Target, Wal-Mart On EMV: The Metric System Of Payment

Written by Evan Schuman
April 27th, 2011

EMV may become the metric system of payment, a process that almost everyone in the world adopts, with the U.S. stubbornly refusing. In a panel discussion on Wednesday (April 27), Target and Wal-Mart agreed that EMV Chip-and-PIN is an extremely desirable way to go. But hardly anyone has a concrete plan for making it happen in the U.S.—in a meaningful way—anytime soon. Still, both chains were certain of one thing: If magstripes could magically be made to go away tomorrow, the retail world would be a happier place.

“If we can envision a world where magstripe doesn’t exist, Chip-and-PIN would virtually eliminate all counterfeit, lost and stolen fraud as well as almost 99 percent of PCI costs,” said Mike Cook, Wal-Mart’s VP and assistant treasurer. “So you no longer have to have your database encrypted. You no longer need to have the secure lines. You’re no longer storing data that could be used by somebody else. The PCI costs become significant cost savings.”

Panelists agreed that dynamic data is the key, suggesting that static data authentication (SDA) is inherently inferior to today’s dynamic data authentication (DDA) chips.

“We should stop wasting money propping up and trying to secure the existing fraud-prone magstripe and signature system that exists in the U.S. today and move to two-factor authentication,” Cook said, stressing what he did not want one of those factors to be. “I don’t think there’s anyone in this room who would believe that signature is an appropriate form of authentication. We haven’t hired a handwriting expert at Wal-Mart in years.”

Target’s Marc Black, the chain’s guest data security director, was asked what it would take before Target would start purchasing EMV-friendly POS units. “Part of that investment decision will be how terminal manufacturers incorporate smartcard readers in their products. We need a firm roadmap, so we can guide our investment. This is not the only new payment technology out there,” he said, referring to near field communication (NFC), among others.

Wal-Mart’s Cook added that retailers should also refrain from trying to cheap-out on the chip costs too much. “The PIN must be encrypted between the device and the card itself. That means we’ll need slightly more costly chips to accept that encryption,” he said. “We’ll also need offline PIN authentication, so that whenever it is sent up for authorization—through our host, out to the acquirer—the validation of the PIN takes place at the point of sale, not that we have to transmit that PIN and expose it anywhere along the line, even if it is encrypted. Also, two-factor authentication.”


Comments are closed.


StorefrontBacktalk delivers the latest retail technology news & analysis. Join more than 60,000 retail IT leaders who subscribe to our free weekly email. Sign up today!

Most Recent Comments

Why Did Gonzales Hackers Like European Cards So Much Better?

I am still unclear about the core point here-- why higher value of European cards. Supply and demand, yes, makes sense. But the fact that the cards were chip and pin (EMV) should make them less valuable because that demonstrably reduces the ability to use them fraudulently. Did the author mean that the chip and pin cards could be used in a country where EMV is not implemented--the US--and this mis-match make it easier to us them since the issuing banks may not have as robust anti-fraud controls as non-EMV banks because they assumed EMV would do the fraud prevention for them Read more...
Two possible reasons that I can think of and have seen in the past - 1) Cards issued by European banks when used online cross border don't usually support AVS checks. So, when a European card is used with a billing address that's in the US, an ecom merchant wouldn't necessarily know that the shipping zip code doesn't match the billing code. 2) Also, in offline chip countries the card determines whether or not a transaction is approved, not the issuer. In my experience, European issuers haven't developed the same checks on authorization requests as US issuers. So, these cards might be more valuable because they are more likely to get approved. Read more...
A smart card slot in terminals doesn't mean there is a reader or that the reader is activated. Then, activated reader or not, the U.S. processors don't have apps certified or ready to load into those terminals to accept and process smart card transactions just yet. Don't get your card(t) before the terminal (horse). Read more...
The marketplace does speak. More fraud capacity translates to higher value for the stolen data. Because nearly 100% of all US transactions are authorized online in real time, we have less fraud regardless of whether the card is Magstripe only or chip and PIn. Hence, $10 prices for US cards vs $25 for the European counterparts. Read more...
@David True. The European cards have both an EMV chip AND a mag stripe. Europeans may generally use the chip for their transactions, but the insecure stripe remains vulnerable to skimming, whether it be from a false front on an ATM or a dishonest waiter with a handheld skimmer. If their stripe is skimmed, the track data can still be cloned and used fraudulently in the United States. If European banks only detect fraud from 9-5 GMT, that might explain why American criminals prefer them over American bank issued cards, who have fraud detection in place 24x7. Read more...

Our apologies. Due to legal and security copyright issues, we can't facilitate the printing of Premium Content. If you absolutely need a hard copy, please contact customer service.