MasterCard, Visa form group to push better payment security

Summary:The talks, as well as actual movement on enhancing the payment system in the U.S., was sparked by the data breach at Target that affected 110 million accounts.

MasterCard and Visa said Friday they have formed a working group to enhance payment security with an initial focus revolving around so-called chip and PIN technology.

mc visa

The group will focus on other technologies such as tokens and encryption. MasterCard and Visa said that the group will include all the players that touch payments including banks, credit unions, retailers, trade groups and point-of-sale system manufacturers.

In a statement, the two credit card giants said the group will prioritize the migration to EMV (Europay, MasterCard, Visa) systems in the U.S. The two companies specifically mentioned chip technology, but not the PIN portion.

Related:  Visa CFO: 'Quite a bit of investment' needed to install chip technology Visa CEO: We need better security, EMV chips, tokens  |  Target CIO Jacob resigns following data breach  |   Target's data breach tab mostly covered by insurance so far  |  How hackers stole millions of credit card records from Target  |  Target hackers hit air-conditioning firm first as a way in  |  Target's data breach: It gets worse  |  Many times bitten, retailers scramble to prevent another Target-like meltdown  

The talk, as well as actual movement on enhancing the payment system in the U.S., was sparked by the data breach at Target that affected 110 million accounts. The only bright side to the Target breach is that the industry seems to be finally ready to adopt better technology such as EMV, which has been used in the European Union for years. Americans traveling abroad can feel like a technology laggard when you have to hand over a card with a magnetic stripe.

In a nutshell, the retail and payment industry today is in a hurry to adopt payment technology cooked up in the 1980s.

Visa CFO Byron Pollitt said at an investment conference this week that PIN technology could slow down security improvements due to the investment required and existing infrastructure. Pollitt plugged a "chip and choice" model and said the payment industry should also consider encryption and tokens.

Pollitt said:

Our view is it is chip and choice, and that PIN could well be a red herring here because two-thirds of the retailers in the United States do not have a PIN pad with their POS terminal, two-thirds.

And so if PIN were to be included as a fix at the same time, in our view, it would dramatically slow the rollout of EMV, which is chip, and chip is what gets you to 70 percent of the fraud. The lost and stolen is addressed by PIN.

The National Retail Federation said the payment system upgrades need a PIN improvement too. NRF general counsel Mallory Duncan said:

We remain insistent that U.S. retailers’ customers be given the same protections as consumers in more than 80 countries who have both a chip and a PIN securing their credit and debit cards. There is no single solution to the complex issue of criminal hacking and we know PIN and Chip is just a bridge on the long road to a safer payment system, but it is an important step in the right direction.

While we certainly agree that speed is of the essence, we don’t believe that is an obstacle to introducing PIN and Chip cards since the technology is well established and the cards are widely used around the globe.

Topics: Security, E-Commerce

About

Larry Dignan is Editor in Chief of ZDNet and SmartPlanet as well as Editorial Director of ZDNet's sister site TechRepublic. He was most recently Executive Editor of News and Blogs at ZDNet. Prior to that he was executive news editor at eWeek and news editor at Baseline. He also served as the East Coast news editor and finance editor at CN... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.