Thales Blog

Securing Digital Signatures: SureClinical And Beyond

June 10, 2016

Sometimes in moving forward with EMV you need to look back. Earlier this year Thales eSecurity was proud to sponsor the mobile track at the Smart Card Alliance Payments Summit, now in its eight (and final) year at Salt Lake City. Thales has been a regular participant at this event for much of this time. This year though things were much different. No heated arguments about how the US could comply with the Durbin Amendment for routing debit transactions – the common AID for debit had been agreed and all parties are moving forward. No doubts about whether or not EMV cards will ever see significant adoption in the US – all card scheme keynotes were upbeat in their forecasts for significant card issuance in 2015, with the major acquirers pressing hard to get higher risk merchants with new terminals before the October 2015 liability shift. No more talk about EMV being an out of date 20 year old technology – the general talk was about the need for collaboration and education to ensure that EMV is in place to support the critical payment infrastructure in the US.

So what could have sparked this significant change? Many of the discussions centred around 3 core factors. Firstly counterfeit card fraud is rising significantly in the US and the problem is getting worse – EMV rollout irrespective of whether signature or PIN is used to verify the cardholder will break the back of counterfeit card fraud quickly. Secondly, data breaches at the major merchants are a serious threat to the current magnetic stripe infrastructure which put card security on prime time TV – EMV together with data encryption for card transactions and tokenization for the mobile transactions is now largely seen as the entry level security needed for the US (and the rest of the world). Thirdly Apple with the launch of Apple Pay in October 2014 breathed new life into a market struggling with focus – Apple demonstrated how a superior user experience could be delivered using an effective, secure EMV implementation. By cooperating rather than competing with the existing payment participants Apple has stimulated the interest in and deployment of EMV and NFC technology while raising the bar on security by fully adopting tokenization and biometric authentication.

EMV and mobile are now being pursued aggressively and in harmony in the US. The security standards body, EMVCo, who presented during the conference, are driving forward innovation in EMV security (to encompass the mobile channel) in addition to upgrading their framework on tokenization with new use cases. They are also developing the next standard for 3D Secure to deliver a better user experience for online transactions – a much needed initiative to counteract a possible migration path for fraud. The card brands continue to drive innovation in cloud-based payments where technologies such as host card emulation (HCE) are gaining momentum with new security and risk models for use at both point of sale and in-app remote payments. The common theme is the EMV security architecture underpinning the solutions. Now we have the reality of a robust security infrastructure in the US in the very near future, the innovation can really begin. The only real question remains – when will we finally be able to remove the magnetic stripe from our payment cards?