News, Education and Events Decoding Digital Payments & Fraud

News, Education and Events Decoding Digital Payments & Fraud

SRPc Letter Expresses Misgivings about EMV – Feb. 23, 2012

SRPc Letter Expresses Misgivings about EMV

Feb. 23, 2012

The Secure Remote Payment Council (SRPc) this week offered an open letter to the payments industry discussing the EMV payment standard and why alternatives to its centralized, proprietary approach should be considered. With a self-imposed mandate to “facilitate a pilot of e-commerce and mobile technologies that meet or exceed the security standards for PIN-based, card-present payments,” the council feels a platform with open standards would be advantageous. Despite Visa and MasterCard each announcing EMV roadmaps for the U.S. and EMV’s ubiquitous adoption as the standard for contactless payments in most of the rest of the world, the council notes in the letter that EMV’s proprietary standard and “monolithic scheme” carry “inherent risks” for mobile payments security. “One issue that exemplifies the contrast of EMV’s approach to that of the SRPc is the likely effect of the EMV architecture in the US payments environment, one that contains many constituencies,” the letter says. “In short, EMV places significant emphasis on the actions of the chip, to the point that much of the behavior and effect of a payment transaction is controlled by it. The involvement of the traditional downstream elements of the payment chain is deemphasized. Therefore, the interplay of payment brands, processors of transactions, and providers of infrastructure in a competitive environment are likely to be significantly altered in an EMV-dominated scenario.” The letter acknowledges that EMV could be implemented in such a way that many payment brands could exist on the same card, but, it says, it would be difficult in practice. “Securing payments is a laudable goal, one the SRPc is dedicated to advancing in the realm of payments that are not made face-to-face,” the council says. “However, we are also dedicated to the adoption of methods and technologies that are inclusive, flexible, standardized and open. While EMV incorporates many state-of-the-art security techniques, its architecture and promotion do not necessarily advance these principals in a broadly participatory manner.” Download the PDF

  • Share this Article:

Daniel Leibovitch