Payment data breaches in the U.S. have caused individuals to go to two camps, either implement EMV or deploy end-to-end encryption of payment data. The Smart Card Alliance, however, is suggesting another option: contactless chip card technology and online dynamic cryptograms.
The Smart Card Alliance publication states that there is a lot of confusion when it comes to encryption. “End-to-end encryption does not necessarily mean the same thing to all people, and the payments industry has not yet defined standards,” the paper states.
Compared to end-to-end encryption, contactless cards with dynamic cryptograms would have the following advantages:
- Less impact on the payments acceptance infrastructure for merchants, acquirers and issuers
- Enable merchants to implement a solution more quickly and without waiting for new standards
- Provide a high level of cardholder data protection by including a dynamic cryptogram with each transaction
- Reduce the threats posed by cloning magnetic stripe-based cards and stealing cardholder data
EMV has also been offered as a solution, but critics of have argued that the merchant terminal implementation costs and the complexity of key management made chip cards prohibitively expensive.
Compared to EMV, contactless online-only implementation:
- Lowers the cost of the cards since a crypto-coprocessor is not required
- Eliminates the need for key management at the merchant terminal by using online cryptogram verification
- Uses the existing contactless infrastructure that is already in place in many retailers
- Readies the payments acceptance infrastructure for mobile NFC payments
- Works with existing transaction processing networks
- Can be coupled with contactless payment, an attractive payment product for consumers
- Achieves the goal of eliminating fraud from cloned cards
- Can be used with a handheld reader or with a mobile application to eliminate CNP fraud
- Supports issuers who want to offer globally-interoperable chip cards