Security Experts:

MasterCard and Visa Lead Industry Group to Bolster Payment Security

Payment Card Security

Payment industry giants MasterCard and Visa have joined forces to create a new cross-industry group focused on enhancing payment system security to keep pace with the expectations of consumers, retailers and financial institutions.

Announced on Friday, the group will initially focus on the adoption of EMV chip technology in the United States, in addition to addressing other security-related topics, including tokenization, point-to-point encryption and broader needs of the region.

“EMV” technology—the name coming from its original creators Europay, MasterCard, and Visa—uses an embedded microchip and a personal identification number (PIN) to validate the card, its owner, and authorize payment transactions instead of a cardholder’s signature.

Popular in Europe, cards using EMV chip technology help reduce card fraud resulting from counterfeit, lost and stolen cards. Additionally, the technology can enable transactions across contactless, mobile, and remote payment channels. With EMV technology equipped payment cards, even if a card number is stolen in a data breach, cybercriminals cannot counterfeit the card.

“One of the critical roles we play is to protect consumers and businesses against criminals and fraudsters,” said Chris McWilton, president of North American Markets, MasterCard. "Only through industry collaboration and cooperation will we address the real and immediate issue of security and maintain consumer confidence and trust. EMV will be the next step in these efforts, alongside enhanced security solutions for online and mobile channels.”

Led by Visa and MasterCard, the newly formed group will include a diverse group of participants in the payments systems including --- banks, credit unions, acquirers, retailers, point-of-sale device manufacturers and industry trade groups. 

“The recent high-profile breaches have served as a catalyst for much needed collaboration between the retail and financial services industry on the issue of payment security,” said Ryan McInerney, president, Visa Inc. “As we have long said, no one industry or technology can solve the issue of payment system fraud on its own. These conversations will serve as a useful forum to share ideas, break down barriers and spur the adoption of next generation security solutions for the benefit of all.”

With a priority on delivering meaningful solutions that benefit consumers, merchants and financial institutions of all sizes, the group will focus on a broad range of security-related topics, including:

1. Advancing the migration to EMV in the United States. Chip technology generates a unique code for every transaction, making it nearly impossible for criminals to use the card for counterfeit fraud.

2. Promoting additional security solutions like tokenization and point to point encryption. While EMV addresses the physical point of sale, the need to protect mobile and online transactions is critical. In tokenization, the traditional account number will be replaced with a unique digital payment code, providing an additional layer of security.

3. Developing an actionable roadmap for securing the future across all segments of the payments industry.

Migration to EMV Inevitable But Expensive

Following the massive data breach that hit Target Corp. late last year, Chief Financial Officer John Mulligan, said last month that the company would accelerate its implementation of smart card technology in an effort to reduce credit and debit card fraud stemming from customers shopping in its stores. The accelerated timing is part of a $100 million effort to put in place chip-enabled technology in all of Target’s nearly 1,800 U.S. stores. 

Back in February 2011, former SecurityWeek columnist Christopher Justice commented on how 50-year-old plus magnetic stripe technology enables criminals to skim information directly from the cards with simple card reading devices or recreate payment cards using stolen payment card data.

“The migration will be neither fast nor inexpensive, requiring a hefty investment in new technology and new processes,” Justice wrote in a SecurityWeek column at the time. “Both merchants and consumers will need to continue to build a compelling business case for migration to chip and PIN cards in order to convince issuers and acquirers to change the payment infrastructure that is currently in place.”

However, the migration to EMV in the U.S. is inevitable, Justice said. “We can anticipate that there will continue to be a strong push to migrate to a new chip and PIN payment architecture in the United States, fueled by multi-national merchants who have seen fraud/chargeback benefits from implementations in other parts of the world.”

Recent high-profile breaches against popular US-based retailers have built an incredible case to fuel the adoption of EMV technology in the US.

This new group is not the first effort by payment industy firms to push more secure technology.

In May 2012, MasterCard proposed the creation of a cross-industry group to help drive the adoption of EMV technology in the United States. Following MasterCard, the Smart Card Alliance announced the formation of an independent, cross-industry organization called the EMV Migration Forum in August 2012.

“Updating payment card technology and strengthening protections for American consumers is a shared responsibility and requires a collective and coordinated response,” Target’s Mulligan said in his testimony before the Senate Committee on the Judiciary in Washington, D.C. last month. 

MasterCard and Visa expect the new group to complement and engage with other efforts across the industry, including proprietary risk councils, EMV task forces and the standard management bodies.

Related Reading: Will the U.S. be Able to Fend Off the EMV Card Standard Invasion?

Related ReadingBank of America Starts Rollout of Chip Credit Cards to Consumers

Related ReadingBank of America to Offer EMV Technology to Corporate Customers

view counter
For more than 10 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.