“Chip and PIN”, EMV … ISO 7614

The New York Times, in the previous post, looks at the issue from the obvious perspective.  The result is as one would expect.  Remember when France first introduced smart cards 1984or mandated then back in 1992 and the acceptance nightmare.

In the past I have written on the idea –

Push PCI/EMV into one coherent electronic and secure smart card reader and PIN Pad.

Mandate all new 1 July 2010; with the understanding that the reality –  every piece of equipment will be replaced in a reasonable period, say 7 to 10 years.

VARs should easily be able to do that.

The incremental ($8/device) on the device side goes down over time, as equipment becomes more affordable.

On the system side, most international providers have a solid EMV implementation they can port over to the US platform over that same 7 year time frame.

At the Network switches, gateways and IPSPs; data formats should be changed sooner, say three years from day one.

Issuers can then decide, when to embrace one  global two factor authentication solution; using contact and contact-less EMV  cards to support card authentication [Factor 1] and card holder verification processes (eg. Chip and PIN) [Factor 2] .

Biometrics were understood when EMV was created.  The mechanisms are in place to introduce an agreed, more secure, biometric verification process [Factor 3].