EMV: Why Payment Systems Fail

US credit card companies and banks are starting to distribute new credit cards with an embedded chip and magnetic strip that has been in use from the 1970s. The credit card companies and banks can learn several lessons from such efforts made in Europe. The idea behind EMV is simple enough where the card is authenticated by a chip that is more difficult to forge than the magnetic strip. Banks in the UK decided to use PIN verification wherever possible, so that the system there is branded. The US scheme is a mixture, with some banks issuing chip-and-PIN cards and others going down the signature route. EMV also introduces some new vulnerabilities, as the first-wave EMV cards in the UK have been cheap cards capable of Static Data Authentication (SDA) where the card contains a certificate signed by the bank attesting the card data is genuine.