EMV’s US Misstep

There is no doubt that the Target breach was the catalyst for igniting EMV in the US. But why did it take such an extreme event to move merchants and issuers into an EMV frame of mind? In a recent podcast interview, MPD CEO Karen Webster sat down with Oberthur CEO Didier Lamouche.

 

In some ways, Karen Webster was the perfect person to talk to the CEO of the leading global supplier of EMV products and services. Her views on EMV and its applicability to the U.S. payments ecosystem now are well known. Didier’s perspective on the topic is interesting, and is steeped in an appreciation of the criticality of the mobile device in every aspect of commerce that comes from his 28 years of experience in the semiconductor, I.T. and Wireless industries, and his prior position as Chief Operating Officer at ST Microelectronics.

As a result, this conversation was balanced, respectful and at times even a little provocative, but it surfaced a few really important insights that could be very helpful in internalizing as EMV is deployed in the U.S. market. The one big takeaway? The EMV industry did itself no favors early on in the way that it talked about its approach and solution. Lamouche offers up his views on what could have been done differently that might have broken the EMV logjam a whole lot sooner.

 

KW: Let’s start with the perspective that Oberthur brings to EMV around the conversation that is mobile. On your website, there is a phrase that says, “Your mobile is your everything.” What makes EMV relevant in a mobile world?

DL: Mobility has become a way of life – whenever you forget your smartphone at home, you always go back for it. All companies who are bringing new use cases, new freedom to the consumers have to develop offers around mobile. When it comes to developing new use cases, the payments use case is a key one. That’s probably one of the things we do the most often in everyday life. We need to bring payments to the mobile space.

How do we do that? What struck me from my experience in the IT space was the interoperability between data, equipment, systems, and services. The reason mobile communication has spread so quickly, especially in Europe, is the interoperability that was built into the system, especially behind the TSM systems because these became the standard.

 

So, why EMV? Because EMV is a standard, whether we like it or not. And if you want to bring payments into the mobile space, you have to follow existing standards. Today, these [EMV] standards have been proven to be the most pervasive in the payments world.

 

KW: How would you rate the readiness of EMV in the U.S. and what could improve this readiness?

DL: Clearly, we have seen that the Target breach has been a wake-up call for everyone – that has really pushed the movement. Once a risk becomes real, the U.S. has a very reactive economy. That’s exactly what happened with the Target breach.

There is a clear willingness now from heads of companies to make it happen. OT and our competitors are accelerating our investments – we are doubling the capacity in the market. The deal we made with First Data in November was to accelerate the adoption and change the ecosystem. At the consumer level, the CEO of MasterCard told me that 65 percent of the population now knows about the arrival of chip cards and they’re asking for it. There is a momentum coming.

How do we improve the readiness? If you allow me to be a bit provocative, I still read criticisms about how we should leapfrog to mobile and not invest in EMV. I am a bit surprised to see that those questions are asked in the U.S. But to improve readiness, we should put all the questions behind us, accept EMV and push the migration forward.

 

KW: So I am one of those people who writes things like that as a way to stimulate conversation about that topic, as it’s a fair issue to be talked about. One of the things people still have concerns about is the migration path, and the time before all merchants that need to be enabled with EMV will actually be enabled. The dilemma that merchants are trying to sort through are the costs versus benefits versus the time frame at a time when there are investments in mobile.

DL: I am fully with you, and I apologize for my teasing, but this has been good to bring up some controversy in the discussion. The fact that the migration might be costly and long is a great point. However, having said that, in the U.S. market, there is a possibility to migrate to a later version of the EMV standard, the opportunity to benefit from learning about the solution in other countries, and they have the ability to migrate and enable mobile payments using EMV. I know that when the U.S. decides to make a move, they do so in a way that is faster and more efficient than anyone else in the world. I think the U.S. can combine their best online payments system and network with EMV fraud technology. That can really bring the U.S. to the top when it comes to security.

 

KW: Let’s talk about HCE. What is your view and how will OT support it if you think it’s a technology that should be deployed as part of mobile EMV?

DL: You can’t speak about HCE without talking about NFC or other technologies enabling mobile payments. I think the industry has made a mistake in the past in promoting NFC payments for too long without bringing it quickly and efficiently to the customer. Maybe the reason why this has taken so long is that initially it was a technology issue, but now I think those problems are behind us. Second, I think there has been a business model issue between telcos, banks, and others who will share the benefits. And when you assess the situation and there is no solution brought to life, there are competing solutions like HCE pushed by other contenders. Without the issues with NFC, HCE would not have occurred.

Now HCE is an interesting technology to bring mobile payments to life. It’s clearly shaking the overall ecosystem and what we see in the market is a push with HCE and NFC. At Oberthur, we believe that there will not be one system that will prevail in the world. We are investing in all technologies – at least the three or four main ones – to let customers choose what they want for security solutions. Some countries will be focused on NFC and HCE, and others will be focused on other solutions.

 

KW: Do you see HCE as a mechanism for enabling a mobile EMV standard in developing markets where broadly adopting EMV cards isn’t feasible given the lack of POS infrastructure? Is that why you’re taking the approach in supporting a lot of solutions around the EMV standard?

DL: Absolutely. For example, in Africa where there is more of a mobile penetration than a bank penetration, HCE will clearly be one contender. I also wouldn’t be surprised to see HCE picking up first in the U.S., as it is more cloud-based. That’s why we are offering global solutions to our customers so they can address specific nations’ needs.

 

KW: Let’s talk about the idea of authenticating the consumer and protecting the cardholder at the point of sale. Obviously, they’re both related, but they are different in terms of solutions and requirements to create an environment where that is done safely, securely, and efficiently. How is OT addressing these two things?

DL: Technologies like encryption are clearly part of the solution. One thing that’s interesting that we are working with a few customers on is the idea of mobile IDs – making sure that the customer is the right person. They can encrypt these in a chip that could be a SIM card to verify the identity. Another thing we work on are biometrics for authentication because it is convenient for payments and mobile services.

 

KW: The fact with EMV is that we are implementing it. That said, merchants and issuers are still confused about a lot of things. From your perspective, what’s the biggest misunderstanding about EMV and what is OT doing to correct it?

DL: My conclusion at this point in time is that we made a mistake as a security industry. We tried to sell or promote EMV in the U.S. based on anti-fraud business case. We need to bring something new to the case. As a customer, you can do much more with a chip than simply securing – you can load coupons, offers, and other types of IDs. The other thing is that we should have pushed the brand value, the trust of the customer, and not the reduction of fraud in dollar amounts. At the end of the day, can a customer trust a brand, for example Target, after such a serious breach?

We are talking this way to our customers now. It’s a fantastic steppingstone to a place where merchants will have to go eventually – the migration to mobile payments. Take this step now because you will be the first to enable customers to migrate to mobile, and it will be a brand booster because these retailers enabling mobile will be seen as leaders of the market.


Didier_Lamouche

Didier Lamouche
CEO of Oberthur Technologies

Didier Lamouche has over 28 years experience in the semiconductor, I.T. and Wireless industries. Prior to joining Oberthur Technologies, and since November 2010, Didier Lamouche was Chief Operating Officer of ST Microelectronics (a worldwide, semiconductor leading company, listed on the Paris, Milan & NY Stock Exchanges)and in addition, since December 2011, he took over the role of President & Chief Executive Officer of ST-Ericsson, the 50/50 Joint Venture between STMicro and Ericsson, developing and selling semiconductor platforms and systems chips to the wireless telecommunication handsets industry.

In February 2005, Didier Lamouche joined the Group Bull as Chairman and CEO (Information Technology and Services company with worldwide presence, listed on Euronext comp. B). He succeeded to turn around and reposition Bull on the European I.T. landscape, boosting its server strategy by taking a leadership position on the High Performance Computing segment and repositioning the company on a “services and solution-centric” business model. He left the company in May 2010, with a solid market position and a new and consolidated shareholding structure that he initiated.

Prior to this, Didier Lamouche acquired extensive industrial and turn-around experience in the field of Semiconductors, as Vice President of Worldwide Semiconductor operations at IBM –East-Fishkill NY- 2003 and 2004, creating and leading as Chief Executive Officer Altis Semiconductor – a foundry JV between IBM and Infineon – 1998 to 2003, and at other leading technology companies like Motorola and Philips where he started his career as R&D engineer.

Didier Lamouche has also served on the Board of various listed Companies, Soitec (since 2005), Adecco (since 2011), ST Micro (2006 to 2010), Atari (2007 to 2010) and non-listed companies ST-Ericsson (2011) and Cameca – a private equity owned technology company – (2005 – until sold in 2006).


For more of the conversation between Didier Lamouche and Karen Webster, listen here.