EMV for Merchants and Merchant Acquirers: U.S. Migration Considerations. Smart Card Alliance Webinar October 6, 2011

Similar documents
Is Your Organization Ready for the EMV Challenge?

EMV Terminology Guide

EMV Chip Cards. Table of Contents GENERAL BACKGROUND GENERAL FAQ FREQUENTLY ASKED QUESTIONS GENERAL BACKGROUND...1 GENERAL FAQ MERCHANT FAQ...

Agenda. What is EMV. Chip vs Mag Stripe. Benefits of EMV. Timeframes & Liability Shift. Costs. Things to consider. Questions

EMV is coming. Here s how to stay ahead of the trend. Presented by CO-OP Financial Services

Effective Communication Practices for U.S. Chip Migration. Communication & Education Working Committee June 2014

EMV: Facts at a Glance

E M V O V E R V I E W. July 2014

Finding the Best Route for EMV in the US

Card Payments Roadmap in the United States: How Will EMV Impact the Future Payments Infrastructure?

ATM Webinar Questions and Answers May, 2014

Optimizing Transaction Speed at the POS

Top 5 Facts Merchants Need To Know About EMV

EMV A Chip Off the New Block

Visa Minimum U.S. Online Only Terminal Configuration

EMV and Educational Institutions:

Cards on the table! Bernd Filsinger Payment Technology Services Lead Client Support Services, Europe region

EMV Just the Facts. Ozarks Association of Government Accountants

EMV Adoption. What does this mean to your ATMs?

EMV: The Race Is On! September 24, 2013

Card Payment acceptance at Common Use positions at airports

EMV is coming. But it s ever changing.

Will US EMV Migration Impact Acquiring Worldwide?

EMV: Frequently Asked Questions for Merchants

Testing & Certification Terminology

PayPass M/Chip Requirements. 3 July 2013

U.S. EMV Migration Update. A joint presentation from Citizens Commercial Banking and Worldpay

Understanding the 2015 U.S. Fraud Liability Shifts

October is Here: Are Issuers, Merchants & Consumers Ready for EMV?

EMVCo: Operating Principles

Secure Remote Payment Council (SRPc) White Paper Discussion: EMV Enhancements Post Implementation September 13, 2016

jhapassport EMV Update:

Preparing your store for EMV

EMV, PCI, Tokenization, Encryption What You Should Know for Presented by: The Bryan Cave Payments Team

Contactless Toolkit for Acquirers

Let s Talk about EMV. getnationwide.com

EMV Adoption in the U.S.

White Paper: Reducing Certification Cycles for Chip EMV Application

Tokenization: What, Why and How

Tokenization April Tokenization. Gregory H. Soule, CPA, CISA, CISSP, CFE Senior Manager. Andrews Hooper Pavlik PLC

WHAT IS EMV IN THE U.S., AND HOW DOES IT AFFECT MY BANK? APRIL 28, 2015

EMV: The Journey Begins October 1st

EMV: Coming Soon to a Card Near You

Canada EMV Test Card Set Summary

Target, the third largest retailer in the U.S., suffered a

Pinless Transaction Clarifications

EMV IN THE U.S. HOW FAR HAVE WE COME AND WHERE ARE WE GOING? Andy Brown

Gemalto Consulting Services. Take control of your smart card implementation

To maintain the quality of our publications, we need your comments on the accuracy, clarity, organization, and value of this book.

Hot Topics in Payments Cornerstone CU League Small CU Committee July 9, 2014

The Future of Payment Security in Canada

EMV Testing and Certification White Paper: Current Global Payment Network Requirements for the U.S. Acquiring Community

EMV Migration. What You Need to Know about the Technology, the Security Protection it Provides, and When to Implement

Technology Developments in Card-Based Payments WACHA Payments 2013

EMV & Fraud POS Fraud Mitigation Tips for Merchants First Data Corporation. All Rights Reserved.

The Changing Landscape of Card Acceptance

Cyber Security in Retail

Collis/B2 EMV & Contactless Offering

Leveraging Data Security Technology. October 19 th 9:15 AM

HEADLINE INSIGHTS ON HERE EMV TRANSACTION SPEED PERFORMANCE OPTIMIZATION

JTC Resource Bulletin. EMV and Credit Card Liability: What Courts Need to Know

MULTOS World Series USA. February 7, Salt Lake City

USA EMV Test Card Set Summary

Technologies for Payment Fraud Prevention: EMV, Encryption and Tokenization

Merchant Trading Name: Merchant Identification Number: Terminal Identification Number: ANZ CONTACTLESS EFTPOS MERCHANT OPERATING GUIDE

U.S. Bank. U.S. Bank Chip Card FAQs for Program Administrators. In this guide you will fnd: Explaining Chip Card Technology (EMV)

2015 DCUC Midwest Sub-Council Conference UNITED FOR THOSE WHO SERVE

The Migration to EMV in the USA from a Founders Perspective. Philip Andreae Oberthur Technologies

Ensuring the Safety & Security of Payments. Faster Payments Symposium August 4, 2015

CONVEGO. Platforms and Applications

Merchant Services What You Need to Know. Agenda 6/5/2017. Overview of Merchant Services. EMV, Tokenization/Encryption, and PCI (Oh My!

Meeting Summary and Next Steps

Krajnska Gora, Slovenia, 27 February Petr Trombala

Quick Guide. Token Service Provider

payshield 9000 The hardware security module securing the world s payments

EMV Versions 1 & 2. Divided into 3 parts:

Quick Guide. Token Service Provider

Open Banking Model for Fare Collection. CTST May 2008

White Paper. EMV Key Management Explained

I N T E R A C. The Faster, More Convenient Way. Small Value Purchases

5/19/2015. EMV Update: May, Housekeeping items. Keith Riddle

Seeds of Change in Debit

A Guide to. US EMV Migration

Maximize the use of your HSM 8000

Securing Card Payments Challenges & Opportunities. Julie Hanson Senior Vice President, Card & Payment Products ICBA Bancard & TCM Bank, NA

EMV. When to Wait and When to Move

A Merc r ator r Adv d i v sory y Gr G oup Re R search h Br B ief S p S onsored d by J nu n a u ry

Retail Payments Summit

MOBILE (NFC) SOLUTIONS

The Shared Electronic Banking Services Company (KNET) Knet securing E-payment for EGOV

Straight Answers on PCI and EMV

Re: EMVCo Letter of Approval - Contact Terminal Level 2

Re: EMVCo Letter of Approval - Contact Terminal Level 2

esocket POS Integrated POS solution Knet

Empowering Merchants through Adoption of Global Standards

EMV * Contactless Specifications for Payment Systems

Protecting Your Future

Horizontal Integration in the Payments Industry

eid Meets Credit Cards and Biometrics: The Next Stage of Convergence Adam Ross Sales Manager eid Solutions EMEA, cv cryptovision GmbH

Transcription:

EMV for Merchants and Merchant Acquirers: U.S. Migration Considerations Smart Card Alliance Webinar October 6, 2011

Introductions Randy Vanderhoof Executive Director -- Smart Card Alliance 2

Who We Are Smart Card Alliance mission To stimulate the understanding, adoption, use and widespread application of smart card technology through educational programs, market analysis, advocacy, and industry relations.... Over 190 members, including participants from financial, retail, government, corporate, and transit industries and technology providers to those users Major activities Industry and Technology Councils Payments Council Healthcare Council Identity Council Physical Access Council Transportation Council Conferences, symposia, web seminars and educational workshops Web-based resources and email newsletters 3

Smart Card Alliance Payments Council Payments Council Mission: Education facilitating the adoption of chip-enabled payments in the U.S. Membership: 62 member organizations 2011 focus: EMV and NFC Council resources: Card Payments Roadmap in the United States white paper; EMV FAQ; EMV Resources; Smart.Payments LinkedIn Group Outreach to industry groups Standards: GlobalPlatform, ISO/ANSI Payment: ETA, NACHA Security: EMVCo, FSTC Mobile: NFC Forum, GSMA Merchant: NRF, MAG 4

Today s Speakers Randy Vanderhoof, Executive Director, Smart Card Alliance Oliver Manahan, Vice President, MasterCard Worldwide & Payments Council Co-Chair Guy Berg, Global Industry Consultant, Datacard Group Simon Hurry, Senior Business Leader, Visa Inc. & Payments Council Co-Chair Amer Matar, Chief Technology Officer, Moneris Solutions 5

Webinar Topics Global EMV deployment and results Business drivers for U.S. migration to EMV and key choices in EMV implementation EMV 101: How do EMV payment processes differ from magnetic stripe transactions; what are issuer EMV options and their implications for card acceptance; what are key considerations for EMV implementation Overview of Visa U.S. migration approach and next steps for merchants and acquirers Acquirer and merchant lessons learned from Canadian EMV migration 6

Global EMV Deployment Oliver Manahan Vice President, MasterCard Worldwide 7

Global EMV Deployment 8

Business Drivers Current equipment: Chip capable, or requires new POS? Chip brings more data Modifications to internal systems and potentially network Training, testing, etc. Reduction in fraud hence reduction in request for copy / chargebacks Opportunity to optimize processes Improvement in check-out speed 9

Key Choices Contact chip only, or contact and contactless Contactless also supports newer payment options, e.g., Mobile/NFC Support for online only, or offline as well Offline requires brand public keys within the device, and maintenance of those keys Support of cardholder verification Online PIN, Offline PIN, Signature, No CVM 10

Oliver Manahan oliver_manahan@mastercard.com Smart Card Alliance 191 Clarksville Rd. Princeton Junction, NJ 08550 (800) 556-6828 www.smartcardalliance.org 11

EMV in 10 Minutes Guy Berg Global Industry Consultant, Datacard Group 12

EMV Transaction Framework Online Dynamic Cryptogram ARPC Online Dynamic Cryptogram Online Dynamic Cryptogram ARPC Payment Brand Acquirer System Add (3) EMV New Field EMV 55 authentication data data (2) Terminal performs risk assessment Online Dynamic Cryptogram (1) EMV chip application performs risk assessment Issuer Auth System (4) Issuer Authorization Changes Dynamic cryptogram validation May return an authentication cryptogram Post issuance updates 13

EMV Card Basics Card Perspective Operating System Level MULTOS Global Platform JavaCard Card Vendor 1 Proprietary Card Vendor 2 Proprietary Card Vendor 3 Proprietary Etc... Card vendors have different chip operating systems Brands have different chip application implementations Brands have different EMV risk configuration options EMV Application Level Visa paywave Contactless EMV VSDC Contact EMV MasterCard M/Chip (EMV) PayPass M/Chip Contact EMV American Express Discover Data Level Personalization Data Risk management criteria Cardholder data Security keys and certificates 14

Terminal Perspective Each Brand has different terminal certification requirements Visa EMV terminal processing functions MC EMV terminal processing functions AMEX EMV terminal processing functions Discover EMV terminal processing functions Others EMV terminal processing functions EMV Kernel EMV terminal functions that EMVCo tests against the EMV standards and certifies Terminal Operating System 15

EMV Risk Management and Security Risk Management Decision Criteria Card Stock Security Issuance Security Data Preparation & Key Mgmt Security Offline Transaction Security PIN Online Transaction Security 16

Online EMV Authentication (Dynamic Cryptogram) EMV data EMV Field 55 data Online Dynamic Cryptogram ARPC ARPC Online Cryptogram ARQC Payment Brand Online Response Cryptogram (3DES) ARPC For Contact Chip EMV Acquirer System Online Dynamic Cryptogram (3DES) ARQC For Contact and Contactless ARPC HSM Issuer Auth System 17

Combined Online and Offline Authentication EMV transaction data Online Dynamic Cryptogram ARPC EMV transaction data Online Dynamic Cryptogram ARPC Payment Brand Acquirer System Offline Authentication SDA, DDA, CDA Online Dynamic Cryptogram (3DES) - ARQC ARPC Issuer Auth System 18

Guy Berg Guy_Berg@datacard.com 651-354-6808 Smart Card Alliance 191 Clarksville Rd. Princeton Junction, NJ 08550 (800) 556-6828 www.smartcardalliance.org 19

EMV in the USA Acceptance channel Simon Hurry Senior Business Leader, Visa Inc. 20

Agenda Layered approach to security Visa s US chip acceleration and mobile adoption announcement Network impacts EMV support considerations Summary 21

Layered Approach to Security It will take time to reach critical mass for chip deployment. A layered approach is advised to minimize risk. Static Mag Stripe PCI DSS Compliance Elimination & Encryption Authentication Dynamic Cryptogram PCI DSS Compliance Elimination & Encryption Authentication Devalue transaction data by moving to online dynamic authentication, globally Eliminate vulnerable data where possible Maintain effective security where vulnerable data remains Bridge solutions to optimize existing technologies while laying groundwork for future payment methods Expand contact chip to all markets to lay commercial framework for contactless/mobile acceptance Today Tomorrow Implement policies in U.S.A. to accelerate chip adoption 22

Visa Card Present Authentication Roadmap U.S. 2011 2012 2013 2015 Guide & Enforce Security Standards Guide PCI encryption & token standards Continue to enforce PCI & PIN compliance Tech Innovation Program (TIP) PCI validation relief for merchants that adopt dual-interface terminals Acquirer Chip Processing Require acquirer processor support for chip processing Liability Shift Debit and credit domestic and crossborder counterfeit liability shifts at all POS excluding AFDs 2017 Liability Shift Expanded Liability Shifts to include Automated Fuel Dispensers (AFDs) Global 2011 TIP* PCI validation relief for merchants that adopt contact chip terminals 2012 Cross-Border Liability Shift Global cross-border counterfeit liability shift (ex-u.s.) at POS Promote early adoption of dual-interface chip terminals Further incent deployment of chip cards and chip terminals via a liability shift policy * Visa Europe announced a corresponding program Visa Public 23

Smart (Chip) Terminal Basics Terminals, can be contact and/or contactless, but should be dual interface. Contact Ideal for use with secure higher ticket payments, where speed of transaction is not as paramount; support of issuers in offline or international markets (including the USA). http:// www.emvco.com/approvals.aspx Contact Chip Reader Contactless /Mobile Ideal for use in secure lower ticket payments, where speed of transaction is paramount. Foundation for acceptance of mobile payments Contactless/Mobile Chip Reader 24

Foundation for Dynamic Authentication across Multiple Form Factors Underlying EMV standards and data are consistent across contact chip and Visa paywave Effective April 1, 2013, U.S. acquirer processors and sub-processor service providers are required to support merchant acceptance of chip transactions Contact Chip Card Dual Interface Card Chip Data Dual Interface Chip Reader (supporting both contact chip and Visa paywave in addition to mag-stripe) Chip Data Chip data sent from Acquirer Host to VisaNet in Field 55 Mobile 25

Implementation Considerations Lead-time considerations Initiation & Planning Design & Build Phase Testing Phase Acceptance Phase Define Business Requirements Merchant Engagement Determine support for contact/ contactless/both Submit RFP to POS vendors Document POS Config & Acquirer Interfaces POS Software Development Functional & Technical specifications Evaluate POS Brand / EMV approval requirements Order terminals Determine POS physical set-up & infrastructure costs Determine test tools and testing requirements Assess host system updates for merchant/acquirer Field 55 (mandatory for CHIP data) Track #2 data (mandatory) Implement payment software modifications to test system Integration Lab/Unit Testing of devices (mandated) End-to-End Testing completed acquirer host testing Brand testing Test production store with production card Plan terminal deployment Devices and set-up Training & Signage Soft Merchant Launch Audit and modify as needed Full Production Launch RECOMMENDATION: Ensure merchant / acquirer terminal, software and processing changes are fully tested prior to implementation. 26

Summary Moving to an EMV-based POS environment and set of procedures Uses same infrastructure for contactless and contact chip Provides a path to reduce on-going PCI DSS compliance costs Chip offers increased data security and reduces the incidence of counterfeit fraud Contactless chip provides foundation for mobile payment Rewards merchants that invest in dual interface terminals Supports strengthening the existing payment methods and builds a framework for future innovation 27

Simon Hurry shurry@visa.com Smart Card Alliance 191 Clarksville Rd. Princeton Junction, NJ 08550 (800) 556-6828 www.smartcardalliance.org 28

Lessons Learned in Canadian Migration Amer Matar Chief Technology Officer, Moneris Solutions 29

Before You Start Industry wide change Issuers Consumers Merchants Acquirer / Processors Brands Understanding the goal Working together Company Logo 30

Things to Keep in Mind Understand the challenge Technology change Business change Behavioral change Do it once Inter-Brand harmonization EMVCo vs Brands 31

Where and How Do You Start Research Learn Engage Brands Industry Experience Commitment 32

Implementation Considerations Roles and responsibilities Pilot or not? 80-20 rule Industry specific verticals Acquirers 33

Amer Matar amer.matar@moneris.com Smart Card Alliance 191 Clarksville Rd. Princeton Junction, NJ 08550 (800) 556-6828 www.smartcardalliance.org 34

Q&A Session 35

Speaker Contact Information Randy Vanderhoof, rvanderhoof@smartcardalliance.org Oliver Manahan, oliver_manahan@mastercard.com Guy Berg, guy_berg@datacard.com Simon Hurry, shurry@visa.com Amer Matar, amer.matar@moneris.com Smart Card Alliance 191 Clarksville Rd. Princeton Junction, NJ 08550 (800) 556-6828 www.smartcardalliance.org 36

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback