EMV continues to be a hot topic in the payments sector, especially after Visa's announcement last month that it would take steps to speed up adoption of the dual-interface chip technology in the United States.
I've been speaking with experts and analysts in the banking industry about their thoughts regarding EMV for an article that I'm working on. For the most part, I've heard about how EMV technology would significantly reduce fraud in the U.S. payments sector. One person I spoke with, however, had quite a different take on the EMV rollout in the U.S.
Dena Hamilton, detection and fraud expert at intelligence solutions provider Detica, was quick to identify EMV's possible weaknesses. "The first specifications of EMV were written in 1996," she said. "One of the greatest security risks to EMV that people have not really acknowledged is that we’re talking about a technology that’s almost 15 years old and has yet to be adopted by one of the single largest producers of transactions -- the United States."
Hamilton said that given the slow global adoption of EMV technology -- only 36 percent of cards around the world have it -- it will probably take a while for a widespread rollout to be completed. By the time that rollout actually happens, she pointed out, the technology will probably not be as secure as we once thought it was. "You could be looking at a 20- or 25-year-old technology before it’s even adopted across the globe. Your security risk is higher with an older technology," she said. "What’s the probability that it’s not going to be compromised, tapped into, hacked by then?" Good point.
Although Hamilton's view may seem a bit skeptical, it might be a very healthy form of skepticism -- the type that keeps us one step ahead of fraudsters.
I'll be revealing more of my discussions around EMV in an upcoming article. Until then, I'd love to hear your views about the EMV rollout in the U.S. -- especially if they stray from the norm. If you'd like to weigh in on this hot topic, please e-mail me at firstname.lastname@example.org.