EMV, the chip-based payment standard used in many countries around the world, has been lauded for reducing point-of-sale card fraud. But while some financial industry professionals are encouraging an EMV rollout in the U.S., others are saying that the standard is flawed.
"My biggest concern with EMV is how safe it will be in another 10 years," says Dena Hamilton, detection and fraud expert at Guildford, UK-based intelligence solutions provider Detica. "One of the greatest security risks to EMV that people have not really acknowledged is that we’re talking about a technology that’s almost 15 years old and has yet to be adopted by one of the single largest producers of transactions -- the United States. How long will it take to roll this out across the U.S.?" Ideally, a rollout would take about four years, according to executives at Visa (San Francisco), who recently announced a plan to help speed up adoption of EMV contact and contactless chip technology in the U.S. The company has set a goal to have a working EMV payment system in the U.S. by October 2015.
Others, such as Julie Conroy McNelley, senior analyst at Boston-based Aite Group's retail banking practice, are not so optimistic about a quick rollout. "There's no way we're going to be there that soon," she says of Visa's goal. She says that putting the infrastructure in place to facilitate all of the loyalty aspects that could help drive EMV acceptance among consumers, on top of getting NFC terminals at the point of sale, presents "a really big hurdle" that will make a widespread rollout more difficult.
Hamilton agrees with McNelley, adding that the security of the technology will be compromised by the time a rollout actually happens. The EMV standard has already been compromised, according to researchers at The Security Group in the Computer Laboratory of the University of Cambridge in England. In 2010, researchers Steven J. Murdoch, Saar Drimer, Ross Anderson and Mike Bond published a technical paper called "Chip and PIN is Broken." The paper identifies security flaws they found in the type of payment that requires PIN authentication along with an EMV-based chip card at the point of sale, a method widely used in the U.K. and many other countries throughout Europe.