PCI compliance myths Part 1
December 18, 2018Amazon’s cashless store a hit?
January 1, 2019In 1992 credit card fraud was rampant not only in North America but in Europe and all around the globe as well. It was costing billions of dollars, yen, pounds, francs, marks, lira, pesetas and every other currency found in Europe and the rest of the globe. It was a huge problem and a solution was needed, and needed quickly.
You are hopefully well aware of the issues not only with the magnetic strip but also with the signature strip as well. While devices to re-encode the magnetic strip were nowhere near as common or as easily accessible as today the signature strip presented the largest vulnerability. Criminals were forging a signature or were simply intercepting cards and signing their own version of their target’s signature and using the card as if it were their own.
Enter Europay and Philip Andrae. He had been working for Europay International for about two years out of their Brussels headquarters when he was tasked with developing specifications for what were then known as smart cards and he needed it done in 30 days or less. At the end of those 30 days his boss was heading off to the European Financial Management Association conference where he would challenge Visa to be the first to develop specifications.
What were then known as smart cards we know today as EMV cards. The smart card was first developed in France in 1984 and by 1992 was fully integrated with French merchants. It had taken a major bite out of credit card fraud but there were many issues with foreigners coming into the country and not being able to use their cards, both because the cards did not work with the POS terminals and some merchants not being familiar with the magnetic strip and how it operated. At the very least though by the time Andrae developed his specifications the technology was at least proven.
After crafting the specifications of the smart card Andrae was tasked with developing what would become chip and pin. In a meeting in Chicago with Visa and MasterCard to set everything in stone it was given a name: EMV. It could have been MEV or VME but EMV was chosen for two reasons. First Europe and Europay was already well ahead of the other two both in terms market integration and patents. Second EMV just followed the alphabet.
There was a lot to hammer out. All agreed that the signature was not an effective security measure and that the PIN was much more secure, both for credit cards and for debit cards. Fraud was a major concern and the EMV standards addressed multiple scenarios to try to prevent as much fraud as possible. Third they wanted to bring in line the telecommunications costs of authorizing a transaction, which could be as much as forty cents in Europe but only about 3 cents in the US. Last was to give the card the ability to be able to put multiple cards on one card like loyalty cards, healthcare cards etc.
The initial EMV standard was completed in 1994. As the technology was rolled out credit card fraud began to take a noticeable decline through Europe. The US was not getting on board with it though, even after the technology became widespread throughout Europe in 1998. Why? American processors and banks did not want to budge on the costs of online authorizations and charge more while their European counterparts did not want to reduce their costs.
EMV was adopted outside of Europe in Central and South America, Canada as well as many African and Middle Eastern countries. Asia, Australia and the US would lag behind. Credit card fraud had a huge bite taken out of it and at least two of the four goals of that meeting in Chicago were met. One of them is beginning to become reality about 25 years later. There is still a ways to go on the cost of transactions though.