screwdriver cannot pound nails, so you shouldn’t buy one. It seems obvious that a card-not-present environment would need a card-not-present based solution – and they exist today. What do these naysayers have to offer today as a solution for either fraud situation that has been proven to work throughout the world using existing technology? As usual there is a lot of hyperbole, but few details. Shakespeare said it well; this article is “.. full of sound and fury, signifying nothing.”

  • MobileCommerce11

    Always good to see the Sales reps from the various Chip manufacturers (Gemalto, ect ) post during articles like this. The Magstripe vs EMV discussion is akin to arguing Betamax vs VHS in 2014. The correct answer is neither.

    Enjoy the continuing march towards irrelevance……..

  • Echo Michael Victor

    Wow. Quite a non sequitur. There are 2 previous comments, and I know I’m not a chip manufacturer. I’m in payments in the merchant segment of the industry, and at the moment mobile payment presentment is irrelevant in that space. Sorry that EMV is not part of Market Platform Dynamics Commerce 3.0. Perhaps in urban islands where the majority of people don’t drive, so don’t have to carry a wallet anyway, the mobile wallet will get traction. In the rest of the real world the mobile wallet solution needs to find a corresponding problem.

  • Philip Andreae

    Listening to this new entrant to the payment space, if I understand correctly, they are proposing that we start at the beginning or in his words “From The ground up” and argue the root of the problem is the 16 digit personal account number or PAN.

    Please, the Account number is only an index to an account held by an institution willing to hold someone’s money, a bank account linked to a debit cards. Or it is only an index to an account offered by an institution that is willing to fund, an unsecured line of credit linked to a credit card.

    EMV was designed to preserve the status of the PAN as a unique number. What it did was establish a means of assuring that the token “card”, “phone”, “Fob”, “Dongle” is genuine.

    CVV2, CVC2, CSS2 each one the the Payment networks names for a 3 digit value found printed on the back of the card. The Card Verification Code was designed to offer a low level of protection for Telephone Order, Mail Order and Internet based shopping. It would absolutely have been effective at protecting against fraud on the internet, if criminals attempted to use the card data stolen from Target. It would have made the data less useful if any of the hundreds of merchant systems around the globe would simply ask the consumer to find their card turn it over and type in three more numbers.

    SET and 3D-Secure attempted to provide a more secure method of authenticating that the person using the unique number, when shopping on the internet, was the person it had been assigned to.

    The challenge has been that the merchants are not willing to inconvenience the consumer, the Issuers are willing to live with the level of fraud and the consumer is not liable so not interested in participating in securing the transaction – “Convenience over Security”.

    Show me a solution, for the physical world, which reduces fraud and is as easy to carry and use. Show me a solution for the virtual world, which reduces fraud. Make sure it is as easy to use as the card with Signature or PIN or as simple as typing in the PAN, expiry date, cardholder name, maybe CVC2 and the billing address. More importantly make sure it will work at almost every merchant especially the ones we may only visit once.

    I totally get what ISIS and Google tried to do when they attempted to develop a proximity mobile payment solution. It is important to note they implemented their solutions based on the EMV contactless specification and mobile recommendation. I also appreciate what Amazon, iTunes, travel partners and others have done with their card on file solutions These work perfectly when I am a regular shopper and willing to register my means of payment with them.

    In my opinion we need to stop talking about the possibility that there is another solution and focus on the solution the rest of the world, based on a global commitment, is implementing.
    We need to be part of the world not different.

    • SMS

      Philip, if you consider 15 years in the Payment space making me a new entrant than your weak points may have had more validity. I have heard these poor kindergarten level arguments supporting EMV and CVV for years, and I see nothing has changed. I will not bother engaging in a further article posting rant discussion nor share our platform/IPas I have more important things to do…IE run a company. So in the future, when you want to spend 4 hours of your day posting rebuttles on PYMNTS to support EMV and

  • lensman1122

    EMV absolutely works in Canada. And as someone commented here if the US adopted EMV then even card-not-present fraud would drop considerably – no skimmed cards, no card data to use by fraudsters. As it is Interac recently announced that debit card fraud in Canada has dropped 63% since 2009 (when chip introduction started?). However, CNP fraud has jumped considerably as fraudsters seek out new avenues for their ventures – with data no doubt gleaned from US mag stripe credit cards. It seems to me that the US is trying to find a SINGLE answer to both card present and not present fraud – a cheap and easy to implement answer that I don’t believe exists.

Also by This Author
What's Hot
B2B Payments
Citi Launches Tablet App For Corporate Clients
Europe
Non-Cash Transactions On The Rise Globally
News
Criminals Currently Winning The War On Cybercrime
B2B Payments
Strip Ecosystem Getting A $10 Million Venture Capital Boost
View All Articles ››
You May Also Like
CEO Series
Why Focus Matters In Payments
B2B Payments
The ATM Network Of The B2B Payments Space
B2B Payments
Why Global Cross-Border M&A Deals Are On The Rise
CEO Series
How to Deliver Payments as a Platform
View All Articles ››