First Data Corp. says it has come up with an answer to EMV chip-and-PIN technology. The processor’s Star electronic funds network on Aug. 25 introduced a debit card fraud-protection product that uses a contactless chip to produce a unique, one-time card number to complete point-of-sale transactions.
The one-time numbers replace authentic card-account information to complete a portion of the transaction process. Star reverts the one-time number back into the actual card number at its switch before sending the transaction to the issuer for authorization.
The technology is Star’s answer to EMV chip-and-PIN cards, which have garnered little support in the United States despite their use worldwide.
“This doesn’t bridge any gaps [to chip-and-PIN],” says Julie Saville, Star vice president of product management. “This is the solution (to countering card fraud) as we see it going forward for Star.”
The technology, named CertiFlash, “integrates with the way [contactless] payment technology works in the United States,” Saville adds.
Star’s bank partners that decide to use CertiFlash would reissue debit cards with contactless chips. Cardholders conduct typical contactless transactions at the point of sale, and the card chip and the contactless terminal communicate with each other to alert Star to produce the one-time number.
Because the technology produces a one-time use card number, that particular cardholder’s account information would be unusable if a criminal hacks into a merchant’s payments system. And card skimming is virtually eliminated for CertiFlash transactions because issuers would decline a stolen one-time card number if a hacker tried to use it.
Stolen cards also would become less troublesome because the user would need to enter a PIN for purchases exceeding $25 or cash back in excess of the sale.
The technology is not limited to debit cards, Saville says. It also can be used with payment fobs and stickers.
Star already has tested the technology in a mobile environment using microSD and Near Field Communication chip technology. “We’re way ahead of the curve in how it would work” for mobile payments, Saville says.
CertiFlash still would be in a good position if and when chip-and-PIN comes to the U.S., she adds. “Our technology was built to be flexible and can sit side by side with other technologies” on the contactless terminal if other payment companies decided to use chip-and-PIN, Saville says.
Star in the next couple of months plans to pilot CertiFlash with a financial institution, according to Saville. A full rollout is expected some time in 2011.
Avivah Litan, a vice president and analyst at Stamford, Conn.-based market research company Gartner Inc., believes CertiFlash is a “good, practical technology” to help combat card fraud.
The challenge Star faces is that merchants still are shying away from accepting contactless payments, which could stymie CertiFlash’s effectiveness, Litan says.
Star is working with contactless-terminal manufacturer Vivotech Inc. to make POS systems compatible with CertiFlash.
While that helps, Litan believes it ultimately will fall on the merchant for any contactless-related technology to fully take off. “The success of new payments [technology] is driven by merchants,” she says.
What do you think about this? Send us your feedback. Click Here.