To Encrypt or not to Encrypt?

• EMV does not need to encrypt cardnumbers because it’s authenticating their use
• Not all systems (ecommerce) support EMV, and the USA has many legacy systems that need cardnumbers
• PCI has already caused encryption of “data at rest”, and everyone has already done that or moved their data to a hosted solution
• EMV hardware is now starting to encrypt just to accommodate existing mixed-model rollouts in the USA.
• EMV is expensive to implement for a string infrastructure like USA.
  

  ---

Mobile – What’s up?

• EMV chips and SIM cards are the SAME TECHNOLOGY!
• EMV is supposed to make your phone a better wallet.
• What about mobile security
• New guidelines emerging that may be PCI-like all over again
• New programs are different between VISA, MC, etc
  

  ---

NFC – How does it fit?

• NFC is a communication protocol.
• Regular mag stripe cards can be NFC-enabled
• EMV will use NFC to have “contactless”
• NFC (or low emission Bluetooth?) will allow communication to the EMV chip to authenticate
  

  ---

Mobile, etc – What could go wrong?

• AT&T, etc own the SIM
• They want to charge the issuers $$ to send data to THEIR chip
• MasterCard has announced a “new idea” that does not need EMV
• Visa allows barcodes to appear on phones that don’t need EMV
• LoopPay device can broadcast your cardnumber to any reader without NFC, EMV or BlueTooth.
• The world changes fast in our competitive market, especially when a rollout like EMV is so expensive and difficult to implement.
  

  ---