A few days ago, I stumbled upon an article from Jeremy Gumbley (CreditCall) titled “EMV in the cloud – A Vision For The Future Of Global EMV Adoption“. Jeremy’s point is that by moving to the cloud most of the logic which resides within a point of sales terminal, retailers could save a lot of money. These new “dummy” terminals would require less maintenance, less upgrades, and their manufacturers wouldn’t have to go as often through the certification process. He’s right, but he’s ignoring EMV contactless transactions which are hardly “cloud-compatible”.
Jeremy is definitely right to outline the certification cost, especially given that the global tendency is to have more and more standards in addition to the EMV standard, that are frequently updated and require re-certification. If the kernel, which manages the dialog with the chip cards EMV applications, could be extracted from the terminal and put on a remote server, the terminal wouldn’t have to be certified each time the standard changes. The terminal would become a secure relay between the card and the remote kernel, and the latter is the one that would have to get certified. Major issues would be network availability, but that would be up to the retailer to ensure it, and latency, but adding a couple of seconds to your EMV transaction shouldn’t be too much of an issue.
But my (very) small experience with EMV makes me believe that Jeremy is missing one other big tendency : contactless payment. Contactless is getting more and more popular. This report from VISA predicts that the number of transactions in UK in 2013 will be 4 times the one of 2012. At the same time, Sage Pay reports a 2389% increase of the number of contactless transactions between January and July 2013 in Ireland. Major contactless card providers (ex : Visa PayWave, Mastercard PayPass, Interac Flash) have their own own flavour of the EMV contactless protocol, but all of them have the same constraint : the transaction time must be really short (under 500ms, as required per Visa PayWave Specifications, for example), so that the user can “tap” to pay. Ensuring that the dialog between the remote kernel and the contact less card is completed in such a short amount of time looks like a challenge. Your remote server would have to sit next to your terminal… So, EMV in the cloud, maybe. But probably not for contactless transactions, and I wouldn’t bet on any technology that is not ready for contactless.