The following article by OpenEdge president, Sid Singh, was originally published in Business Solutions Magazine in 2015.
Holding payments security up to the light, I am reminded of a line from author, John Steinbeck:
“We spend our time searching for security and hate it when we get it.”
The quote nicely encapsulates the digital commerce landscape. The last several years have been eventful, to put it mildly. Through a series of high-profile retail data breaches, well-organized, sophisticated criminal elements have threatened to shake the public’s confidence in card-based transactions. At the same time, the industry stands at the threshold of unprecedented advances in payments technology. Mobility, transaction data integration, apps, and cloud/SaaS-based software deployment will transform how we pay for goods and services. The tug-of-war between those ready to move us forward and those who would hinder that progress is clear. The industry is responding with initiatives to prevent a significant number of payment security incidents. Yet, the change creates new challenges for consumers, value-added resellers, software developers, banks, processors, and merchants.
OpenEdge takes developers out-of-scope, managing device interactions and certifications, so developers can implement EMV swiftly with minimal effort.
EMV: Searching for Security
The industry’s answer is EMV — the smart chip — used for years in most major global economies. EMV-enabled cards are being issued swiftly in the United States (70 percent + of cards are chip-enabled). Liability for breaches will shift to the party in the transaction chain with the least degree of security. This fraud-reduction technology promises to protect card issuers, merchants, and consumers from losses due to use of counterfeit and stolen payment cards at the point of sale.
Certifications & Complexity: Hate It When We Get it
At first blush, EMV would seem to have only upside: a card-present, NFC-enabled technology, nearly impossible to duplicate, practically guaranteed to reduce card theft. Indeed, consumers will see benefits. Developers, however, can expect to expend significant toil and treasure to ensure EMV transactions process. OpenEdge and Global Payments have managed EMV deployments in Canada, the U.K., the EU, Asia Pacific, and Latin America. We’ve learned EMV adds a layer of security, but introduces complexity to ISVs and VARs offering payment services. Developers face ample EMV device driving work, as chip card processing is more complicated than magstripe technology (by at least a factor of 4). EMV Level 3 certifications — brand-specific requirements for each hardware device — are cumbersome. For example, a merchant with three hardware devices and processing payments for the four major card brands requires 12 individual certifications (3 devices x 4 card brands = 12 certifications). When the transaction process changes (such as a hardware swap, application upgrade, new processor, or new kernel), recertification is necessary. It’s painfully clear how quickly this affects a developer’s workflow.
Edge EMV: A Pre-Certified Path To EMV Out-of-Scope
OpenEdge has solutions to get merchants on a path to EMV readiness while easing the transition for developers. Merchants receive EMV-enabled terminals and time to prepare staff, the interface, etc., while developers are insulated from device driving, and numerous card brand and processor certifications. OpenEdge takes developers out-of-scope, managing device interactions and certifications, so developers can implement EMV swiftly with minimal effort.
“It is the nature of a man… to protest against change, particularly changes for the better.”
That’s another line from Steinbeck, who seemingly spent a lot of time thinking about payment security. The EMV change here, making digital commerce more secure, but not without speed bumps. Our goal with Edge EMV is to take a potentially difficult (but necessary) process and offer solutions to simplify migration, reduce developer liability, and render the application more valuable to the user.