A year after the US deadline, EMV compliance lags: Part 1
EMV system compliance has taken longer than many expected due to the complexity of integrating certified hardware with software and processors. Part 1 in a two-part series explores why the transition has taken so long, especially in the unattended retail sector.
“It does seem like it could be going better on the deployment side,” said Frank Olea, CEO of Olea Kiosks Inc., a kiosk designer and manufacturer. He said the payment processors have to become familiar with EMV-compliant hardware, which takes time.
“The retailers all have to change to this technology, so there is a rush on equipment, and there’s a rush on certification,” said Paul Burden, director of software a Meridian Kiosk.
“EMV requires communication in both directions [between the processor and the chip card],” said Greg Burch, vice president of strategic development at payment equipment manufacturer Ingenico Group. “The complexities of that are much more than traditional magstripe.”
“It’s a more complicated integration,” agreed Rob Chilcoat, president of operations at UCP Inc., an EMV compliance consultant that assists companies with EMV migration. “Every link in the chain has to be certified.”
“These smart terminals actually package and encrypt the data before it ever leaves the device, which is a concept called point-to-point encryption,” Chilcoat said. “Combined with Derived Unique Key Per Transaction, that is what ultimately provides the security assurances to the merchants and the kiosk providers that their system won’t ever be the source of a significant breach of customer card data.”