Early this month I attended the Smart Card Alliance Payment Summit in Salt Lake City, Utah. There was a great turn out this year and there seems to be a growing interest in secure mobile payments due to the release of Apply Pay and the coming of EMV to the United States. The conference covered a wide range of topics, but the most widely discussed were the following
EMV in the US
It looks like 2015 is finally the year for EMV to finally come to the United States. If you have watched this topic closely over the years, you may be apprehensive in believing this. At one point in time, it was 2007 that was supposed to be the year of EMV, then 2010, then 2012. But this time it appears to be for real. Come October 2015, merchants will be required to use the contact portion of an EMV card if they are given one by a customer. If they use the mag stripe portion of the card, and a loss is incurred due to the mag strip vulnerability, the liability is now on the merchant. This is a monumental shift in liability and certainly a strong indicator that finally, EMV is coming to America.
SE is out, HCE is in
A few years ago there was a fight between mobile phone manufacturers, mobile service providers, and banks to gain control over the secure element. It was believed that the secure element (or SE) was the only way to securely store payment information on a smart phone for mobile payments. This fight lasted a long time and ended up stalling out the mobile payments industry for a few years. In that time, companies have discovered Host Card Emulation. HCE is essentially an easy and secure way for applications on a smart phone to emulate a card. This circumvents the need for a secure element and shifts the security from the phone to the application itself. This is done in part, with a process called….
Tokenization
This was the biggest buzz word of the conference and seems to be a topic people are excited about. Tokenization is the process of creating a token from an original sensitive credential that can never be traced back to the credential that it was issued from. In the context of mobile payments, a token would be created from a credit or debit card during enrollment, and is then placed in your mobile wallet app. The idea here is simple. If your phone was ever lost or stolen, you could simply deactivate the token and your original credit or debit card would not be compromised. This makes it easy for you to have multiple cards in your mobile wallet that can be deactivated at a moment’s notice without ever needing to cancel and have a new credit card issued. This seems to be the way Apple Pay is doing, and we can expect it to be the new model for years to come.
Need help getting ready for the shift to EMV? Contact sales@txsystems.com
Tx Systems 