Thales Blog

EMV - Can This Old Dog Learn New Tricks?

November 14, 2014

Apple has shown its hand in the mobile payment arena, and (perhaps contrary to expectation) has chosen to co-operate rather than compete with payment incumbents. Shunning a proprietary system, the solution uses standard technologies which work on established ‘rails’, such as NFC, and EMV.

Suddenly, EMV, a standard which was introduced in the early 2000s and had largely faded from front-line discussion, is back in the spotlight. Is Apple Pay’s use of EMV a major endorsement, snuffing out complaints that it is a ‘brick and mortar’ technology anchored in the past and instead cementing its place as the bedrock of future payment infrastructure security? Or, has Apple Pay simply given EMV a short-term ‘shot in the arm’ – nothing more than a pragmatic move from Apple, driven by the need to quickly gain critical mass with US merchants.

Apple has brand power like no other, regularly igniting industry debate. This time however, certainly for issuing banks, this is bigger. Faced with an uncertain and shifting industry, issuers might need to rethink their strategy around EMV. For some, EMV has already become a mundane aspect of card production, an ideal task to be outsourced, which they have done. Others are seeing EMV as a strategic technology platform and have been looking to bring some of the issuance process back in-house in order to gain greater control. Both groups might now be rethinking their positions.

Of course, debate about the value of EMV is nothing new. US merchants and issuers are less than one year away from the card schemes’ first EMV liability shift deadline for the US payments market. And there have already been numerous mutterings about whether this is a worthwhile transition, given the cost of new cards and the logistics and expense required to update ATMs and POS systems.

On a more positive note, EMV has not only been successful at driving down counterfeit fraud at physical POS in the regions where it has been deployed, but has arguably bought great flexibility to the payment security ecosystem, underpinning authentication for cards, contactless cards, NFC phones and remote authorization.

EMVCo (the governing body for the EMV standard) is making ongoing enhancements to future proof the platform, with EMV Next Generation and EMV Tokenisation specifications currently in development with worldwide stakeholders. Multiple extensions including enhanced transaction information for acquirers, card networks and issuers, improved transaction flow and user experience at the POS and a significant upgrading of the security architecture including a secure channel between the card and the acceptance device (whatever or wherever it is) are currently being explored.

Nevertheless, the EMV question will be burning bright in the minds of the banks as they seek to understand how best to evolve their all-important payment strategy and infrastructure. Can they afford to wait for the long-term enhancements of EMV to take hold or do they have to take risks and adopt new technologies at a rate more typical in the mobile ecosystem.

There is no doubt the standard is evolving and seeking to establish a common, robust technology platform to support a variety of interfaces – contact, contactless and mobile. However in the eyes of some, there may be simply too much ground to make up and their attention may be focussed elsewhere.