Comment Re:Trust us with your payments (Score 2) 730
It probably doesn't. This Secure Element+rotating CVV thing is the same as what Google Wallet uses/used, and it's just not the same technology as EMV. Similar concept from what I understand but not actually the same. EMV requires merchants to upgrade their backend infrastructure because they fundamentally aren't just passing around credit card numbers anymore, whereas this is designed to let merchants skip all that and pretend they're still charging regular credit card numbers, with the last three digits changing per transaction. One question in my mind is what happens after you made 1000 transactions: presumably the CVVs start being reused? Or perhaps if they're semi-random they start colliding before that.
At any rate, the big question is whether VISA/MC/the banks will interpret this half-assed non-EMV thing as being as secure as regular EMV. I don't see how it can be, myself, but I've never looked at this in depth. The 2015 date refers to the liability shift. It doesn't imply an actual flag day or widespread deployment of EMV. The idea is after that date whoever has the weaker technology pays for fraud. If the bank hasn't deployed EMV and the merchant has, the bank pays. Otherwise it's vice versa. But I'm not sure how that works here - banks aren't issuing iPhones to people, so when does the merchant win? If the user doesn't have an iPhone? Seems tricky.
Anyway don't expect this to work outside the USA. Not only is the tech different but it's also fundamentally useless. Contactless EMV cards are being rolled out around the world now and they're convenient because you don't have to type in the PIN for small amounts, whilst still being secure. For larger amounts, the PIN is still required. But the cards don't require batteries, can be dropped on the ground, slide inside a wallet, can't be hacked, make payments in just a second or two etc. So it's not clear why you'd want to use a phone instead of a card for this.