A Merchant s Path to EMV Understanding Impacts To Your Business

Similar documents
EMV: Facts at a Glance

EMV THE DEFINITIVE GUIDE FOR US MERCHANTS AND POS RESELLERS

Ignite Payment s Program on EMV

EMV and Educational Institutions:

EMV FAQ S FROM A MERCHANT S PERSPECTIVE

EMV Chip Cards. Table of Contents GENERAL BACKGROUND GENERAL FAQ FREQUENTLY ASKED QUESTIONS GENERAL BACKGROUND...1 GENERAL FAQ MERCHANT FAQ...

Is Your Organization Ready for the EMV Challenge?

EMV Implementation Guide

Agenda. What is EMV. Chip vs Mag Stripe. Benefits of EMV. Timeframes & Liability Shift. Costs. Things to consider. Questions

Merchant Considerations for U.S. Chip Migration. EMV Migration Forum/National Retail Federation September 2014

Merchant Considerations for U.S. Chip Migration. EMV Migration Forum/National Retail Federation September 2014

THE ADOPTION OF EMV TECHNOLOGY IN THE U.S. By Guy Berg Global Industry Sales Consultant Datacard Group

Introduction to EMV BEYOND PAYMENT

EMV Frequently Asked Questions for Merchants May, 2015

The Small Business Guide to Mastering EMV

MITIGATE THE RISK OF FRAUD AND COMPLIANCE COSTS with EMV mandates. An NCR white paper

Frequently Asked Questions for Merchants May, 2015

EMV Beyond October 1, Kristi Kuehn VP, Compliance Heartland

MAKE WAY FOR THE EMV CREDIT CARD. What You Need to Know for a Smarter POS Strategy.

EMV is coming. Here s how to stay ahead of the trend. Presented by CO-OP Financial Services

EMV: Strengthen Your Business Through Secure Payments

Frequently Asked Questions

Hot Topics in Payments Cornerstone CU League Small CU Committee July 9, 2014

EMV Terminology Guide

EMV Cards - Chipping Away at Fraud

EMV Adoption in the U.S.

EMV: Frequently Asked Questions for Merchants

Understanding the 2015 U.S. Fraud Liability Shifts

ATM Webinar Questions and Answers May, 2014

The Changing Landscape of Card Acceptance

EMV Just the Facts. Ozarks Association of Government Accountants

EMV: The Race Is On! September 24, 2013

Top 5 Facts Merchants Need To Know About EMV

Getting Out of PA-DSS Scope and Eliminating the High Cost of EMV: What you need to know

Why chip cards? HELP PREVENT FRAUD: HELP AVOID LIABILITY: ACCEPT MOBILE TAP & PAY TOO: DYNAMIC AUTHENTICATION: Contact us

Heartland Payment Systems

Crash Course: What are EMV and the EMV Liability Shift?

EMV: GET READY. Michelle Thornton, CO-OP Financial Services

EMV is coming. But it s ever changing.

Card Payment acceptance at Common Use positions at airports

It s Not Too Late for EMV What You Need To Do Now!

EMV Adoption. What does this mean to your ATMs?

Changing Consumer Purchasing Patterns

Frequently Asked Questions

EMV, PCI, Tokenization, Encryption What You Should Know for Presented by: The Bryan Cave Payments Team

E M V O V E R V I E W. July 2014

Secure Remote Payment Council (SRPc) White Paper Discussion: EMV Enhancements Post Implementation September 13, 2016

U.S. EMV Migration Update. A joint presentation from Citizens Commercial Banking and Worldpay

EMV Migration Updates and Next Steps

Effective Communication Practices for U.S. Chip Migration. Communication & Education Working Committee June 2014

CHIP CARDS. Banks are issuing payment cards embedded with security chips to help protect you against fraud at the register. What is a Chip Card?

The Future of Payment Security in Canada

EMV in the U.S. Liability shift; what does this mean for the U.S.?

EMV : One year later. Merchants take steps to adapt and address challenges in the year following the shift to EMV technology at the point of sale

EMV Migration. What You Need to Know about the Technology, the Security Protection it Provides, and When to Implement

North America Terminal Brochure Guide

October is Here: Are Issuers, Merchants & Consumers Ready for EMV?

Dates Visa MasterCard Discover American Express. Acquirers, subprocessors. support EMV. International ATM liability shift 2

EMV for Merchants and Merchant Acquirers: U.S. Migration Considerations. Smart Card Alliance Webinar October 6, 2011

EMV Basics and the market

Testing & Certification Terminology

U.S. Bank. U.S. Bank Chip Card FAQs for Program Administrators. In this guide you will fnd: Explaining Chip Card Technology (EMV)

Datacap s Guide to EMV in the US

Frequently Asked Questions

EMV and Apple Pay. The world of credit cards is on the move.

EMV & Fraud POS Fraud Mitigation Tips for Merchants First Data Corporation. All Rights Reserved.

Chargeback Best Practices. September 7, 2016

EMV: The Journey Begins October 1st

EMV Validation (on-behalf of) Service

EMV IN THE U.S. HOW FAR HAVE WE COME AND WHERE ARE WE GOING? Andy Brown

Semi-Integrated EMV Payment Solution

Credit and Debit Card Fraud

Finding the Best Route for EMV in the US

EMV: The Next Generation of Payments

Securing Our Future Growth Gord Jamieson Visa North America Risk Services. Visa Public

EMV A Chip Off the New Block

Target, the third largest retailer in the U.S., suffered a

Card Payments Roadmap in the United States: How Will EMV Impact the Future Payments Infrastructure?

Technology Developments in Card-Based Payments WACHA Payments 2013

STAR Network Overview

GoiNG SMARt U.S. implementation of SMARt PAyMENt cards on the horizon 10 SUMMER 2013 TEN

Let s Talk about EMV. getnationwide.com

VARTECH NATION. EMV Certification for IT Professionals

Version 7.4 & higher is Critical for all Customers Processing Credit Cards!

A Guide to. US EMV Migration

EMV WHAT DOES IT MEAN? HOW WILL IT AFFECT US? HOW DO WE SWITCH TO EMV?

Preparing your store for EMV

Visa Minimum U.S. Online Only Terminal Configuration

Visa s Future of Security Roadmap: Australia

The Evolution of Payment Specifications and Tokenization. Smart Card Alliance and EMVCo Webinar October 1, 2015

ILLINOIS COMMUNITY COLLEGE CFO CONFERENCE 2014

U.S. EMV Migration: What You Need to Know

Pinless Transaction Clarifications

Financial Services. EMV is on the way: are you prepared? Advisory

Tokenization April Tokenization. Gregory H. Soule, CPA, CISA, CISSP, CFE Senior Manager. Andrews Hooper Pavlik PLC

FOR A BARRIER-FREE PAYMENT PROCESSING SOLUTION

Cards on the table! Bernd Filsinger Payment Technology Services Lead Client Support Services, Europe region

EMV Implementation Guidance: Fallback Transactions

Securing Card Payments Challenges & Opportunities. Julie Hanson Senior Vice President, Card & Payment Products ICBA Bancard & TCM Bank, NA

Transcription:

A Merchant s Path to EMV Understanding Impacts To Your Business Georgia Fiscal Management Council June 23, 2015 EMV is a registered trademark in the U.S. and other countries, and an unregistered trademark elsewhere. EMV is a registered trademark owned by EMVCo LLC.

Disclosures This presentation is provided as a courtesy and is to be used for general information purposes only. Bank of America Merchant Services shall not be responsible for any inaccurate or incomplete information. The matters contained herein are subject to change. Individual circumstances may vary and procedures may be amended or supplemented as appropriate. This is not intended to be a complete listing of all applicable procedures. No information contained herein alters any existing contractual obligations between Bank of America Merchant Services and its clients. This presentation may not be copied, reproduced or distributed in any manner whatsoever without the express written consent of Bank of America Merchant Services. 2

Contents EMV Overview How Does EMV Work? EMV Implementation and Implications To Your Business Next Steps EMV is a registered trademark in the U.S. and other countries, and an unregistered trademark elsewhere. EMV is a registered trademark owned by EMVCo LLC. 3

EMV Overview 4

Data Breaches And Incidents Are Costly And On The Rise $150 BILLION Estimated annual losses to business from data and identity theft** $1.5 MILLION Average cost of post breach response activities * $5.4 MILLION Average cost of a data breach* $201 Average cost of a compromised record* Fines for PCI non-compliance examples: Visa (pre breach) $5K-$25K per month MasterCard (related to breach) $100K for each PCI violation Publicized breaches of personal information: 2011 2012 1,097 1,631 2013 $3 MILLION Estimated business loss 1390 per incident* *Source: Ponemon Institute s 2013 Annual Study: U.S. Cost of a Data Breach **Source: McAfee 2013 Study: The Economic Impact of Cybercrime and Cyber Espionage 5

Overall Security Strategy is Critical for an Organization Merchant Security Securing Consumer Data Reducing Fraud* Merchant Benefits Protects firm s reputation and image Remove Card Data from Merchant Environment TransArmor Enhanced Authentication EMV Merchant Benefits Reduction in Counterfeit Fraud Industry Benefits Less card data in market to be used for fraud PCI Requirements Logging and Monitoring, Network Access, etc. Fraud Mitigation Tools ecommerce Fraud Tools 3D Secure Industry Benefits Devalues stolen card data * Enhanced authentication and fraud products are being developed in the industry for mobile and ecommerce e.g., device ID, Payment Tokens, risk scores. 6

What is EMV? EMV = global interoperable standard for chip-based payment cards Created by Europay, MasterCard, Visa Now maintained by EMVCo, LLC, owned by American Express, JCB, MasterCard, Visa, Discover and China Union Pay EMV Chip EMV is a payment application that resides in a secure computer chip embedded into a payment device EMV supported in Card Present environments only EMV standards support existing and emerging payment technologies - Contact (insert), Contactless (tap), Mobile Phones, Watches, Key FOBs 7

Layered Approach to Security = Encryption + Tokenization + EMV Help protect data while it is in motion with encryption - Encrypts the data at the point it is captured and renders the card account number unreadable - Can only be unencrypted by the approved party with the decryption code who receives it Help protect data while it is at rest with tokenization - Replace cardholder data (account number) with a Token - Eliminates the storage of cardholder card account number and replaces with the Token EMV Chip Technology (Chip and PIN) - Help provides assurance that the credit card is authentic and not a cloned counterfeit - Merchants must have EMV-enabled equipment to accept EMV cards - October 2015 Liability Shift 8

What is an EMV Chip Card? Smarter Technology Computer Microchip: Computer chip securely stores the card data. Nearly impossible to counterfeit. Unique Cryptogram: The computer chip enables more secure processing and by producing a one-time use code for each transaction. Mobile Shopping: EMV technology will also enable a one-time use code for mobile transactions. Added Security Difficult to Counterfeit. Because EMV chip cards use cryptograms that are unique to each transaction, stolen chip card data cannot be used to create counterfeit cards. Less risk of Fraud. The added layers of security helps make debit and credit card data much less valuable. Zero Liability. With EMV chip cards, cardholders are still protected from fraudulent purchases. Used Worldwide Wide Adoption. There are approximately 2.37 billion EMV payment cards in circulation and 36.9 million EMV terminals active worldwide.* *Source: Chip-Based Payments Cards Continue Massive Growth With More Than 2.3 Billion Chip Cards Now in Circulation Globally; SmartMetric, Inc. February 20, 2015 9

Magnetic Stripe vs. EMV: Key Differences Magnetic Stripe Limited magnetic stripe data Easily counterfeited by criminals No microprocessor or memory Cards are written once and re-issuing of cards is common EMV Extensive data on chip Computer microchip Helps protects against face-to-face counterfeit fraud and lost stolen charge backs Issuer scripting - Block/Unblock card - PIN updates and resets - Offline transaction limits EMV Chip 10

Why EMV for Merchants? Helps reduce chargeback liability and associated oversight costs of fraudulent transactions Helps to enable you to speed up checkout lanes with contactless transactions, such as ApplePay Driver for mobile payments Dual-interface chips (contact and contactless) Lets consumers pay the way they want card, phone, insert, wave/tap Contactless may help drive loyalty and repeat business by pushing offers out to mobile phones and redeeming them through POS devices Helps to enable payments from international travelers using EMV payment cards Apple is a trademark of Apple Inc., registered in the U.S. and other countries. Apple Pay is a trademark of Apple Inc. 11

How EMV Helps Prevent Face to Face Counterfeit EMV payment chip cards improve security over magnetic stripe technology - Validates the card is legitimate, helping protect against counterfeit cards - Cardholder authentication that helps reduce fraud from lost and stolen cards - Authentication that can be Chip and PIN or Chip and Signature or none; determined by issuing bank EMV fraud prevention features Card authentication Cardholder Verification Method (CVM) Transaction authorization Functionality Helps protect against face-to-face counterfeit fraud Transactions require an authentic card that is validated either online or offline Helps combat lost and stolen card fraud, particularly with cardholder PIN Helps ensure that the person attempting to make the transaction is the person to whom the card belongs Options include Offline PIN, Online PIN, Signature or no CVM Combats counterfeit card fraud and fraudulent use of lost/stolen cards EMV transactions are authorized by the issuer based on security parameters they have established 12

EMV Around the World Europe is the leader in EMV adoption. The US is moving forward with EMV now. 70% of US credit cards and 41% of debit cards will be EMV enabled by the end of 2015* *Source EMVCo - http://www.emvco.com/documents/emvco_worldmap2.png 13

International Experience Lessons Learned Fraud expected to shift to retail merchants that do not support EMV 0% Decrease in Counterfeit Fraud* Global experience demonstrates adoption of chip technology can reduce fraud at POS but can drive higher card not present (CNP) fraud* -20% -40% -60% -80% -77% -54% -56% U.K. Canada Australia Merchants should leverage CNP fraud tools - Tokenization - 3D Secure (i.e. Verified by Visa, MasterCard Secure-Code ) - Fraud scoring tools, IP Geo-location, Device Fingerprinting 140% 120% 100% 80% 60% 40% 20% 0% 66% *AITE Report EMV: Lessons Learned and the U.S. Outlook June 2014 Increase in CNP Fraud* 133% 86% U.K. Canada Australia 14

How Does EMV Work? 15

How EMV Works The chip is protected by various security features to help make it tamper-resistant The security credentials help prevent card cloning -- chip card-based payment account information cannot be skimmed if the chip card is properly used The computer chip helps enable more secure processing by producing a one-time use code for each transaction Contact Transaction Insert Card Instead of swiping, card is inserted in terminal Leave Card In Card stays in terminal for duration of transaction Sign Receipt or Enter PIN Sign receipt or enter PIN to complete transaction Remove Card Remove Card when the purchase is complete Contactless Transaction Tap Card Instead of swiping, card is tapped on terminal Sign Receipt or Enter PIN Sign receipt or enter PIN to complete transaction 16

EMV Process Flow 17

Cardholder Verification Methods (CVM) Used to help evaluate whether the person presenting the card is the legitimate cardholder Primarily to help protect against fraud using lost or stolen cards Options Available - Online PIN - Offline PIN - Signature - No CVM The payment acceptance device uses a CVM List from the card to determine the type of verification able to be performed 18

EMV Implementation And Implications For Your Business 19

EMV Key Dates 10/12 10/13 04/13 10/13 10/15 10/15 10/15 10/17 10/17 PCI audit relief took effect Acquirers and sub-processor mandate to fully process EMV transactions Account Data Compromise (ADC) Fee Relief Counterfeit fraud liability shift takes effect (excluding petro) Lost/stolen fraud liability shift takes effect (excluding petro) Counterfeit fraud liability shift takes effect (petro) Lost stolen fraud Liability shift takes effect (petro) Y Y N Y N Y N Y Y Y¹ Y Y Y Y Y Y N Y Y Y Y Y Y N Y Y Y Y ¹ MasterCard has stated that it will provide a 50% ADC relief in 2013 and 100% ADC relief pending certain % of terminals support EMV Clients that do not support EMV by Oct 1, 2015 will be liable for fraud transactions and transactions using lost and stolen cards. 20

Implications For Your Business - Liability Shifts Clients that do not support EMV may be liable for potential counterfeit and transactions using lost or stolen cards as of Oct 1, 2015 Visa Oct 1, 2015 MasterCard Oct 1, 2015 Liability will fall on the entity that has not upgraded to chip, whether it s the issuer or the retailer If both have chip, then the issuer will be responsible, in most cases If the issuer has upgraded and the retailer has not, the retailer will bear the liability costs Liability shifts to merchants who have not upgraded their POS terminals to process EMV card transactions and fraud occurs. Whichever party (issuer or merchant) offers the least secure cardholder verification method (CVM) will be held liable for a fraudulent transaction in most cases Mag-stripe card is least secure Chip-and-PIN is most secure Discover Oct 1, 2015 American Express Oct 1, 2015 Fraud Liability Shift for Discover Network (in the U.S., Canada and Mexico) and PULSE (in the U.S.) Policy will be a risk-based payments hierarchy that benefits the entity that leverages the highest level of available payments security Fraud Liability Shift (FLS) policy that will transfer liability for certain types of fraudulent transactions away from the party that has the most secure form of EMV technology Implementation 21

EMV Chip Cards are Being Issued U.S. credit and debit card issuers who are issuing or announced plans to issue EMV payment cards include * : American Express Andrews Federal Credit Union Bank of America Chase JPMorgan Palladium Card JP Morgan Select Visa Signature Card Chase Hyatt Visa Signature Credit Card Chase British Airways Visa Signature Credit Card Citi Citi Commercial Cards Citi ExecutiveSM / AAdvantage Card Fifth Third Bank Jack Henry & Associates Payment Processing Solutions PSCU Financial Services Silicon Valley Bank Star One Credit Union State Employees Credit Union Travelex Cash Passport United Nations Federal Credit Union U.S. Bank Wells Fargo In 2015, about 578 million chip are expected to be delivered in the US.** * EMV Connection, A Smart Card Alliance Site, http://www.emv-connection.com/u-s-emv-issuers/ **Digital Transactions, http://digitaltransactions.net/news/story/5095 22

Merchant considerations when implementing EMV Implementing EMV in a merchant s environment can be challenging: Terminal hardware and software upgrades - Understand what hardware options will be available Speak to third-party POS software providers to understand their strategy to become EMV compliant - Be prepared to potentially upgrade to a new POS software solution Understand the differences between a full EMV certification vs. UAT project - Be prepared for a lengthy and complex EMV certification - Identify potential re-certification events (i.e. kernel expirations) Understand the potential fraud liability impacts with not supporting EMV EMV projects can be costly understand all costs Take advantage of new product opportunities (i.e. TransArmor, Dynamic Currency Conversion) Incorporate EMV as a part of your next generation POS solution The majority of merchants in the U.S. will support a certified EMV solution as opposed to performing a full EMV certification. Reasons are due to cost, complexity and on-going support requirements.* *Based upon Bank of America Merchant Services experience with merchant clients using semiintegrated vs. EMV certification process. 23

Types of POS systems that merchants will use to support EMV 1) Standalone terminals Standalone terminals include First Data Series terminals No EMV certification is required First Data Series terminals are deployed as plug and play Simplest of all EMV implementations 2) Vendor certification 3 rd party vendor certified by First Data for EMV Testing not required Limited to the features and functionality supported by 3 rd party provider Client typically able to implement within a few months 3) Full EMV Certification Client / vendor required to perform a full EMV certification and code to First Data message specifications Requires utilization of CertPro Solution Typically utilized by merchants that have very complex POS systems The most complex of all EMV implementations 24

Consumer Education and Customer Support Help employees learn to think chip cards, mobile phones, contact, and contactless: Chip cards vs. current magnetic stripe Changes to transaction handling How to answer consumer questions about EMV Consider consumer-facing educational materials Promote EMV payments accepted here Reminder to leave card inside reader during the entire transaction Prompt to take card out of reader when transaction is complete 25

Next Steps 26

Action Items for Georgia Fiscal Management Council Review your terminals and POS Systems for EMV capability and EMV enabled status Review your policy for fraud exposure and determine liability shift adoption Schedule time to review equipment with your Merchant partner for upgrade options or replacement needs Review POS Systems with the Vendor for their strategy to upgrade to EMV 27

If you have questions about EMV, contact Michelle Whalen; michelle.whalen@bankofamericamer chant.com; 941 896 8881. 2015 Banc of America Merchant Services, LLC. All rights reserved. All trademarks, service marks and trade names referenced in this material are the property of and licensed by their respective owners. Merchant Services are provided by Bank of America, N.A. and its representative Banc of America Merchant Services, LLC. Banc of America Merchant Services, LLC is not a bank, does not offer bank deposits, and its services are not guaranteed or insured by the FDIC or any other governmental agency. 28

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback