Part of the AVISIAN Publishing Expert Panel series to be published throughout December 2006
Matt Landrock, Managing Director, Cryptomathic, Germany
Decreasing fraud through security will continue to be a high priority for the financial sector in 2007. The ability of criminals to continually infiltrate financial systems has resulted in the realization from the market that investing in high security technology now will achieve long term benefits–from reduced fraud to customer assurances that their investments and transactions are protected.
The high-level adoption of EMV technology throughout many global regions, such as Europe, Asia and South America, has intensified over the past 12 months, demonstrating the commitment of many countries to implement new and more sophisticated systems to increase financial transaction security. In some countries, legislation has played a key role in encouraging adoption by the financial institutions. In other regions, the liability shift deadlines imposed by the international payment systems has been the key driving factor.
Canada will be a major focus in 2007 as it continues the transition to EMV payments, with an EMV migration deadline of 2010. It is predicted that EMV adoption in this market will impact the U.S. payment industry’s reluctance to migrate to EMV, as the business security benefits of implementing chip and PIN will become ever more apparent and necessary in such an evolving and sophisticated marketplace. This will be supported by a demand from U.S.-based customers who regularly travel abroad requesting payment cards that comply with international payment methods.
The migration of EMV within adopting regions has another key advantage: it provides the infrastructure and tools for the financial sector to implement ever increasing robust security measures. Over the past year this has been witnessed by the significant acceptance and deployment globally of two-factor authentication (2FA) methods. These are based on the Chip Authentication Program (also known as OneSmart from MasterCard) which allows issuers to leverage the chip card roll-out for strong user and message authentication for online banking. The adoption of the technology, particularly in Europe, demonstrates the increased awareness among issuers, who now understand the security advantages of authenticating an online customer based on what he has and what he knows.
Although Europe has, and will continue to implement, 2FA widely across many markets, the global rise of 2FA has in part been contributed to the U.S. Federal Financial Institutions Examination Council’s (FFIEC) guidelines, which requires all U.S. banks and financial institutions to implement 2FA mechanisms in the transfer of money to a third party account.
FFIEC’s recommendations requested implementation of 2FA by the end of 2006. However, as it implicitly excludes many existing U.S. 2FA solutions because they do not focus on something the user has in their possession, but what they know–such as static passwords and images–the market is still open to increasingly sophisticated criminals who are continually creating new methods to access financial information. Subsequently, to ensure the highest possible security, U.S. banks will need to upgrade their 2FA systems in 2007 to reflect those used in international markets.
As the payment scheme providers and payment card industry advance their agenda on decreasing fraud through tightened security measures, emphasis has also been placed on devices. One final area of continued growth in 2007 is the ever-increasing demand for automated Advanced Key Management Systems to secure keys between issuing and acquiring networks. The new technology reduces the cost and time of manually installing and managing the life-cycle of keys on devices at regular intervals by removing the need to have key custodians present locally. This is an important development as it allows the keys to be updated more frequently, at no extra cost to the financial market and its customers, thus, preventing the increasing number of fraudulent attacks on ATMs and similar transaction points.
![[end]](/resources/bullet/archive-4.gif)
