EMV A Chip Off the New Block

Similar documents
Technology Developments in Card-Based Payments WACHA Payments 2013

EMV is coming. But it s ever changing.

EMV is coming. Here s how to stay ahead of the trend. Presented by CO-OP Financial Services

EMV Chip Cards. Table of Contents GENERAL BACKGROUND GENERAL FAQ FREQUENTLY ASKED QUESTIONS GENERAL BACKGROUND...1 GENERAL FAQ MERCHANT FAQ...

ATM Webinar Questions and Answers May, 2014

Is Your Organization Ready for the EMV Challenge?

Top 5 Facts Merchants Need To Know About EMV

Understanding the 2015 U.S. Fraud Liability Shifts

EMV and Educational Institutions:

E M V O V E R V I E W. July 2014

EMV: Frequently Asked Questions for Merchants

Canada EMV Test Card Set Summary

EMV: The Journey Begins October 1st

Card Payments Roadmap in the United States: How Will EMV Impact the Future Payments Infrastructure?

EMV: Facts at a Glance

Tokenization: What, Why and How

EMV Adoption in the U.S.

Card Payment acceptance at Common Use positions at airports

Visa Minimum U.S. Online Only Terminal Configuration

EMV, PCI, Tokenization, Encryption What You Should Know for Presented by: The Bryan Cave Payments Team

The Changing Landscape of Card Acceptance

Tokenization April Tokenization. Gregory H. Soule, CPA, CISA, CISSP, CFE Senior Manager. Andrews Hooper Pavlik PLC

Cards on the table! Bernd Filsinger Payment Technology Services Lead Client Support Services, Europe region

EMV: Coming Soon to a Card Near You

EMV Migration. What You Need to Know about the Technology, the Security Protection it Provides, and When to Implement

Pinless Transaction Clarifications

PayPass M/Chip Requirements. 3 July 2013

EMV Just the Facts. Ozarks Association of Government Accountants

EMVCo: Operating Principles

EMV & Fraud POS Fraud Mitigation Tips for Merchants First Data Corporation. All Rights Reserved.

EMV IN THE U.S. HOW FAR HAVE WE COME AND WHERE ARE WE GOING? Andy Brown

USA EMV Test Card Set Summary

The Future of Payment Security in Canada

Acquirer JCB EMV Test Card Set Summary

Optimizing Transaction Speed at the POS

EMV. When to Wait and When to Move

JTC Resource Bulletin. EMV and Credit Card Liability: What Courts Need to Know

EMV * Contactless Specifications for Payment Systems

Seeds of Change in Debit

Horizontal Integration in the Payments Industry

PIN Issuance & Management

HEADLINE INSIGHTS ON HERE EMV TRANSACTION SPEED PERFORMANCE OPTIMIZATION

A Merc r ator r Adv d i v sory y Gr G oup Re R search h Br B ief S p S onsored d by J nu n a u ry

Quick Guide. Token Service Provider

I N T E R A C. The Faster, More Convenient Way. Small Value Purchases

Ensuring the Safety & Security of Payments. Faster Payments Symposium August 4, 2015

White Paper. EMV Key Management Explained

esocket POS Integrated POS solution Knet

EMV : One year later. Merchants take steps to adapt and address challenges in the year following the shift to EMV technology at the point of sale

Securing Card Payments Challenges & Opportunities. Julie Hanson Senior Vice President, Card & Payment Products ICBA Bancard & TCM Bank, NA

U.S. Bank. U.S. Bank Chip Card FAQs for Program Administrators. In this guide you will fnd: Explaining Chip Card Technology (EMV)

FTFS. Fault Tolerant Financial Systems

Merchant Services What You Need to Know. Agenda 6/5/2017. Overview of Merchant Services. EMV, Tokenization/Encryption, and PCI (Oh My!

Security enhancement on HSBC India Debit Card

Contactless Toolkit for Acquirers

Quick Guide. Token Service Provider

Protecting Your Future

Smart Cards and EMV Adoption in China

The Shared Electronic Banking Services Company (KNET) Knet securing E-payment for EGOV

Collis/B2 EMV & Contactless Offering

ARGO SP3 US Common AID Update Software Release Notes

Maximize the use of your HSM 8000

WHITE PAPER. Focus on value added services by network companies a paradigm shift. Rahul Kaushal, Ramakant Mittal

payshield 9000 The hardware security module securing the world s payments

EMV Versions 1 & 2. Divided into 3 parts:

EMV Testing and Certification White Paper: Current Global Payment Network Requirements for the U.S. Acquiring Community

Helping merchants automate testing practices.

NetSuite Integration for CyberSource. Getting Started Guide

The Migration to EMV in the USA from a Founders Perspective. Philip Andreae Oberthur Technologies

Aconite Smart Solutions

PCI BLOG. P2PE, EMV, Tokenization, Oh My!

EMV ESSENTIALS EMV U.S. ISSUERS FOR AND MERCHANTS. Essentials for U.S. Issuers and Merchants A Mercator Advisory Group Whitepaper Sponsored by SHAZAM

Payment Services. Issuing Processing. Product & Service Portfolio for Retailers

Payment Card Industry Data Security Standard Self-Assessment Questionnaire B Guide

A Guide to. US EMV Migration

CONVEGO. Platforms and Applications

Visa Digital Solutions. Rocio Beckham Community Issuers

ADDING VALUE TO SECURITY. How Issuers Can Leverage Tokenization to Capture New Revenue-Generating Opportunities. firstdata.com

eid Meets Credit Cards and Biometrics: The Next Stage of Convergence Adam Ross Sales Manager eid Solutions EMEA, cv cryptovision GmbH

International Processing for the Financial Industry

Verifone MX 915/925 Payment Devices. with KWI 6.x POS Registers: What s New?

EMV Migration for the US Parking Industry EMV and the Parking Industry

Instant issuance in retail breaks new ground for banks

Policies and Procedures

CANADIAN PAYMENTS ASSOCIATION ASSOCIATION CANADIENNE DES PAIEMENTS RULE E4

Online Payment Services

EMV 3-D Secure Press Kit Q&A

Job Profile Definition

First Data EFTPOS. User Guide. 8006L2-3CR Integrated PIN Pad

VeriFone VX QUICK REFERENCE GUIDE

Re: EMVCo Letter of Approval - Contact Terminal Level 2

Topics. First Data and STAR Network overview. Competitive advantage. Fraud in emerging payments. Fraud innovation what s coming

HCE Driving NFC: From Idea to Reality to Ubiquity. Mobey Day October 7/8, 2014

Payments - EMV Review. EMV Functionality Inside OpenOne

KNOW YOUR RUPAY DEBIT CARD

PAYMENT CARD INDUSTRY DATA SECURITY STANDARD SELF-ASSESSMENT QUESTIONNAIRE (SAQ) A GUIDE

Retail Payments Summit

The October 1 EMV Liability Shift: Everything You Need to Know

Point-of-Sale Terminals

Transcription:

EMV A Chip Off the New Block WACHA Taking Flight With Payments March 18, 2014 Paul Tomasofsky President, Two Sparrows Consulting Paul@TwoSparrowsConsulting.com (201) 930-9551 Christa Addy Product Manager, Shazam Network caddy@shazam.net 800-537-5427, ext. 4147 Ann Davidson CUNA Mutual Group Senior Consultant-Risk Management Ann.Davidson@CUNAMutual.com 800-356-2644, ext. 6657117

The opinions expressed by Mr. Tomasofsky, Ms. Addy and Ms. Davidson during this presentation are exclusively their own and subject to change. 2

Agenda Chip Card Refresher Regulation II and Chip Global Brands Roadmaps for EMV What Issuers Want What Merchants Want Current U.S. Landscape Open Standards 3

Chip Card Refresher EMV History Europay International SA, MasterCard and VISA 1994 Initial Specification Developed EMVCo-formed in 1999 to manage the specification VISA, MasterCard -1999 (Europay became part of MasterCard in 2002) JCB - 2004 American Express - 2009 Discover, UnionPay - 2013 4

How EMV Works Integrated Circuit Card (ICC) Designed to be used as Contact or Contactless Not just a card but a system Terminals New Messaging Data New Application Logic New Configuration Settings All Stakeholders Affected Issuers Merchants Processors Networks Cardholders 5

How EMV Works Card Stock Chip is Locked Before Issuance Keys Need to be Injected onto Cards Card Security CVC1 and CVV1 from Magnetic Stripe CVC2 and CVV 2 from Signature Panel Chip CVV (new for EMV) Online and Offline Processing Options Multiple Cardholder Verification Methods Issuer can send updates to card via terminals for some functions 6

Online Transactions Chip uses 3DES Encryption Authorization and PIN CVM validation goes to host Terminal s integrity is checked Additional expected data generated that Issuer can validate and mitigate card counterfeiting Not all data is encrypted; PAN and expiry are in the clear 7

Offline Transactions Chip and terminal interact for authorization (No message to host) PKI used to encrypt transaction between chip and terminal Validates card is valid; can use dynamic data that will mitigate card counterfeiting Not all data is encrypted; PAN and expiry are in the clear Issuer can set parameters to force online authorization 8

Cardholder Validation Methods Issuer has options as to CVMs: Online PIN Offline PIN Signature NO CVM Issuer chooses a CVM priority list order Merchant Terminal match needed ATMs can be different than POS 9

Applications and Application Identifier (AID) Application AID Contains the parameters that are used during the interaction between the card and the terminal Written onto chip during card production Identifies owner of the application Helps the terminal work to process the card options Network operating rules are linked to the AID Chip cards can have multiple AIDs present Terminal must be able to support the AIDs on the card 10

EMV Benefits Mitigates counterfeit cards; reduces fraud associated with usage of counterfeit cards Introduces dynamic data that bad actors can t easily replicate Allows for offline processing 11

Chip and Data Breaches Chip cards still have PANs and Expiry in the clear These elements can be intercepted during processing Can then be used for Card Not Present transactions Much more difficult to create a counterfeit EMV card than a counterfeit magnetic stripe card During an EMV deployment transition, magnetic stripes will still be needed on cards because terminal deployment will take time 12

Regulation II and Chip Unaffiliated Debit Networks Requirement Common Application/AID Multi-Application/AIDs Merchant Routing Choice EMV was developed as Issuer choice ATM Implications (not part of Regulation) 13

Key Milestones October 1 PCI Relief Early Conversion April 1 Merchant Acquirer Requirement October 15 Liability Shift Merchant Fraud October 15 Liability Shift Gasoline Retailers 2012 2013 2014 2015 2016 2017 October 1 PCI Relief Early Conversion October 16 Merchant Acquirer Requirement October 1 Liability Shift Merchant Fraud October 1 Liability Shift Gasoline Retailers 14

Debit Network Alliance Formed December 2013 Delaware LLC Group dates back to April 2012 SRPc Chip and PIN WG 15

About Debit Network Alliance Collaborative effort to provide interoperable adoption of chip technology for debit payments, while supporting security, innovation, and optimal technology choice. Equal access to EMV chip technology under terms supporting competition, network choice, innovation, and delivery of value to network participants. Perpetual access to the technology deployed to accomplish EMV in the US, the ideal solution for all parties represented by shared governance of the common debit AIDs Support for all transactions types (PIN, signature, no-cvm) supported by the debit networks both existing and future 16

What Issuers Want Compliance to Reg II Flexibility to port solutions between debit networks Support for all CVMs 17

What Merchants Want Single AID for domestic debit Routing Choice Support for all CVM Most prefer PIN 18

Judge Leon Ruling Judge Richard Leon vacates Fed interpretation Fed did not follow will of Congress Including other costs in setting debit interchange rate Fed must re-visit and do so quickly Two unaffiliated networks also mis-interpreted Two per authentication method was meant Implications 19

What Makes Sense Solutions that meet the Issuer requirements of portability among Networks without re-issuing cards Solutions that technically meet the Merchant and ATM owner requirements of a single Common US Debit AID on each card, allowing for AID selection, and host routing decisioning Ownership or perpetual agreement Cost effective Support for all transaction types Ensure competitive landscape 20

Standards for Chip EMVCo control of standard causes difficulties Standard development too closely tied to business models Open, Consensus Standards is Preferred All stakeholders contribute Access to technology Robust innovation Robust competitive landscape Tokenization is next battleground 21

Questions

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback