The exact phenomenon observed is as indicated in Appendix A.
Mechanism
The mechanism involved in the protection of the card details by means of the EMV technology is discussed by various scholars and organizations. SPA (2010, 1) clearly explains that the need for authenticating data in the various EMV systems is to ensure that the cars being used is genuine. This is made possible via a system referred to as the Card Authentication Methods that is dependent on the capabilities of the chip itself.
How the EMV system protects payment cards
EMV Implementation Challenges
Extant literature has been dedicated towards the study of the various challenges that face the implementation of the EMV technology. Gareth Ellis Solution Consultants (2007,1) clearly point out that despite the since the phenomenal implementation of the technology in 2005, the use of EMV cards has always lacked the much needed sophistication in all the over 145,000,000 cards that were issued since the adoption of the standard. They pointed out that most EMV card issuers only implemented simple functionalities such as the use of EMV in the process of data preparation or as an upgrade of their in-house card assurance systems.
Steven et al. (2010) also illustrates the protocol flaw in the use of EMV technology. They demonstrate in their paper how criminals can make of use of the flaw in the EMV protocol to launch an attack through the use of a genuine card in making of payments using EMV cards without the need of a PIN. This happens undetected despite the fact that the merchant could be having a direct connection to the banking network. Their paper further considers the mechanism used by fraudsters such as man-in -- the -- middle attacks and the source of the flaw.
The challenges that affect the implementation of EMV technology are numerous .In this paper we present a holistic approach to the problem of EMV migration and implementation.
The problems that are associated with the implementation of the EMV technology is best understood after an analysis of various case studies involving the technology's implementation.
More challenges to the adoption of EMV technology
Extant literature suggests that there is insufficient guidance in the process of implementing the various EMV technologies in various countries. This...
Iranian banks fall under the category of countries that are in the process of migrating to EMV standards of management. It has been shown by various studies that failure to comply to the EMV standards usually results in an increase in various risjks such as chargeback by the various banks (ATM Media,2010).
References
ATM Media,(2010).Challenges to migrating to EMV.
http://www.atmindustryinfo.com/2010/03/challenges-in-migrating-to-emv.html
APACS (2007) Fraud -- The Facts 2007
http://www.apacs.org.uk/resources publications/documents/FraudtheFacts2007.pdf
Alsaid, A., Mitchell, C.J.(2006): Preventing Phishing Attacks Using Trusted Computing
Technology. In: Proceedings of the 6th International Network Conference (INC
2006), Plymouth, UK, pp. 221 -- 228
Balfe, S and Paterson, K (2008). Augmenting Internet-Based Card Not Present
Transactions with Trusted Computing. G. Tsudik (Ed.): FC 2008, LNCS 5143, pp. 171 -- 175,
Jackson, C., Boneh, D., Mitchell, J. (2007): Transaction Generators: Rootkits for the Web. In: Proceedings of the 2nd USENIX Workshop on Hot Topics in Security
(HotSec 2007). The Advanced Computing Systems Association, Boston, MA, USA,
USENIX
O'Flynn, M (2009).Electronic payment is booming in the Middle East. pg2
Smart Payment Association (2010).Strengthening card Authentication: A migration to DDA. White Paper
Russell, M.(2010).Your Independent guide to Credit Cards
http://ezinearticles.com/?Credit-Card-Fraud-Part-I&id=123783
VISA (2002). 3-D Secure Protocol Specification: Core Functions,
http://international.visa.com/fb/paytech/secure/main.jsp
Ward, M.(2006).EMV card payments -- An update. Information security technical report 1.p 89-92
Appendix A
Success rate of the EMV technology implementation
Source: UK Payments Administration Ltd. 2009
