99810007-2.02 MagnePrint Risk Management
2
Single Swipe Dramatic Reduction of Card Present Fraud: MagnePrint Risk Management Detail of MagnePrint Flow When strong encryption and secure tokenization are used in conjunction with dynamic card authentication, it provides a solution that can protect cardholder data while at rest or in transit and exceeds PCI DSS requirements. It further secures payment systems with real-time information to prevent, detect and alert to the presence of fraudulent transactions and rogue devices. Clear text card data (unencrypted) Transactional MagnePrint 3DES/DUKPT Encrypted Card Data MagnePrint Score Topology Key (SCRA) Secure Card Reader Authenticator reads ISO/AAMVA encoded surface layer data, reads the magnetic particulate layer below, encrypts the data within the tamper resistant authentication sensor and transmits the encrypted cardholder data along with the stripe’s dynamic digital identifiers (DI) for card and cardholder data authentication during the transaction authorization process. ONLY MagneSafe secured devices fit this description. Magensa Page 2 0. Card data “in-the-clear” encoded, printed & embossed on card. MagnePrint already present. POS Host Magensa Store Controller The card data is protected immediately with 3DES/ DUKPT encryption at the point of swipe.Transaction MagnePrint generated and embedded in ISO 8583 message with necessary transaction details. Card swiped in SCRA at POS and sent to the Store Controller 1. Data is protected at POS, branch network, store controller, and external communica- tions via encryption & session IDs Magensa decrypts card data 2. Magensa scores the Transaction MagnePrint against the Reference MagnePrint 3. Magensa returns the score to the Host 4. Host perfoms risk assessment and management 5. Host determines if score is high enough 6. If NO: Automated “Fraud Alerts” can be sent to the POS No If YES: transaction details are sent to the processor Yes Processor sends transaction details out for authorization 7. ;522145368 John Public Card Data Transaction MagnePrint Standard ISO 8583 Message Shared and Accessible Fraud Information Database Brand Processor Gateway MagnePrint Reference Capture Reference MagnePrint Transaction MangePrint 0101001 0101001 MagneScore HOST When strong encryption and secure tokenization are used in conjunction with dynamic card authentication, it provides a solution that can protect cardholder data while at rest or in transit and exceeds PCI DSS requirements. It further secures payment systems with real-time information to prevent, detect and alert to the presence of fraudulent transactions and rogue devices. Clear text card data (unencrypted) Transactional MagnePrint Tokenized and/or Masked Data 3DES/DUKPT Encrypted Card Data Transaction details MagnePrint Score Topology Key (SCRA) Secure Card Reader Authenticator reads ISO/AAMVA encoded surface layer data, reads the magnetic particulate layer below, encrypts the data within the tamper resistant authentication sensor and transmits the encrypted cardholder data along with the stripe’s dynamic digital identifiers (DI) for card and cardholder data authentication during the transaction authorization process. ONLY MagneSafe secured devices fit this description. Dramatic Reduction of Card Present Fraud: MagnePrint Risk Management MagnePrint® in the Payment Flow Magensa Page 3 0. Card data “in-the-clear” encoded, printed & embossed on card. MagnePrint already present. POS Host Magensa Store Controller Processor Issuer Brand The card data is protected immediately with 3DES/ DUKPT encryption at the point of swipe.Transaction MagnePrint generated and embedded in ISO 8583 message with necessary transaction details. Card swiped in SCRA at POS and sent to the Store Controller 1. Data is protected at POS, branch network, store controller, and external communica- tions via encryption & session IDs Magensa decrypts card data 2. Magensa scores the Transaction MagnePrint against the Reference MagnePrint 3. Magensa returns the score to the Host 4. Host perfoms risk assessment and management 5. Host determines if score is high enough 6. If NO: Automated “Fraud Alerts” can be sent to the POS No If YES: transaction details are sent to the processor Yes Processor sends transaction details out for authorization 7. Processor sends details to Host 8. Host forwards details onto Store Controller 9. Transaction is completed 10. ;522145368 John Public $104.23 Card Data Transaction MagnePrint Transaction Details Standard ISO 8583 Message Single Swipe ATM•Card Personalization & Issuance•Teller Window •POS•Remote Deposit Capture•Mobile• Internet Banking•Law Enforcement Alcohol, Tobacco & Firearms•Dept of Motor Vehicles •Election•Legislative Regulations•Social Security •Remote Access•Law Enforcement POS•Store Controller•Merchant Host•Processor Gateway•Acquirer•Brand Switch•Issuer•Law Enforcement Content & Delivery•Facilities Access Control•Forms Management•IP Property•New Hire ID•User Identity •Remote Access•Law Enforcement Shared and accessible fraud information database, cross-industry collective data MANAGEMENT & AUTHENTICATION OF: Cards, Keys, Users, Hosts, Tokens, Devices. Exceeds FFIEC recommendations and PCI DSS compliance. Financial Government Enterprise Retail Global MagnePrint® Exchange eCommerce •Banking and financial institutions•eProcurement •Cloud-based services•Gaming•Marketplace services •mCommerce•Merchants•Pharmacy and Healthcare •Service providers•Social Networks/Dating•Law Enforcement Reference MagnePrint Transaction MangePrint 0101001 0101001 MagneScore HOST simply stops fraud simply stops fraud
Transcript of 99810007-2.02 MagnePrint Risk Management
Single Swipe
Dramatic Reduction of Card Present Fraud: MagnePrint Risk ManagementDetail of MagnePrint Flow
When strong encryption and secure tokenization are used in conjunction with dynamic card authentication, it provides a solution that can protect cardholder data while at rest or in transit and exceeds PCI DSS requirements. It further secures payment systems with real-time information to prevent, detect and alert to the presence of fraudulent transactions and rogue devices.
Clear text card data (unencrypted)
Transactional MagnePrint
3DES/DUKPT Encrypted Card Data
MagnePrint Score
Topology Key
(SCRA) Secure Card Reader Authenticator reads ISO/AAMVA encoded surface layer data, reads the magnetic particulate layer below, encrypts the data within the tamper resistant authentication sensor and transmits the encrypted cardholder data along with the stripe’sdynamic digital identifiers (DI) for card and cardholder data authentication during the transaction authorization process. ONLY MagneSafe secured devices fit this description.
Magensa Page 2
0.Card data “in-the-clear” encoded,printed & embossed on card.MagnePrint already present.
POS Host MagensaStore Controller
The card data is protected immediately with 3DES/ DUKPT encryption at the point of swipe.Transaction MagnePrint generated and embedded in ISO 8583 message with necessary transaction details.
Card swiped in SCRA at POS and sent to the Store Controller1.
Data is protected at POS, branch network, store controller, and external communica-tions via encryption & session IDs
Magensa decrypts card data
2.
Magensa scores the Transaction MagnePrint against the Reference MagnePrint
3.
Magensa returns the score to the Host
4.Host perfoms riskassessment and management5.
Host determines if score is high enough
6.
If NO: Automated “Fraud Alerts” can be sent to the POSNo
If YES: transaction details are sent to the processorYes
Processor sends transactiondetails out for authorization
7.
;522145368John Public
Card Data
Transaction MagnePrint Standard ISO 8583 Message
Shared and Accessible Fraud Information Database
Brand ProcessorGateway
MagnePrint Reference Capture
Reference MagnePrint
Transaction MangePrint
0101001
0101001
MagneScoreHOST
When strong encryption and secure tokenization are used in conjunction with dynamic card authentication, it provides a solution that can protect cardholder data while at rest or in transit and exceeds PCI DSS requirements. It further secures payment systems with real-time information to prevent, detect and alert to the presence of fraudulent transactions and rogue devices.
Clear text card data (unencrypted)
Transactional MagnePrint
Tokenized and/or Masked Data
3DES/DUKPT Encrypted Card Data
Transaction details
MagnePrint Score
Topology Key
(SCRA) Secure Card Reader Authenticator reads ISO/AAMVA encoded surface layer data, reads the magnetic particulate layer below, encrypts the data within the tamper resistant authentication sensor and transmits the encrypted cardholder data along with the stripe’sdynamic digital identifiers (DI) for card and cardholder data authentication during the transaction authorization process. ONLY MagneSafe secured devices fit this description.
Dramatic Reduction of Card Present Fraud: MagnePrint Risk ManagementMagnePrint® in the Payment Flow
Magensa Page 3
0.Card data “in-the-clear” encoded,printed & embossed on card.MagnePrint already present.
POS Host MagensaStore Controller
Processor IssuerBrand
The card data is protected immediately with 3DES/ DUKPT encryption at the point of swipe.Transaction MagnePrint generated and embedded in ISO 8583 message with necessary transaction details.
Card swiped in SCRA at POS and sent to the Store Controller1.
Data is protected at POS, branch network, store controller, and external communica-tions via encryption & session IDs
Magensa decrypts card data
2.
Magensa scores the Transaction MagnePrint against the Reference MagnePrint
3.
Magensa returns the score to the Host
4.Host perfoms riskassessment and management5.
Host determines if score is high enough
6.
If NO: Automated “Fraud Alerts” can be sent to the POSNo
If YES: transaction details are sent to the processorYes
Processor sends transactiondetails out for authorization
7.
Processor sendsdetails to Host
8.
Host forwards details onto Store Controller
9.
Transaction is completed
10.
;522145368John Public
$104.23
Card Data
Transaction MagnePrint
TransactionDetails
Standard ISO 8583 Message
Single Swipe
ATM•Card Personalization & Issuance•Teller Window •POS•Remote Deposit Capture•Mobile•Internet Banking•Law Enforcement
Alcohol, Tobacco & Firearms•Dept of Motor Vehicles •Election•Legislative Regulations•Social Security•Remote Access•Law Enforcement
POS•Store Controller•Merchant Host•Processor Gateway•Acquirer•Brand Switch•Issuer•Law Enforcement
Content & Delivery•Facilities Access Control•Forms Management•IP Property•New Hire ID•User Identity •Remote Access•Law Enforcement
Shared and accessible fraud information database, cross-industry collective dataMANAGEMENT & AUTHENTICATION OF: Cards, Keys, Users, Hosts, Tokens, Devices.Exceeds FFIEC recommendations and PCI DSS compliance.
Financial
Government
Enterprise
Retail
Global MagnePrint® Exchange
eCommerce•Banking and financial institutions•eProcurement •Cloud-based services•Gaming•Marketplace services•mCommerce•Merchants•Pharmacy and Healthcare•Service providers•Social Networks/Dating•Law Enforcement
Reference MagnePrint
Transaction MangePrint
0101001
0101001
MagneScoreHOST
simply stops fraud
simply stops fraud
Magensa™ is a fraud prevention, detection and advisory service. It
maintains a globally accessible registry of authentication information
so that consumers, financial institutions, retailers, businesses and
governments can assess the validity and trustworthiness of the
credentials and products they rely upon in the course of online
identification, payment, and other important transactions.
Additionally, Magensa provides token management and cryptographic
services, vital to the protection of cardholder data, the payment
system, and personal or sensitive information. Magensa is a
subsidiary of MagTek, Inc.
Magensa I 1710 Apollo Court, Seal Beach, CA 90740 I 562-546-6500 I [email protected]
© Copyright 2012 Magensa All rights reserved. PN 99810007 Rev 2.02 2/12
Dramatic Reduction of Card Present FraudMagnePrint® Risk Management
How Do Magensa and MagnePrint Work?
Capture the Reference MagnePrint MagTek makes readers that recover the encoded track data and the MagnePrint simultaneously. The MagnePrint is converted to a 54 byte digital string. When the card is first issued or first used, the Processor or Card Issuer stores the digitized original MagnePrint at Magensa. This is information is designated as the Reference MagnePrint.
Encrypt the Card Data and Capture the Transaction MagnePrintMagTek makes a variety of readers suitable for use in ATMs, gas pumps, PDAs, kiosks,PCs, vending machines, MACs, cell phones, ECRs and POS terminals. When a card isread, the encoded card data, the MagnePrint and the usual transaction details are3DES/DUKPT encrypted and sent to the Card Issuer for verification. The MagnePrintobtained at this time is designated the Transaction MagnePrint.
Verify the Transaction MagnePrintTransaction MagnePrints have a remarkable and valuable feature. They change stochastically – that is they change dynamically, but in ways that can’t be predicted with any certainty. The change is a matter of probability, built in by the imperfection of nature. The odds of obtaining two identical 54 byte Transaction MagnePrints from a single card are about 1 in 100 million. A Transaction MagnePrint identical to one previously used will be rejected. This inherent variability of Transaction MagnePrints provides an algorithmically verifiable, unique transaction number for every card swipe.
Score the Transaction MagnePrint against the Reference MagnePrintMagensa receives a Transaction MagnePrint, compares it to the Reference MagnePrintand calculates a score based on the correlation between the two. A high score indicatesa legitimate card. A low score points to a counterfeit card. The Card Issuer sets theminimum passing score and uses the MagnePrint Score as part of the transactionaccept/decline criteria. MagnePrint scoring is a fast “real-time” process. Typical scoringtimes are 10 milliseconds or less.
$
3DES/DUKPTEncryptedCard Data
Transaction MagnePrint
; 52 2145368JOHN DOE
$ 104.23
To host
Transaction Details
54 bytetransaction MagnePrint
Same card swiped3 times on thesame reader
1 0 1 0 1 1 1
1 1 0 0 1 0 1
0 1 0 1 0 0 1
1st swipePrevious use:
2nd swipePrevious use:
3rd swipePrevious use:
HO
ST
Yes No
Yes No
Yes No
Tran
sact
ion
Mag
nePr
int
Host
Score
Transaction MagnePrint
Reference MagnePrint
0 1 0 1 0 0 1
0.978
0 1 0 1 0 0 1
MagneScore
Card Data
Single sw ipe
Reference MagnePrint
Initial issue or rst use of card
When a card-present transaction is submitted, the MagnePrint of the card read at thetransaction point is transmitted along with the encrypted card data. At Magensa,the MagnePrint risk management tool compares the ‘transaction MagnePrint value’ to a‘reference MagnePrint value’ already present in the authorization database. Thesereference values are currently submitted by Processors, but ideally they will also comefrom Issuers or any other party above that has access to Magensa.
Access to MagensaMagnePrint Reference Data
Magensa Page 4
Dramatic Reduction of Card Present FraudMagnePrint Risk Management
simply stops fraud
simply stops fraud
