Disconnected EMV

EMV (Europay, MasterCard, Visa) has standardized the usage of crypto processeors embedded in credit cards to authenticate and secure transactions. In short: it defines how a chip card works.

Before EMV a card was passive. It carried a set of numbers and strings: the cardholder's name, the card's number, etc. All the values could be read from the magnetic stripe are by just looking at the card. EMV has changed that by transforming cards from being passive storage of characters and numbers into active computers equipped with secure electronic memory. Without going into the details, EMV makes sure the actual card is used for a transaction (as opposed to a set of data associated with the card being used). This essentially means you cannot create a copy of an EMV card and use it, while this was perfectly possible with pre - EMV cards.

EMV has essentially made card fraud impossible. And there are no known hacks against EMV cards. It is a great example of how properly architected and implemented digital security can solve a significant problem.

But we still have credit card fraud, right? Yes we do. Because EMV are not the ONLY types of transactions allowed. It is still possible for a merchant to use a conventional magnetic stripe reader and many cards allow for this type of transactions.

When the EMV chip is not involved, the security is gone. Which is the case for all Internet / eCommerce transactions.

What has happened with EMV we have installed an ultimately secure door lock that cannot be compromised. And there is another entrance secured with a simple wooden bolt the bad guys are using. As long as this entrance is available, the credit card fraud will bloom.

So what would it take to implement EMV for ecommerce? Actually not that much.... Most phones technically capable of doing that today: they have NFC readers and can be used as gateways to connect an EMV card to the ecommerce merchant executing the transaction. Touching a back of the phone with a contactless EMV card is all a user would have to do. Things are a bit more complicated with tablets, as none of them are equipped with NFC circuits. Same with laptops and PCs.

So again - as has been the case with disconnected digital cameras - we have a situation where technology is available to solve an important problem, but the lack of standardization prevents the problem from being solved. Financial organizations and the ecommerce industry need to start working together to design a solution that is implemented on all types of devices we use to make online purchases.