The Secure Payments Partnership (SPP) coalition has revealed the results of a study that shows the U.S. credit card industry has disregarded innovations in the security industry. It concluded that these companies have failed in establishing proper security standards, whilst also advising that a neutral body should be put in charge of this in order to protect the general public’s accounts.
The study was a report into EMVCo, which is a body owned by the six biggest payment card companies in the world; it sets technical specifications for payment cards including credit and debit. The report emphasises that the decision-making of EMVCo has put in place practices that have increased the risk of fraud. It argues that their weak security practices have helped keep costs low and their market share high, which has allowed those card companies to dominate the payments market.
The study showed that:
- EMVCo is dominated by Visa and Mastercard; these two ensure that the body sets standards so they can beat competitors.
- This organisation also strengthened Visa’s bid against allowing retailers to put transactions through competitors’ debit networks. This has led to less-secure ‘chip-and-signature’ cards in the U.S.
- EMVCo also set up the Secure Remote Commerce standard, which aims to become a new integrated checkout platform for online payments. However, the report argues that this could make it problematic to route transactions through competitors’ debit networks, which in turn increases the monopoly of the larger card companies and creates more dependence on their inadequate security measures.
The report says that the card companies and the EMVCo organisation have frequently neglected the innovations and new standards of the security industry, particularly developments in fraud prevention. According to the SPP, this was done to maintain market dominance. Furthermore, the paper stresses how EMVCo claims that its specifications promote “compatibility,” “interoperability” and “secure transactions”. Yet, the what the study displays appears to contradict these concepts, due to the current practices of the big six card companies. In all, this has left the U.S. with a fraud-prone payment system that lags behind international markets in terms of standards in security.
