Card Brands Launch Security Initiative, Dyman & Associates Risk Management Projects



Ending weeks of relative silence by the two major payment card brands in the wake of payments breaches at Target Corp., Neiman Marcus and others retailers, MasterCard and Visa have announced the formation of a cross-industry group to work on improving U.S. payment security. The collaborative effort aims to advance the migration to chip cards as well as point-to-point encryption.

 

In addition to the card brands, the coalition will include banks of all sizes, credit unions, acquirers, retailers, point-of-sale device manufacturers and industry trade groups, the card brands say in announcing the effort.

 

"The recent high-profile breaches have served as a catalyst for much needed collaboration between the retail and financial services industry on the issue of payment security," says Ryan McInerney, president of Visa Inc. "As we have long said, no one industry or technology can solve the issue of payment system fraud on its own."

 

Top Priorities

 

The initial focus of the group will be on the adoption of payments cards using chip technology based on the EMV standard that's widely used in other nations. The cards offer greater security than magnetic-stripe cards that are now commonly used in the U.S.

 

Other areas of focus for the new group will include:

 

Promoting additional security solutions, including tokenization and point-to-point encryption. "While EMV addresses the physical point of sale, the need to protect mobile and online transactions is critical," the card brands say in their announcement. "In tokenization, the traditional account number will be replaced with a unique digital payment code, providing an additional layer of security."

Developing an actionable roadmap for security across all segments of the payments industry.

 

"One of the critical roles we play is to protect consumers and businesses against criminals and fraudsters," says Chris McWilton, president of North American markets for MasterCard. "Only through industry collaboration and cooperation will we address the real and immediate issue of security and maintain consumer confidence and trust. EMV will be the next step in these efforts, alongside enhanced security solutions for online and mobile channels."

 

The formation of the group, the card brands say, is an acknowledgement of the need for all parties involved in the payments process to work together and will "ensure all voices can contribute to the strategic direction of payment security."

 

MasterCard and Visa also expect the new group to engage with other ongoing security efforts, including proprietary risk councils, EMV task forces and standards management bodies.

 

Assessing the Efforts

 

News of the card brands' focus on tokenization and point-to-point encryption is encouraging, says Gartner analyst Avivah Litan. The efforts could make a meaningful difference if standards are created for the technologies "so that one vendor's solution [is] interoperable with another," she says.

 

"These standards have been lacking in the market, and, as a result, especially with point-to-point encryption, retailers and card acceptors are somewhat hesitant to adopt the technology out of valid fear of vendor lock-in and the pricing and competitive disadvantages that go along with that," Litan says.

 

"Visa and MasterCard have had plenty of time to work on these standards," she says. "Let's see if they do something meaningful and actionable this time."