EMV and Apple Pay - Utah's Credit Unions and...EMV • Europay, Mastercard, and VISA • Provides...
Transcript of EMV and Apple Pay - Utah's Credit Unions and...EMV • Europay, Mastercard, and VISA • Provides...
EMV and Apple PayThe world of credit cards is on the move.
Today we will talk about
• The basics of EMV and Apple Pay.
• There are a lot of details we could get lost in.
• This is a high-level overview.
• We’ll break between topics so you can share your thoughts on them.
EMV• Europay, Mastercard, and VISA
• Provides increased security via a special chip on the card.
• Addresses fraud for card-present transactions.
• EMV cards make payment in one of two ways: contactless, contact
• Cards can be either/or, or both.
• POS terminals must support EMV for it to work
Resistance is futile/useless• Eventually all cards will go to EMV
• There’s a liability shift in October 2015
• If you don’t have EMV cards by October 2015, and the merchants do, the liability for fraud is with you. If you do, and merchants do, the liability is with you.
• The only time you’re not liable is if you have EMV cards, and the merchants don’t.
Merchant has EMV POS terminals
Merchant doesn’t have EMV POS
terminals
You don’t have EMV cards You You
You have EMV cards You Merchant
Who is liable for fraud after October?
So why worry about it?
• It’s going there. All cards will probably be there eventually.
• If you are not on EMV, and most others are, it’s very possible that fraud would have happened on other cards will shift to your cards.
• That is, you may be targeted more because your cards are not as secure.
Roll-out timeframes
• Probably 9-12 months
• Could be longer now if there is a line
• If you haven’t already started, you’re probably too late to hit the liability shift deadline, but again, that may not be too critical
Considerations for EMV
• Contact vs. contactless vs. dual-interface cards
• Payment applications (software on the chip that runs authentication)
• Cardholder verification methods (signature, none, online/offline PIN)
• Timing (when to do it)
• Reissuing cycles
Processing considerations• Authorization systems
• Card files for personalization managers
• Systems that manager cardholder information
• Reporting services
• Changes to authorization and clearing systems
• Changes to rules logic for authorizations and fraud scoring
• Online card authentication
• EMV data preparation and key management
• Changes to issuer’s card management system
• Updated reporting
Card fulfillment considerations• A chip with one or more payment applications must be embedded
into the card.
• Cards must still have mag stripe.
• Chip type: dual interface or contact-only
• Chip operating system
• Chip memory size
Back office support considerations
• Customer service
• Fraud management: fraud may shift to non-EMV transactions
• Dispute resolution processes
• Customer and employee education
Card re-issuance
• All at once: quite expensive; may be better for smaller portfolios; may place burden on customer service channels because of a lot of questions from members at once
• Replace cards on normal replacement cycle
• Hybrid: re-issue some off-cycle (high spenders, affluent cardholders, frequent travelers), and the rest on-cycle
You have lots of options
• More complex cards will cost more
• Your processor and other vendors will actually do a lot of the work, and will help you through the process.
• If you process in-house, you’ll be doing a lot of the work
• I am unsure if there are core system considerations. Anyone out there know the answer to that question?
Great resources from CSCU
http://cscu.net/TabbedContent.aspx?CategoryID=294
Discuss your thoughts on:
• Have you started the process already? How has the experience been?
• How much is/will this costing you?
• How are/will you issuing the cards?
• Are you in favor of spending the extra for contactless?
Apple Pay• A means whereby consumers
use their phones to pay at POS terminals.
• Already the most prevalent mobile payment solution. Introduced in September.
• Utilizes a little something called “tokenization”
Tokenization
• Merchants never see credit card numbers.
• In Apple Pay, tokens are phone-specific.
• Compromised tokens don’t mean card re-issuance. The token is simply deactivated.
• VISA provides you with a portal where you manage tokens.
Issuing tokens• Cardholder requests token with Apple
• Apple sends the request to VISA, which checks it against a BIN range, and sends the token back to Apple
• If something doesn’t pass inspection, the member is in “yellow path” authentication
• They must contact the issuer to clear up the problem
• This “yellow path” has been a source of fraud
How to enroll
• Talk with your issuer processor
• Currently requires a 3-year contract
• 95% of your cards must be eligible for Apple Pay
• 8-10 week implementation timeframe
Process to implement• Verify processor readiness
• Sign Apple agreement
• Agree to Visa/MasterCard/network fees
• Agree to processor fees
• Open implementation project with processor
• Define parameters for setup
• Gather card art and logo images
• Define Terms and Conditions text
• Network setup (a few weeks)
• Apple setup (a few weeks)
• Call center setup
• Customer notification process setup
• Apple Pay validation, go/no-go (testing)
• Launch to members
Cost
• Setup costs with Apple, VISA, and your processor
• Core system shouldn’t need updating
• Apple charges 15 basis points on credit
• Apple charges $0.005 on debit
• Supposedly, Apple Pay will reduce card-not-present fraud
To get the ball rolling . . .
• Talk with your processor
• Good resources here:http://www.co-opfs.org/solutions/card-payments/tokenization-resource-center/