MasterCard made a decision not to allow remote key injection capabilities that allows merchants to install new encryption keys on point-of-sale devices.  Now these merchants are stuck doing this work manually at an off-site facility.  Organizations that are trying to comply with the Payment Card Industry – Data Security Standard are now hamstrung in their implementation capability, especially those who may have hundreds or even thousands of such devices.

It is unknown why MasterCard has taken this route but it certainly is a step backward in securing credit card information in transit and an increase in expense for merchants trying to comply.  This expense somehow will be passed along to consumers.

Considering the goal is to improve security by increasing the level of encryption, it is difficult to comprehend why automating this process would be a problem.  Considering a lot of money has gone into R&D for RKI research and it is designed to reduce the burden on merchants while improving security, I think MasterCard should have to publicly detail why they think that is bad.  There may very well be a reason behind this but as it sits, this is a defeat for secure credit card transactions.