Different Technologies Vie to Protect Payments

The payment card industry is well aware that better technology must be implemented to protect consumers from credit card fraud and theft. The biggest problem though is choosing what system to implement in regard to cost and efficiency, not to mention the difficulties of ever finding a solution that will have 100% adoption.

Emerging protection systems include EMV, dynamic cryptograms and end-to-end encryption, dynamic cryptograms and EMV are all options being considered to protect payment, each with its own pros and cons.

EMV, which is essentially chip and pin, is already a popular option that is being implemented in numerous countries, including Canada, Europe and Mexico. The US has not moved toward a chip and pin system yet, but most industry insiders consider it an inevitable switch, as the country has high number of “card-not-present” fraud incidences. The EMV technology is well proven with solid security in place. The biggest drawbacks for the technology include lengthy delays in the deployment of the product and the incredibly high expense. Banking institutions have to replace every customer card and new terminals are required for full security benefits to be felt.

Already companies such as Heartland Payment Systems, a company especially sensitive after the 2008 fraud attack that resulted in millions of card numbers being compromised via their system, are looking at putting chip and pin technology into new terminals, so that if American credit card companies implement the system their terminals are ready to go.

Dynamic cryptograms work on a different premise, in that when a contactless credit card is used by a customer, rather than their credit card information being processed, a dynamic cryptogram is transmitted to the appropriate institution. These cards have one big advantage, in that some US banks already utilize the technology for contactless cards. The costs are much lower than that of EMV technology and the solution could be implemented much more quickly.

Many people have looked at contactless cards as a convenient option, but the security benefits are an unrecognized and important consideration.

A controversial option for credit card security is end-to end encryption. It’s an emerging technology and the standards for what exactly it is are not clear, resulting in some confusion and suspicion of the product.

Sid Sidner, director of security engineering at ACI Worldwide says, “End-to-end encryption uses a form of cryptography that hasn’t been blessed yet. People would feel better if there were a standardized form.”

Heartland is in the soft launch phase for a product that may change the industry’s viewpoint, according to Steve Elefant, architect of Heartland’s end-to-end encryption product, E3. Essentially the product will secure data from the moment of swipe right through to processing via individual credit card company. To create such a product the company had to create entirely new software and hardware, as they were unable to find anything appropriate in the current marketplace. One new feature is the tamper resistant security module (TRSM) capable of wiping out the security keys to make the system inoperable. Other features include dynamic data authentication and tokenization of payment card information.

Elefant notes that Heartland is working with payment standards groups and is lobbying the PCI Council to recognize merchants who utilize the system as being in compliance with recently improved data security standards. Elefant says that end-to-end encryption should be focused on proprietary technology, and “Protection against bad guys shouldn’t be a competitive differentiator.”