CARTES considers questions of security

Ensuring the security of payment systems is essential to maintain consumer confidence. The conference track ‘EMV: Challenges and benefits’, looks at ways of improving that security. When a customer uses his payment card in a store, he expects that the system will be secure. The interaction between EMV payment cards and POS terminals is strictly controlled.
November 4, 2014 Read time: 2 mins

Ensuring the security of payment systems is essential to maintain consumer confidence.

The conference track ‘EMV: Challenges and benefits’, looks at ways of improving that security. When a customer uses his payment card in a store, he expects that the system will be secure. The interaction between EMV payment cards and POS terminals is strictly controlled.

However, despite the existence of many systems that encrypt the PAN moving between the card reader and the processing infrastructure, part of the PAN’s journey is still ‘en clair’ – unencrypted. Over the years, the industry has spent a great deal of time and money on enforcing compliance with PCI DSS across the payment industry. However, data breaches still happen.

Milos Dunjic, CTO, Cardis International, will present a new solution that implements PAN with format preserving encryption (FPE) inside the card’s EMV payment application and is fully under the card issuer’s control. The new system is said to be radically different from previous methods. The solution is said to be fully resistant to replay attacks, as it ensures that the PAN reference is valid for only a single transaction. Since POS terminals, merchant acquirer and payment network systems handle only a unique per transaction format preserving PAN references, this eliminates the danger of criminals stealing real PAN data and then using it in CNP payments. Following on from this presentation, Andreas Strobel, board member with the Smart Payment Association, will give a presentation that analyses the advantages and disadvantages of different implementations, reflecting different business models. He will assess the standardisation efforts for online payment using tokens.


‘End-to-end tokenisation of PAN between EMV-application/digital-wallet and issuer host’, 14:40-15:00, Room 3

‘A Secure Profile for Tokenization in E and M-Commerce’, 16:30-17:00, Room 3

Related Content

  • What actually happens if we do #FreetheMIBs?
    May 1, 2020
    Q-Free’s #FREEtheMIBs campaign highlights the use of manufacturer-specific data output, storage and communication protocols in traffic lights and ITS systems.
    Read More
  • ANPR integrity is as important as capability
    February 1, 2012
    Increasing the capability of automatic number plate recognition should go hand-in-hand with efforts to ensure number plates' integrity, says the ESVA's Viv Nicholas. Before we apply increasingly sophisticated technology to Automatic Number Plate Recognition (ANPR), says the European Secure Vehicle Alliance's (ESVA's) executive director Viv Nicholas, there is a lot we can do to make the task of vehicle recognition simpler by addressing issues relating to the number plate itself.
    Read More
  • The bus to IP access control has left the station
    April 9, 2014
    David Lenot examines how mass transit agencies can benefit from IP access control and the features required to ensure a sound investment. With millions of commuters relying on their services daily, mass transit agencies are faced with the unfortunate reality that their operations are susceptible to threats. A single incidence of unauthorised access to restricted areas and buildings could be the catalyst to damaged property, endangered lives or other unfortunate events. Unlike an international airport
    Read More
  • Worldline launches new payment terminals for enhanced customer experience
    November 20, 2013
    Atos subsidiary and payments services’ specialist Worldline is revealing its two latest payment terminals at CARTES 2013
    Read More

Highlighted Content