Prime Factors Blog

Estimates of 2015 EMV Penetration Out-of-line with Experience

Posted by Dave Tushie on May 12, 2015 6:00:00 AM

There seems to be a pre-occupation in the media with forecasts of the percentage of EMV-compatible cards issued and merchants ready for EMV transactions when the liability shift date occurs in the USA on October 1, 2015. The underlying assumptions seem to suggest that if we don't have near 100% cards issued and merchant participation that the whole EMV migration is somehow pointless. This is so misguided that it is hard to know where to start.

Read More

Topics: Payment Card Personalization

How Our EMV Basics Webinar Led to a Discussion of Global Cybercrime

Posted by Jeff Cherrington on Jan 13, 2015 7:14:00 PM

Prime Factors’ makes a point of providing in-depth industry and market education to our customers and contacts. We’ve seen very strong response to our EMV education series, both in the US where the liability shift date is looming and internationally. After receiving an announcement related to the first webinar in that series, EMV Basics, Fabian Soler contacted me to share his thoughts about how EMV adoption could play out in the US. I read his comments with a good deal of interest and respect – Soler carries a number of security certifications and was, at one time, CSO for Payments Solutions Group of Fiserv.

Reflecting on the lag in universal EMV adoption in the US that many anticipate, Soler observes, “The deadline for full EMV support in Canada is Dec 2015 after which no payment terminal will be allowed to process magstripe domestic debit transactions – they will simply be declined by the Acquirer. This might be something you choose to share with your customers because the research here indicates all the fraudsters are moving their activities to the US.  As such, not only are US merchants subject to the October liability shift but the frequency and amount of fraud they pay for will be higher.”

Read More

Topics: Payment Card Personalization

The HSM Master File Key Guidance PCI Neglected to Give...

Posted by Dave Tushie on Dec 16, 2014 5:27:00 PM

PCI provides guidance on interpretation of its requirements for secure card production and personalization for magnetic strip and EMV integrated chip cards via its FAQs, published periodically. Recently (July, 2014), a question was asked as follows:

Can vendor and issuer keys exist at another site, such as for subcontracted card production activities, or for disaster recovery purposes?

Read More

Topics: Payment Card Personalization