Visa To Accelerate Chip Migration, Adoption Of Mobile Payments

Visa dynamic authentication road map will reduce fraud and enhance international acceptance

August 10, 2011

7 Min Read

PRESS RELEASE

San Francisco, August 9, 2011 – Visa Inc. (NYSE: V) today announced plans to accelerate the migration to EMV contact and contactless chip technology in the United States. The adoption of dual-interface chip technology will help prepare the U.S. payment infrastructure for the arrival of NFC-based mobile payments by building the necessary infrastructure to accept and process chip transactions that support either a signature or PIN at the point of sale.

“By encouraging investments in EMV contact and contactless chip technology, we will speed up the adoption of mobile payments as well as improve international interoperability and security,” said Jim McCarthy, global head of product, Visa Inc. “As NFC mobile payments and other chip-based emerging technologies are poised to take off in the coming years, we are taking steps today to create a commercial framework that will support growth opportunities and create value for all participants in the payment chain.”

Not only will chip technology accelerate mobile innovations, it is also expected to secure payments into the future through the use of dynamic authentication. Chip technology greatly reduces a criminal’s ability to use stolen payment card data by introducing dynamic values for each transaction. Even if payment card data is compromised, a counterfeit card would be unusable at the point of sale without the presence of the card’s unique elements. By reducing static authentication, we diminish the value of stolen cardholder data, benefiting all stakeholders.

“Dynamic authentication is the key to securing payments into the future,” said Ellen Richey, chief enterprise risk officer, Visa Inc. “Adding dynamic elements to transactions makes account data less attractive to steal and takes more merchant systems out of harm’s way, shrinking the battlefield against criminals. The migration to chip technology will be an important security layer and a critical step in a comprehensive strategy to use dynamic authentication across all markets and all channels.”

Globally, Visa will continue to support a range of cardholder verification methods including signature, PIN and no-signature for low-value, low-risk transactions. In the longer term, we expect that the use of static verification methods such as signature and PIN will be reduced or eliminated entirely as new and dynamic forms of cardholder verification are implemented.

Visa’s plan to encourage the U.S. adoption of dynamic chip authentication technology includes the following three initiatives:

Expand the Technology Innovation Program to Merchants in the U.S. Effective October 1, 2012, Visa will expand its Technology Innovation Program (TIP) to the U.S. TIP will eliminate the requirement for eligible merchants to annually validate their compliance with the PCI Data Security Standard for any year in which at least 75 percent of the merchant’s Visa transactions originate from chip-enabled terminals. To qualify, terminals must be enabled to support both contact and contactless chip acceptance, including mobile contactless payments based on NFC technology. Contact chip-only or contactless-only terminals will not qualify for the U.S. program. Qualifying merchants must continue to protect sensitive data in their care by ensuring their systems do not store track data, security codes or PINs, and that they continue to adhere to the PCI DSS standards as applicable. Build Processing Infrastructure for Chip Acceptance Visa will require U.S. acquirer processors and sub-processor service providers to be able to support merchant acceptance of chip transactions no later than April 1, 2013. Chip acceptance will require service providers to be able to carry and process additional data that is included in chip transactions, including the cryptographic message that makes each transaction unique. Visa will provide additional guidance as part of its bi-annual Business Enhancements Release for acquirer processors to certify that their systems can support EMV contact and contactless chip transactions. Establish a Counterfeit Fraud Liability Shift Visa intends to institute a U.S. liability shift for domestic and cross-border counterfeit card-present point-of-sale (POS) transactions, effective October 1, 2015. Fuel-selling merchants will have an additional two years, until October 1, 2017 before a liability shift takes effect for transactions generated from automated fuel dispensers. Currently, POS counterfeit fraud is largely absorbed by card issuers. With the liability shift, if a contact chip card is presented to a merchant that has not adopted, at minimum, contact chip terminals, liability for counterfeit fraud may shift to the merchant’s acquirer. The liability shift encourages chip adoption since any chip-on-chip transaction (chip card read by a chip terminal) provides the dynamic authentication data that helps to better protect all parties. The U.S. is the only country in the world that has not committed to either a domestic or cross-border liability shift associated with chip payments.

Today’s announcement builds on similar international programs to encourage the migration to EMV chip. In February 2011, Visa announced the Technology Innovation Program for international merchants. The program, which was available beginning March 31, 2011, was intended to recognize the security benefits of dynamic authentication, enabled by EMV chip, and offer tangible benefits to merchants who update their POS infrastructure to accept chip cards. Visa has now expanded this program to include U.S. merchants, but will require terminals to support both contact and contactless chip payments.

Moving forward, as the point-of-sale payment infrastructure evolves from the static magnetic stripe to intelligent devices such as EMV chip cards and NFC mobile phones, it is critical to ensure that cardholders can continue to conduct convenient, secure and reliable payments for card-not-present transactions as well. Visa is designing its new digital wallet with “click-to-buy” functionality able to support dynamic authentication across multiple channels including the eCommerce environment. Visa will also continue to enhance intelligent network-based fraud detection tools such as Visa Advanced Authorization and cardholder transaction alerts to complement dynamic and risk-based authentication methods. As always, effective fraud prevention requires multiple layers of security.

Industry Support

Today’s announcement supports an increasing interest in chip technologies from across the industry:

“As the leading global foodservice retailer, McDonald’s already has a great deal of experience with chip technology, including in the U.S. where we have deployed contactless chip terminals to help us serve our customers even faster,” said Dave Weick, Chief Information Officer and SVP Shared Services, McDonald’s Corporation. “We’re pleased that Visa has provided a roadmap that will allow us to move towards the next generation of payment technology, while at the same time take advantage of the security benefits of EMV chip and dynamic authentication.” “Visa’s plan to encourage chip adoption and lay the groundwork for mobile payments is a positive development,” said Kevin Knight, executive vice president Nordstrom, Inc. “We appreciate their efforts to promote improved technology so that our customers have more reliable and secure card use and payment for their purchases.” “There is no security silver bullet. But smartcards and smartphones using EMV adds a strong layer for payment transaction security as well as online banking, access to medical records and more,” said George Peabody, director, Emerging Technologies Advisory Service, Mercator Advisory Group, Inc. “The roll-out of EMV in the U.S. gets much needed dynamic data into the authentication mix. This is a welcome step toward lowering fraud at the point of sale and online. It’s time.”

To read more, visit the Visa Viewpoints Blog at http://blog.visa.com/.

About Visa Inc.: Visa is a global payments technology company that connects consumers, businesses, financial institutions and governments in more than 200 countries and territories to fast, secure and reliable digital currency. Underpinning digital currency is one of the world’s most advanced processing networks—VisaNet—that is capable of handling more than 20,000 transaction messages a second, with fraud protection for consumers and guaranteed payment for merchants. Visa is not a bank and does not issue cards, extend credit or set rates and fees for consumers. Visa’s innovations, however, enable its financial institution customers to offer consumers more choices: pay now with debit, ahead of time with prepaid or later with credit products. For more information, visit www.corporate.visa.com.

Read more about:

2011
Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights