www.westernstatesacquirers.com

Download Report

Transcript www.westernstatesacquirers.com 

EMV: The Future is Now
EMV: The Future is Now
Moderator:
Jason Putnam
Vice President of Sales, First American Payment Systems
Panelists:
Patty Walters
Senior Vice President of Merchant Products and Security, Vantiv
Greg Boardman
Senior Vice President of Product and Development, Ingenico
John Badovinac
Senior Manger US Acquirer Relations, Discover Financial Services
2
EMV: The Future is Now
Session Objectives
EMV  What is it?
 Why does it matter?
 How does it impact me?
 What opportunities does it create?
 What should I be doing right now?
 Who can help?
3
EMV – What is it?
 Global standard for chip card technology
 Developed by Europay, MasterCard and
Visa in 1993
 Typically a chip inset within a plastic card
 Chip stores cardholder and application
data more securely
 EMV provides protection against card
reproduction fraud
 EMV can be contact or contactless
4
EMV – Why does it matter?
EMV Reduces Fraud

Cards include microprocessor chip that stores info securely and performs
cryptographic processing during transaction a payment transaction

Even if fraudsters are able to steal account data from chip transactions, this data
cannot be used to create a fraudulent transaction in an EMV or magnetic stripe
environment, since every EMV transaction carries dynamic data

Can address card-not-present fraud if cardholders use their EMV cards and
individual readers to authenticate Internet transactions

What are the Specifics?
 Card authentication protects against counterfeit fraud
 Cardholder verification protects against lost and stolen fraud
 Issuer and Acquirer defines rules used to authorize transactions
5
EMV – Why does it matter?
EMV Reduces Fraud
Offline Card
Authentication
Static Data
Authentication
(SDA)
Online Card
Authentication
Cryptogram
Validation
(ARQC)
Supported
CVM’s
Authorization
Rules
Online PIN
Online
Dynamic Data
Authentication
(DDA)
Offline PIN
Offline
Combined Data
Authentication
(CDA)
Signature
• BOTH CARD & TERMINAL capabilities impact
authorization, authentication & CVM’s used for any given
transaction
• Offline data authentication may still happen even though a
transaction is ultimately sent online for approval
No cardholder
verification method
(CVM)
6
EMV – Why does it matter?
EMV Reduces Fraud
2008 – 2010, Canada noticed
increased peaks of fraud due to
holiday season
In 2011, there was no spike in
fraud due to holiday season
As EMV penetration at POS
increased, counterfeit as well as
other types of fraud decreased
7
EMV – Why does it matter?
EMV Provides Global Interoperability
73.9% of cards
89.0% of terminals
12.7% of cards
65.4% of terminals
31.2% of cards
27.0% of cards
76.5% of terminals
43.0% of terminals
17.6% of cards
60.7% of terminals
EMV Global Penetration
Canada, Latin America, and
the Carribean
Europe Zone 1
Asia Pacific
Europe Zone 2
Africa and the Middle East
United States
* Figures reported as of Q1, 2011 and represent the latest statistics from American Express, JCB, MasterCard, and Visa, as reported by their member financial institutions globally.
Figures do not include data from the United States
8
EMV – How does it impact me?
To implement EMV we need to:
 Build EMV Processing infrastructure
 Establish merchant acceptance for EMV
 Encourage issuance of EMV cards
Payment networks have facilitated this by issuing
compliance guidelines in their annual release:
 Setting standards/timelines for processing capability
 Promoting acceptance
 Promoting issuance
Liability Shift
9
EMV – How does it impact me?
Dates
VISA
Oct 2012
• Technology Innovation
Program (TIP) Annual PCI DSS
audit relief
• 75% Visa transactions must
originate from EMV-chip
terminals
• Terminals must support
both contact and contactless
including NFC
April 2013
•Acquirers and subprocessors must support
EMV (Mandate)
Oct 2013
Oct 2015
•US Liability Shift1
Oct 2016
Oct 2017
•Automated Fuel Dispenser
(AFD) Liability Shift1
MasterCard
Discover
American Express
•Acquirers / sub-processors
must support EMV
•Maestro ATM liability shift1
•Acquirers, sub-processors,
direct connect merchants
support EMV elements
•Acquirers and sub-processors
must support EMV , including
mobile (Mandate)
•Merchant Account Data
Compromise(ADC) relief
(Phase I)
•TBA
• PCI DSS relief
•75% of transactions occur on
Amex EMV chip-based contact
and contactless devices
•US Liability Shift2
•Merchant ADC Relief
(Phase II)
•TBA
•US Liability Shift
• US liability shift for ATM
transactions
•TBA
•AFD Liability Shift2
•TBA
•AFD Liability Shift
1 Liability
2
for counterfeit transaction shifts to terminal owners if they don’t accept EMV
Liability for counterfeit transaction shifts to party who has least-secure support
10
EMV – How does it impact me?
EMV How it Works
 An EMV card is inserted into a terminal
 The chip embedded in the card contains encrypted data,
this is accessed by the reader in the terminal
 Using data from the card, the terminal creates and sends
a unique code, or “cryptogram” to the processor’s host
during the transaction, validating the card
 The card is removed when the transaction is completed
11
EMV – How does it impact me?
EMV How it Works
The Authentication Process
12
EMV – How does it impact me?
EMV How it Works
 An EMV chip can be on a “contactless” card where the
chip is “tapped” or “held” near the terminal …..or…..
 A chip can be inside your smart phone and the phone is
“waived” near the terminal…
 Mobile wallets (eWallets) are rapidly growing in number,
which multiplies the opportunity for incremental sales for
merchants and new revenue options for ISOs
Remember that the incentives from the card brand associations are predicated on accepting both contact
and contactless EMV as well as NFC
13
EMV – How does it impact me?
EMV Implementation Impacts
Terminals
 Install EMV security
data in terminal and
upgrade to process
EMV transactions
Acquirer
Network
 Modify the Terminal-  Provide user guides
and technical
to-Acquirer interface
specifications
to support EMV
 Update policies,
 Add EMV data
procedures, and
elements to
operating regulations
authorization and
to incorporate EMV
clearing messages
 Facilitate the testing
 Review disputes
and certification of
processes to support
network partners to
EMV
ensure they can
properly support EMV
Issuer
 Support EMV data
elements in
authorization
messages
 Define how chip
cards will work
 Enhance risk
management
systems
 Determine the card
migration strategy
 Update customer
support and
operational systems
Card Production
 Obtain and store
required security
data
 Enhance data
preparation and card
personalization
 Achieve certification
14
EMV - What new opportunities does it create?
 An EMV chip can make decisions and do calculations
 An EMV chip can operate ‘offline’ and speed transactions
for transit, sporting events, concerts, etc.
 An EMV chip can provide access control credentials for
identification and campus access
 EMV is enabling new payment technologies that will
accelerate the development of mobile payment solutions
15
EMV - What should I be doing right now?
16
16
EMV - What should I be doing right now?
 Designate an in-house EMV expert / program owner (critical for large merchants / ISO / Processor)
 Ensure POS providers / VARS aligned with EMV (including plan and roadmap)
 Ensure POS that I own or will soon own supports all payment types
 Remember: Contact, Contactless / NFC, and magstripe
 My NFC support includes mobile wallet (of my choosing)
 The device bears all the necessary approvals (Lvl1, Lvl2, C’less approvals, PCI PTS)
 Remember that V1 expires in 2014!
 Ensure the ability to remotely manage (some peripherals may not accommodate this)…
 Ensure EMV migration dates coincide with the Payment Network’s key dates for compliance
 Ensure POS provider can assist in the migration process
 Ensure processor / acquirer is available for the migration and planning
 I have received my end to end certification process from them (if applicable)
 I have all the test tools I need (cards, etc.)
 Develop a training program for my personnel
 To understand the new payment types
 To understand the changes in consumer behavior at the POS
 To dispel myths
17
EMV - What should I be doing right now?
Retail Infrastructure Use Cases
Small
 Typically tier 4
 Simple structure
 Small EMV footprint
 Easy conversion
 Single – several store
 Storefront
Mid-sized
 Typically tier 3
 Small structure
 Light EMV footprint
 Small conversion
 Regional chains
 Storefront
 E-commerce
Large
 Tier 2 level merchant
 Large structure
 Large EMV footprint
 Challenging conversion
 Regional – nat. chains
 Storefront
 E-commerce
 MOTO
 Field Services
Super
 Tier 1 level merchant
 Complex Structure
 Huge EMV footprint
 Integrated POS
 Difficult conversion
 National chains
 Storefront
 E-commerce
 MOTO
 Field Services
 Multiple brands
18
EMV - What should I be doing right now?
Retail Infrastructure Use Cases
19
EMV - What should I be doing right now?
Merchant Impact Chart
Setup
POST
Register
Controller
Switch
End to End Cert
Processor
Impact
HW
SW
HW
SW
SW
SW
SW
Countertop POST
Replace w/new POST


-
-
-
-
-

Low
Countertop POST
Add all-in-one PINpad


-
-
-
-


High
Mobile POST
Replace w/new POST


-
-
-
-
-

Low
POS w/mag wedge
Replace w/CT POST


-
-
-
-
-

Low
POS w/mag wedge
Replace w/PINpad


-

-
-


Medium
Integrated PINpad
Replace w/new PINpad


-





High
Integrated wedge
Replace w/PINpad


-





High
Smart phone integrated
Replace w/EMV dongle


-





High
Smart phone stand alone
Replace w/EMV dongle


-
-
-
-
-

Low
20
EMV – Who can help?
Main page:
http://www.smartcardalliance.org/
EMV Migration:
http://www.emv-connection.com/
CSCIP Certification Program:
http://www.smartcardalliance.org/pages/activities-leap-about/
Roadmap whitepaper:
http://www.smartcardalliance.org/resources/pdf/Payments_Road
map_in_the_US_091512.pdf
21
EMV – Who can help?
Main page:
http://www.merchantadvisorygroup.org/
22
EMV – Who can help?
Main page:
http://www.emvco.com/
Best Practices:
http://www.emvco.com/best_practices.aspx
Guide to EMV:
http://www.emvco.com/best_practices.aspx?id=217
White Papers:
http://www.emvco.com/best_practices.aspx?id=33
23
EMV – Who can help?
Blogs:
http://blog.visa.com/tag/emv/
Press:
http://corporate.visa.com/newsroom/press-releases/press1142.jsp
http://discovernetworknews.com/stories/discover-implements-emvmandate-for-u-s-canada-and-mexico/
http://newsroom.mastercard.com/press-releases/mastercard-extends-u-semv-migration-roadmap-to-atm-channel/
Portals:
http://www.mastercard.us/mchip-emv.html
24
EMV – Who can help?
Solutions Providers
White papers:
http://pymnts.com/assets/Shared/Gemalto-EMV-Whitepaper.pdf
FAQ:
http://ingenico.us/solutions/emv-payments/
Press:
http://pymnts.com/briefing-room/security-and-risk/EMV/Ingenicos-Denis-Predicts-the-Future-of-EMV-in-North-America
Portals:
http://ingenico.us/solutions/emv-payments/
Blogs:
http://blog.verifone.com/uncategorized/a-four-step-guide-to-emv-formerchants-part-iii/
 Consultation  Training  Enablement  Advocacy  Presence
25
EMV - What should I be doing right now?
Start Planning Today!
1099
Days remaining to October,
2015 liability shift
26
EMV: The Future is Now
Q&A