Would NFC smartphones have helped at Target?
'Pin and chip' smartcards may be next, not NFC smartphones, but liability questions remain
Computerworld - Recent massive data breaches at Target and Neiman Marcus have re-ignited a campaign by retailers to get U.S. consumers to carry "PIN and chip" credit and debit cards to replace the decades-old magnetic stripe cards used by 90% of Americans.
Such PIN and chip cards would do what dozens of newer-model smartphones with NFC chips are already doing while using payment apps like Google Wallet and Isis. So why isn't the focus on promoting near-field communication smartphones instead of PIN and chip cards?
The answer is complicated and political, primarily because there are questions over who is liable for a data breach -- the retailers or the financial institutions and their associated card processing companies such as Visa and MasterCard. It is also expensive to install point-of-sale (POS) terminals in millions of retail locations and at ATMs that can read chips on the newer contactless cards, as well an NFC signal from a smartphone.
It also doesn't help that Apple hasn't included NFC chips in its popular iPhones. "Apple's refusal to integrate NFC functionality is a blatant roadblock [to better security], there's no other way to put it," said Yankee Group analyst Jordan McKee in an email to Computerworld on Friday. "If Apple continues to resist NFC, it will hamper the success of any initiative that has placed bets on NFC, but I don't picture Apple staying away from NFC forever."
Earlier this week, the National Retail Federation, representing 12,000 retailers, sent a letter to congressional leaders expressing the NRF's support for PIN and chip payment-card security, noting that such technology allows PINs to be encrypted unlike a magnetic stripe card. In the U.K., the technology has reduced fraud by 70%, the letter states.
The letter also suggested that U.S. banks should lead the adoption of PIN and chip cards for U.S. consumers, although the letter doesn't detail how that should occur.
"It's unclear to us that the card network members will move to a PIN and chip world," said Mallory Duncan, general counsel at the NRF, in a telephone interview. "We are hopeful that the banks do the right thing and issue PIN and chip cards."
Duncan said the NRF would support use of NFC smartphones for payments as well as new payment cards. "We are open to any technology to make the entire payment system more secure," Duncan said. "The minimum of that would be PIN and chip, but we are aware of such capabilities in new smartphones that allow levels of encryption that are much higher and that might be preferable."
PIN and chip cards have long been synonymous with Europay MasterCard Visa (EMV) smartcards, which major card processors have promoted around the globe under an EMV standard. The standard requires merchants by Oct. 1, 2015, to accept liability for any fraudulent transactions that occur at non-EMV sales terminals effective Oct. 1, 2015. The rule essentially means merchants must begin installing new point-of-sale terminals, which can cost several hundred dollars apiece.
Duncan said "there are many different views" on the way security works with EMV, which has meant the NRF won't take a position on the EMV standard "until there is more clarification."
- How Four Citrix Customers Solved the Enterprise Mobility Challenge Managing mobile devices, data and all types of apps-Windows, datacenter, web and native mobile- through a single solution.
- 8 Steps to Fill the Mobile Enterprise Application Gap Traveling executives and Millennials alike expect to communicate, collaborate and access their important work applications and data from anywhere on whatever device they...
- Seattle Children's Accelerates Citrix Login Times by 500% with Cross-Tier Insight Seattle Children's is a leading research hospital with a large and growing Citrix XenDesktop deployment. With ExtraHop, the IT team at Seattle Children's...
- McKesson Makes Application Hosting for Hospitals Faster, More Efficient With ExtraHop, McKesson identified the root cause of slow Citrix XenApp application launches and adopted a more intelligent, proactive IT operations model that...
- Keep Servers Up and Running and Attackers in the Dark An SSL/TLS handshake requires at least 10 times more processing power on a server than on the client. SSL renegotiation attacks can readily...
- On Demand: Mastering the Art of Mobile Content Management Mobile device usage in the enterprise has skyrocketed, and it continues to escalate. IT must answer to users who demand access to their... All Mobile Payments White Papers | Webcasts
Our new weekly Consumerization of IT newsletter covers a wide range of trends including BYOD, smartphones, tablets, MDM, cloud, social and what it all means for IT. Subscribe now and stay up to date!