CARTES considers questions of security

Ensuring the security of payment systems is essential to maintain consumer confidence.

The conference track ‘EMV: Challenges and benefits’, looks at ways of improving that security. When a customer uses his payment card in a store, he expects that the system will be secure. The interaction between EMV payment cards and POS terminals is strictly controlled.

However, despite the existence of many systems that encrypt the PAN moving between the card reader and the processing infrastructure, part of the PAN’s journey is still ‘en clair’ – unencrypted. Over the years, the industry has spent a great deal of time and money on enforcing compliance with PCI DSS across the payment industry. However, data breaches still happen.

Milos Dunjic, CTO, Cardis International, will present a new solution that implements PAN with format preserving encryption (FPE) inside the card’s EMV payment application and is fully under the card issuer’s control. The new system is said to be radically different from previous methods. The solution is said to be fully resistant to replay attacks, as it ensures that the PAN reference is valid for only a single transaction. Since POS terminals, merchant acquirer and payment network systems handle only a unique per transaction format preserving PAN references, this eliminates the danger of criminals stealing real PAN data and then using it in CNP payments. Following on from this presentation, Andreas Strobel, board member with the Smart Payment Association, will give a presentation that analyses the advantages and disadvantages of different implementations, reflecting different business models. He will assess the standardisation efforts for online payment using tokens.


‘End-to-end tokenisation of PAN between EMV-application/digital-wallet and issuer host’, 14:40-15:00, Room 3

‘A Secure Profile for Tokenization in E and M-Commerce’, 16:30-17:00, Room 3