3.1 A business case for chip migration
A cause of concern against keeping in place the magnetic stripe technology is the increase of abuses in magnetic stripe payment cards reported worldwide. Attackers have great insight about the design details of these cards, which helps them to identify security weaknesses that could lead to fraud.
In face-to-face payment transactions, counterfeiting the magnetic stripe has become a dangerous threat [2, 3]. This threat combined with sophisticated methods of monitoring the cardholder's PIN cause significant damages to financial institutions issuing such card products (see Section 2.6).
Card associations and payment system operators are concerned with decreasing the amount of fraud. In this context, the migration of actual payment card products from implementations using the magnetic stripe as a storage medium to a chip is seen as a necessary security improvement. The term "chip" designates the integrated circuit embedded in the plastic card. For the purpose of this book, we consider only those chips that offer protection against probing their resources. A chip providing this feature is referred to as tamper-resistant. The reduction of fraud becomes possible because of several factors:
It is very hard to clone chip cards, particularly the secret cryptographic parameters they contain, unless the tamper resistance of the chip is overtaken. Even though more and more papers report methods of subverting the tamper resistance of chip cards, the attacks are far too complicated for common attackers to mount.
Through its processing power, the chip card is actively involved in the risk management at the point of service. The chip card becomes a remote agent of the issuer that is able to correctly intervene in a local authorization process performed at a terminal that is not connected on-line to the payment network. The chip can enforce the proper policies for an optimal trade-off between the availability of the retail financial service provided to the cardholder and the security of the issuer against fraudulent transactions.
The chip improves the process of determining counterfeit cards, through implementing the card authentication method with dynamic authentication mechanisms. It also provides greater protection of the cardholder against fraudulent transactions through the off-line verification of the PIN in the card, for transactions authorized off-line.
The cost of the chip migration is impressive. Integrated circuit cards are much more expensive to issue than magnetic stripe cards. This entails significant costs for the issuers. New terminals are needed at the point of service, which are equipped with integrated circuit card readers. This entails high costs for the acquirer. The host computers of issuers and acquirers as well as the payment network must be adapted for chip migration.
These economic factors have caused many financial institutions to question whether it is cheaper to continue to support the loss due to fraud or to change the whole infrastructure. This is mainly the case for financial institutions located in developed countries, where the existing payment infrastructure is huge. Moreover, their losses are kept reasonably low, considering that the majority of the transactions, if not all, are authorized on-line, which decreases the risk of fraudulent transactions. In developing countries with large territories , however, where the payment infrastructure is poor, the payment transaction is assessed off-line in the majority of situations. In these cases it makes sense to invest in a chip solution from the beginning, since the security protection is clearly better.
Card associations and/or payment system operators have adopted new operating rules for their chip card products, which has motivated issuers and acquirers to perform the chip migration. Thus, the policy of decreasing the interchange fees for acquirers that do not adapt their terminals to accept chip cards can be a good reason for acquirers to implement the chip technology. At the same time, both issuers and acquirers could be encouraged to adopt the chip, through a right liability policy. This policy could stipulate that issuers and acquirers that have not accomplished the chip migration assume the entire risk in case of fraud when making a transaction with an acquirer/issuer that has performed the chip migration.
There is still another strong reason for chip migration. Instead of thinking in terms of reducing fraud, maybe it is better to think in terms of increasing revenue streams as a consequence of chip migration:
Because of better decision-making by the chip at the point of service, it is possible to improve authorization controls at a lower cost. This means that communication costs related to the on-line authorization of a transaction can be reduced in situations where the card risk management together with the terminal risk management decides that authorization can be granted locally. This improves the efficiency of debit/credit cards in a segment of payments, which were previously judged too small.
Since the chip has computation power, the payment card becomes "smart". Card applications can provide far more flexible financial services and better answer the rapid changes in the retail financial market. The same chip can accommodate several card applications, which provides the multiapplication dimension of the chip cards. This allows issuers to reduce the investment cost per card application and better combine several payment instruments that satisfy different payment behaviors. For example, the same chip card can accommodate a national debit scheme used for domestic payments, an international credit scheme suitable for relatively important payments made while travelling abroad, and a cross-border electronic purse for paying per byte for information on demand bought from Internet providers. Thus, the flexibility of customizing the financial service provided to each cardholder on an individual basis further strengthens the relationship between the cardholder and his or her bank.