Cards on the table! Bernd Filsinger Payment Technology Services Lead Client Support Services, Europe region

Similar documents
EMV Terminology Guide

Is Your Organization Ready for the EMV Challenge?

Agenda. What is EMV. Chip vs Mag Stripe. Benefits of EMV. Timeframes & Liability Shift. Costs. Things to consider. Questions

EMV 101. EMV Migration Forum Webinar March 6, 2014

EMV is coming. Here s how to stay ahead of the trend. Presented by CO-OP Financial Services

EMV: Strengthen Your Business Through Secure Payments

EMV for Merchants and Merchant Acquirers: U.S. Migration Considerations. Smart Card Alliance Webinar October 6, 2011

EMV: Facts at a Glance

EMV 101. Guy Berg Senior Managing Consultant MasterCard Advisors

PayPass M/Chip Requirements. 3 July 2013

EMV Chip Cards. Table of Contents GENERAL BACKGROUND GENERAL FAQ FREQUENTLY ASKED QUESTIONS GENERAL BACKGROUND...1 GENERAL FAQ MERCHANT FAQ...

Target, the third largest retailer in the U.S., suffered a

Visa Minimum U.S. Online Only Terminal Configuration

Card Payments Roadmap in the United States: How Will EMV Impact the Future Payments Infrastructure?

EMV Adoption. What does this mean to your ATMs?

EMV Implementation Guide

EMV A Chip Off the New Block

EMV Beyond October 1, Kristi Kuehn VP, Compliance Heartland

White Paper: Reducing Certification Cycles for Chip EMV Application

EMV: GET READY. Michelle Thornton, CO-OP Financial Services

Winter 2019 Network Updates. Webinar Presentation January 29, 2019

EMV: Frequently Asked Questions for Merchants

EMV Validation (on-behalf of) Service

U.S. EMV Migration Update. A joint presentation from Citizens Commercial Banking and Worldpay

Extending EMV Payment Smart Cards with Biometric On-Card Verification

EMV: The Race Is On! September 24, 2013

EMV THE DEFINITIVE GUIDE FOR US MERCHANTS AND POS RESELLERS

E M V O V E R V I E W. July 2014

Testing & Certification Terminology

Understanding the 2015 U.S. Fraud Liability Shifts

Ignite Payment s Program on EMV

The State of EMV Harland Clarke Card Services

Testing Best Practices. Derek Ross ICC Solutions

It s Not Too Late for EMV What You Need To Do Now!

Card Payment acceptance at Common Use positions at airports

The Global Migration to EMV and What is Happening in the U.S.

Top 5 Facts Merchants Need To Know About EMV

EMV Frequently Asked Questions for Merchants May, 2015

EMV is coming. But it s ever changing.

ECSG (Vol Ref. 8.A01.00) SEPA CARDS STANDARDISATION (SCS) VOLUME. Payments and Cash Withdrawals with Cards in SEPA

Choosing the Correct Card Technologies, Options and Card Management Strategies for Issuers

EMV * ContactlessSpecifications for Payment Systems

Visa s Future of Security Roadmap: Australia

EMV and Educational Institutions:

Frequently Asked Questions for Merchants May, 2015

EMV FAQ S FROM A MERCHANT S PERSPECTIVE

Introduction to EMV BEYOND PAYMENT

A Merchant s Path to EMV Understanding Impacts To Your Business

THE ADOPTION OF EMV TECHNOLOGY IN THE U.S. By Guy Berg Global Industry Sales Consultant Datacard Group

EMV Basics and the market

The Changing Landscape of Card Acceptance

Heartland Payment Systems

Merchant Considerations for U.S. Chip Migration. EMV Migration Forum/National Retail Federation September 2014

Merchant Considerations for U.S. Chip Migration. EMV Migration Forum/National Retail Federation September 2014

ATM Webinar Questions and Answers May, 2014

EMV in the U.S. Liability shift; what does this mean for the U.S.?

Tokenization: What, Why and How

MITIGATE THE RISK OF FRAUD AND COMPLIANCE COSTS with EMV mandates. An NCR white paper

Contactless Payment Latest Trends

CONVEGO. Platforms and Applications

Mobile and Contactless Payments Requirements and Interactions

Visa Fuel Segment Update

EMV Versions 1 & 2. Divided into 3 parts:

Crash Course: What are EMV and the EMV Liability Shift?

Optimizing Transaction Speed at the POS

Merchant Testing and Training Pack

Plain English Guide: Why Financial Institutions Should Keep EMV Data Preparation In-House

The Evolution of Payment Specifications and Tokenization. Smart Card Alliance and EMVCo Webinar October 1, 2015

1.9 billion. contactless Toolkit for financial institutions ADDING CONTACTLESS. MasterCard and Maestro Contactless

Extending EMV Payment Smart Cards with Biometric On-Card Verification

Ensuring the Safety & Security of Payments. Faster Payments Symposium August 4, 2015

OU, IM990C, Master Computer Science. Thesis Security evaluation of the NFC contactless payment protocol using Model Based testing

The Migration to EMV in the USA from a Founders Perspective. Philip Andreae Oberthur Technologies

Will US EMV Migration Impact Acquiring Worldwide?

EMV IN THE U.S. HOW FAR HAVE WE COME AND WHERE ARE WE GOING? Andy Brown

Chargeback Best Practices. September 7, 2016

MAKE WAY FOR THE EMV CREDIT CARD. What You Need to Know for a Smarter POS Strategy.

The Evolution of Payment Specifications and Tokenization. Smart Card Alliance and EMVCo Webinar November 4, 2015

Cloning Credit Cards: A combined pre-play and downgrade attack on EMV Contactless

Dates Visa MasterCard Discover American Express. Acquirers, subprocessors. support EMV. International ATM liability shift 2

The Small Business Guide to Mastering EMV

EMV Adoption in the U.S.

VARTECH NATION. EMV Certification for IT Professionals

Dual-Interface Card Personalization

Tokenization April Tokenization. Gregory H. Soule, CPA, CISA, CISSP, CFE Senior Manager. Andrews Hooper Pavlik PLC

Glocal Test Pack. Product description and user s guide 2018 MERCHANT TESTCARDS ALL RIGHTS RESERVED

Secure Remote Payment Council (SRPc) White Paper Discussion: EMV Enhancements Post Implementation September 13, 2016

Covering Your Bases: The State of EMV & Beyond

Technology Developments in Card-Based Payments WACHA Payments 2013

EMV Cards - Chipping Away at Fraud

SpanKey & SpanKey/SE

Smartcards and Beyond

Quick Guide. Token Service Provider

Stock Taking Exercise & Implementation plan Progress Report

Visa Digital Solutions. Rocio Beckham Community Issuers

Pinless Transaction Clarifications

Contactless Toolkit for Acquirers

U.S. Bank. U.S. Bank Chip Card FAQs for Program Administrators. In this guide you will fnd: Explaining Chip Card Technology (EMV)

EMV 3-D Secure Press Kit Q&A

Canada EMV Test Card Set Summary

Transcription:

Cards on the table! Bernd Filsinger Payment Technology Services Lead Client Support Services, Europe region

Notice of confidentiality This presentation is furnished to you solely in your capacity as a customer of Visa Inc. and/or a participant in the Visa payments system. By accepting this presentation, you acknowledge that the information contained herein (the Information ) is confidential and subject to the confidentiality restrictions contained in Visa s operating regulations and/or other confidentiality agreements, which limit your use of the Information. You agree to keep the Information confidential and not to use the Information for any purpose other than in your capacity as a customer of Visa Inc. or as a participant in the Visa payments system. The Information may only be disseminated within your organization on a need-to-know basis to enable your participation in the Visa payments system. Please be advised that the Information may constitute material non public information under U.S. federal securities laws and that purchasing or selling securities of Visa Inc. while being aware of material non public information would constitute a violation of applicable U.S. federal securities laws. 2

Visa? 3

Visa the payment scheme 3.1 billion Visa cards (Dec 2016) 65 000 txn/second 160 currencies 4

Agenda EMV migration status Card payment technology Contactless The Visa ecosystem Card personalisation & testing Innovation and trends 5

EMV migration status 6

EMV migration Europe - Cards 533 million Visa cards in issuance, of which 445 m are EMV = 83.5 %. 71% are PIN preferring 7

Acceptance in Europe ~90-95% EMV POS terminals 8

EMV migration global terminals 9

EMV migration US 10

EMV migration US 11

EMV migration US 12

Card payment technology 13

Transaction flow 14

What is EMV? Global specification supporting smart card / terminal interoperability and transaction processing of credit and debit cards Non-competitive specification Developed by Europay, MasterCard and Visa (EMV) in 1994 Now owned by Amex, Discover, JCB, MasterCard and Visa EMV Version 3.1.1 in 1998; EMV Version 4 in 2000 EMV Version 4.3 since November 2011 15 Implementing Chip with VSDC January 2009 15

EMV and its Purpose EMV provides international interoperability for chip-based credit and debit Set of functions for Communicating with card (protect card) Framework for card and cardholder authentication Framework for card and terminal risk management It provides Security - ability to keep secrets ; active security; upgradeable Capacity - much more data on the card Data processing - ability to receive, process and supply data Security and Services! 16 Implementing Chip with VSDC January 2009 16

Payment Specifications EMV specification hierarchy within the payment industry NATIONAL (examples) ABI UKIS CB5 JCCA CARD SCHEMES VIS MCHIP AEIPS INDUSTRY WIDE 17 Implementing Chip with VSDC January 2009 17

EMV Specifications Authorisation data - Transactions storage - Communication protocol Transaction flow Data Interface Interfac e& Data - Risk management - Personalisation - Internal functions Not covered by EMV EMV specifications Not covered by EMV 18 Implementing Chip with VSDC January 2009 18

EMV security benefits Type of Fraud Counter-measures Magnetic Stripe VSDC Counterfeit Card Verification Value (CVV) (Online Only) Static Data Authentication (Offline) icvv (Online) Skimming Lost & Stolen PIN Verification Value (PVV) (Online Only) Static Data Authentication (Offline) Dynamic Data Authentication (Offline) + Offline PIN (Offline) OR Card Authentication (Online) 19 Implementing Chip with VSDC January 2009 19

Visa EMV cards VSDC contains the same data as the magnetic stripe and new features/data specific to the chip application Offline and online usage controls The ability to authenticate the card s validity Offline PIN verification The ability to change the card s data after the card has been issued VSDC = Visa Smart Debit/Credit VSDC cards continue to carry a magnetic stripe with the same cardholder information as before Cardholder Name Card Account Number Expiration Date However, the Service Code must be updated to indicate the presence of a chip 20 Implementing Chip with VSDC January 2009 20

Chip transaction data flow Chip Data Acquirer Chip Data Visa Chip Data Issuer $52.95 21 Implementing Chip with VSDC January 2009 21

Chip transaction data flow Application Selection Initiate Application Read Application Data Offline Data Authentication Processing Restrictions Cardholder Verification Card and Issuer Authentication Online Script processing Terminal Risk Management Card Risk Management Online or Offline decision Offline COMPLETE 22 Implementing Chip with VSDC January 2009 22

Cardholder Verification Application Selection Initiate Application Read Application Data Offline Data Authentication Processing Restrictions Cardholder Verification Terminal Risk Management Card Risk Management Issuer decides on their Cardholder Verification Method (CVM) List and personalises it onto the card Online PIN Signature Offline Enciphered PIN Offline Plaintext PIN Approve? Decline? Online? Offline Online Scripts Online Authentication The terminal reviews the card s CVM List and determines which CVM to use for the transaction (based on the CVM supported by the terminal) For Mobile: CDCVM (Cardholder Device CVM) / Passcode 23 Implementing Chip with VSDC January 2009 23

CVM Decision (CVM= Cardholder Verification Method) Card s CVM List Terminal s Supported CVMs Signature Online PIN No CVM X X X Offline Enciphered PIN Offline Plaintext PIN Online PIN Signature No CVM The terminal checks the card s CVM list and the first mutually supported method is selected For this example: Signature 24 Implementing Chip with VSDC January 2009 24

The Cryptogram Authorisation card encrypts data and sends to issuer host for decryption. This is known as online Issuer Authentication and Card Authentication Mechanism (CAM) Network Terminal Acquirer Scheme to issuer 3DES Key 3DES Key ARQC = Authorisation Request Cryptogram (in request) ARPC = Authorisation Response Cryptogram (in response) Note: VisaNet can also validate ARQC and generate ARPC on issuer s behalf (like the VisaNet CVV service) 25 Implementing Chip with VSDC January 2009 25

CVM preferences & Acceptance landscape (CVM= Cardholder Verification Method) Europe: most commonly used CVMs for cards at POS are offline & online PIN. Signature to a much lesser extend. Exceptions are: UK France Finland Ireland Iceland which do NOT support online PIN at POS terminals. US: signature, PIN Online only in US, Europe moving towards more online (ZFL* for contact; ZFL for contactless in selected key countries from 10/2017) * ZFL: zero floor limit ie transaction always goes online 26

Contactless 27

Offline Transaction Risk Management Domestic Offline Value Based Value based limits for transactions carried out in domestic currency. Limits on both accumulated value and single transaction value. Low Value Payment (VLP) option Designed to allow you to limit contactless offline spending on the Visa paywave card independently of any offline risk management or limits for contact transactions. Low Value with Cumulative Total Transaction Amount (CTTA) option Designed to allow you to limit all offline spending on the Visa paywave card (both contact and contactless). New functionality allows support for up to 5 additional currencies which are converted into the domestic currency and treated as domestic. 28 7/18/2017 Visa Europe

Offline Transaction Risk Management Low Value Payment (VLP) option + CTTA CTTA (Cumulative Total Transaction Amount) tracks the cumulative amount of contact and contactless transactions. - Counts up from zero. Required settings: CTTA Limit CTTA Upper Limit CTTAUL 250 CTTAL 200 Available Funds 50 VLP Funds Limit 50 Single Transaction limit 15 VLP Threshold 15 CTTA 0 VLP + CTTA working in parallel 29 7/18/2017 Visa Europe

Our vision making daily life easier with contactless Leave home Pay for the toll Park the car Grab a coffee Lunch Board the train Back on the train Grab a snack Pick up the car Home again 30 Visa Europe Confidential

Visa contactless evolution 2007 2016 Cards only Debit/Credit only Offline only LVP (low value payment) only All form-factors All business lines Online-capable LVP and HVP (low/high value) 31 7/18/2017 Visa Europe

Transport for London 3 million customers every day 3.3bn journeys every year 8.2bn income 2.9bn in fare revenues Multiple modes of transport complex fare model 32 Visa Visa Europe Confidential Confidential 7/18/2017 Visa Europe

Contactless mandates / Contactless market share Terminal mandate: Dec 2015 for new terminals. and by Dec 2019 all terminals must be dual interface Card mandate: Dec 2016 (key markets) 33

The Visa ecosystem Card personalisation & testing 34

Visa Ecosystem where do our rules apply Merchant Acquirer Visa Issuer Store Member Bank Vendors 35 Implementing Chip with VSDC January 2009 35

Innovation process Typically the innovative vendor finds an interested issuer (or vice versa) they approach Visa pilot waiver for trial period if successful, included in BAU rules then available for commercial use New Visa innovation culture: Innovation Centre (Visa European region HQ, London) APIs, SDKs, 36

Testing Principles Card testing at Visa: Level 1 / level 2 testing at EMVCo/Visa-approved lab Personalisation ( application level / level 3 ) testing at Visa (or self-service) General testing principles: Balance efficiency with infrastructure quality Drive self-service / automation Give a role to third parties / testing houses 37

Type approval timeline Chip Bulletin 36: Card Lifecycle Management Policy (Nov 2015) 38

Card products Happy with (and agnostic about) a diversity of chip products (native, JavaCard, jnet, ) CPA: already sunset this year - but continued type approval for the products in the Europe region (Seccos, EMV I 16/20) from London 39

How VPA Bridges The Personalisation Gap (VPA= Visa Personalisation Assistant - a mandated online tool) Bank Step 1: VPA Bank / Bureau Step 2:Data Preparation Data Preparation Module Make VSDC personalisation business decisions Review and confirm business decisions Create output file Provide VPA output file to data preparation Provide VPA output file to personalisation validation Use VPA output file for VSDC parameters Add cardholder specific data (from issuer) Add cryptographic data (e.g., SDA data, DES keys) Create data prep output file 40 7/18/2017 Visa Europe

How VPA Bridges The Personalisation Gap Bank / Bureau Step 3:Personalisation Step 4: Personalisation Validation Use data preparation file to personalise cards VPA output file as personalisation validation profile Validate personalisation settings 41 7/18/2017 Visa Europe

VPA Entry Screen generation of the relevant profile Possible to generate profiles to both VIS 1.4.1 and 1.5.1 specs for contact and VCPS 2.1.1 for contactless. Selection takes place on the VPA Entry Screen 42 7/18/2017 Visa Europe

European issuance landscape Great variety of profiles - too much variety Complex risk management still needed in the new zero-floor limit landscape? New process during 2017: Set of simplified profiles in VPA-SPS Self-service testing for issuers 43

Biometrics 44

Biometrics 45

Biometrics 46

Biometrics 47

Biometrics 48

Biometrics - Specifications Update EMVCo Biometric Terminal Specification (SB-185) Published March 2017. Optional enhancement to EMV terminals. Supports capture on terminal and match on card mode. Supports capture on terminal and match on host mode. Supports Facial, Finger, Iris, Palm and Voice verifications. Defines new CV Methods and defines previously RFU bits in TVR. Support on a terminal requires use of a Biometric Solution ID to identify the biometric solution. If a Biometric Solution ID has not yet been assigned to the biometric solution, this requires registration with EMVCo to obtain a Biometric Solution ID; process being defined in EMVCo. Visa Biometric Card Specification (VBCS) 1.2 Expected to be published in Q2 2017. Supports capture on terminal and match on card mode. Supports Facial, Finger, Iris, Palm and Voice verifications. Supports 1:1 and 1:N matching mechanisms. Applet under development works with a separate biometric matching applet to store reference biometric template and do the biometric comparison 49

Innovation & Trends 50

Card innovation Multi-application products (e.g. debit/credit on the same card) Multichoice cards Issuer Discretionary Data for product differentiation at issuer host level Dynamic CVV2 products in France (Chip Bulletin 40) Fleet card product extra data on the card on the card-terminal interface in the transaction message 51

Microtags 52

Microtags 53

Microtags 54

Microtags and Meta CVM Wearables are complementary to mobile and card challenge in Offline PIN markets Meta CVM refers to a CVM validated elsewhere at the issuer host Meta CVM typically managed by companion app on the mobile phone 55

Mobile The SE (Secure element for mobile payment credentials) where it lived (and still lives) before it moved into the cloud in HCE (Host Cloud Emulation): 56

Tokenisation 57

Tokenisation 58

Tokenisation 59

Tokenisation 60

Terminal innovation mpos ( mobile Point-of-Sale ) devices make use of cardholder device for acceptance Greater variety (e.g. tablet device which is POS, unattended POS, mpos at the same time) 61

Regulatory challenges for European issuance Visa enables issuers to be compliant with regulatory requirements e.g. IFR (Interchange fee regulation) product identification: Mandate to personalise product identifier on the card Guidance to acquirers/retailers/terminal vendors for best-practice implementation of product choice at point-of-sale In practice: little take up by the retailers Further regulatory requirements around CVM 62

Thank you Any questions? filsingb@visa.com

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback