The Bankwatch

Tracking the consumer evolution of financial services

Chip card implementation remains fundamentally flawed

Sometimes when I read the debates on chip, PIN and EMV I feel I am listening to the Flat Earth Society.  America is home to some home truths including gun ownership, religion and mag stripe in ways that just seem contradictory to common sense.

That said, when it comes to chip there are aspects that payment security adherents are probably not addressing in sufficient clarity otherwise one would think logical thinking people would come around even if they are American.  (I love America by the way)

So what is the issue ?  Why is it so hard to make the coherent case for chip?

US chip card debate heats up

But at a payments conference organised by automated clearing house Nacha in San Diego this week, three of the nation’s largest retailers hit back, arguing that the move to EMV will impose huge costs for a minimal reduction in fraud rates.

There are multiple issues which confuse the technologists seeking that optimum single solution.

  • One device;  The Single Solution Problem
  • One Law; The Border Problem
  • One Customer Preference; The Customer Problem

The Single Solution Problem

Internet is largely to blame for the incoherence of solutions.  Internet creates a natural desire for a common solution and common approach for things, whether banking, shopping, or reading.  However criminals are adept at finding specific attacks for whatever solutions are developed.

The basic chip card concept is rock solid provided you follow the chip card rules.  Stick your card into a secure card reader and boom … you are secure.  However take that same card and buy something in a web page, and the chip security is gone.  The security is based on what you type, and the chip security is irrelevant.

Then when you travel to a non chip country, such as US you must use your chip card by swiping the mag stripe.  Immediately all the benefits of chip are gone.

The Border Problem

When travelling with your secure chip card, that security is compromised by the strategy employed for your card which is the lowest common denominator of security.  That is the mag stripe mentioned above.

The Customer Preference Problem

Finally the card must be designed to accommodate all customer needs.  The card is the centre of the universe and must be dead secure when required, but also flexible when that security is not available.

The real solution

The current chip card is an obvious choice that tries to satisfy all needs yet satisfies none.  I have worked first hand with chip people at my bank and many do not see the obvious.  We need multiple solutions.

  1. The chip card ought to be just that;  a chip card with no mag stripe.  This card will only work in ATM’s and card readers that are chip secure.  End of story.
  2. Online Solutions;  here we must forget about the credit card metaphor.  Lets design a payment method that fits the online environment.
  3. Mag Stripe:  Never put a mag stripe one a chip card.  I have preached this for 10 + years and will never stop.  Mag strip and chip on the same card is just stupid.
  4. Travel cards:  Banks must offer separate cards for travel.  Remember Travellers Cheques – when customers travel they will accept the idea of a different card with a different credit limit for travel.  Many people have credit cards with $40K credit limits but that card is not needed for drinks at the resort.

Written by Colin Henderson

April 29, 2013 at 00:49

Posted in Uncategorized

2 Responses

Subscribe to comments with RSS.

  1. Hi Colin,

    Succinct and informative analysis as usual.

    However, would take issue with the headline — Chip cards are fine — as far as they go. What is fundamentally flawed is the “one size fits all” payments approach used today. And you haven’t mentioned the issues with the RFID tags on cards — which may become as big security hole as mag stripe.

    The other area when payments comes up is the role of cash. John Mauldin of Mauldin Economics has a very interesting take in a note published on Saturday called the Cashless Society.
    Cash is a long way from dead.

    Robert Burbach

    April 29, 2013 at 07:11

  2. […] Chip cards are fundamentally flawed – The Bankwatch Blog – “Sometimes when I read the debates on chip, PIN and EMV I feel I am listening to the Flat Earth Society.” […]

Comments are closed.

%d bloggers like this: