Community

But we re not allowed to issue "cheap" cards in the UK, unless they are ATM only cards, and as I recall, back in 2002 a DDA cost 2x that of a SDA card, but now that differential is more or less nothing. Somone correct me if I am wrong - it's been a while since I looked closely at the rules and prices.

Also, it's not just about issuers issuing the cards, have you thought about the challenges faced by the acquirers (PSPs) and the merchants.  How many e-commerce merchants and their PSPs do you know who could support an EMV transaction without a serious upgrade to their transaction processing systems? I think it's pretty close to none.

And again, if you can get to the point where online payments are secure, who cares that the card number is exposed.  

Interesting Milos, back to first principles, and in defence of the iaxept process. If all e-commerce transactions were EMV as I think you propose, then each transaction would be protected by its own cryptogram.  The PAN then becomes pretty much irrelevant, just as it did in the retail world with chip cards.  If the PAN is protected by the ARQC, the PAN is no longer sensitive data (if indeed it ever was).  

Yeah, but back in the mid 1990s, e-commerce fraud wasn't much of a problem, whereas retail fraud using magstripe cards was, and was growing rapidly! Replacing the magsripe card with an EMV card solved that. I think where the mainstream payment industry missed the opportunity was to let the US get away with magstripe for so long.  That should start a broader discussion ... 

An interesting idea I have to say, if a little complicated.  Here in the UK, DDA cards have been mandated for the last several years, so I'm not sure that I understand the "cheap" option.  It also seems to me that the issuer would need to replace their whole card book, so again I am not sure about "cheap".  And, there semms to be a lot of unnecessary tokenisation stuff going on, and there's a QR code at the front!  In principle, though, I might go with it.  iAxept looks intersting but uses the smartphone's NFC interface, which begs the iPhone question, and as far as I know, Apple won't even relese access to the NFC chip for their own internal projects.  

Ido believe that we agetting closer to a reasonable solution though ...