in Launching Your EMV Program - Shoreline - EMV...
Transcript of in Launching Your EMV Program - Shoreline - EMV...
Shoreline, a Gemalto company
Shoreline Confidential2
2,900R&D ENGINEERS
114NEW PATENTSFILED IN 2014
180+COUNTRIES WHEREOUR CLIENTS ARE
BASED
14,000+EMPLOYEES
116NATIONALITIES
$2.7bn2014 REVENUE
+2bnEND USERS
BENEFIT FROMOUR SOLUTIONS
4
EMV Standards: A 20 Year History
• Europay, MasterCard and Visa initiate the development of specifications for Integrated Circuit Cards aka the EMV spec1994
• The first version of EMV specifications is published1996
• EMVCo LLC is formed by Europay, Visa, MasterCard to manage, maintain and enhance the EMV™ Specification1999
• 2004: JCB joins EMVCo• 2008: The most recent version, EMV 4.2, is published• 2009: American Express joins EMVCo• 2013: Union Pay joins EMVCo
2000’s
Key Benefits of EMV
o Enhanced Payment Security Reduces the risks & costs relating to fraud
o Technology Platform for new payment channels Contactless Payment Mobile Payment eCommerce
o Global Interoperability
Shoreline Confidential5
• Secure chip stores payment information• Chip card authentication prevents
counterfeiting• Adds cardholder verification methods• Offers online or offline authorization
EMV chip cards use an embedded microprocessor for payment transactions
OUTSIDE INSIDE
CONTACT
One Technology = Three Consumer Payment Options
Shoreline Confidential6
Enter individual PIN
code. The cardchecks the PIN
stored on the card.The PIN may also be verified online.
Sometimes PINis omitted and a
signature is required.
CONTACT PAYMENT TERMINAL
CONTACTLESS PAYMENT TERMINAL
CONTACTLESS PAYMENT TERMINAL
NFC-enabled phone
2 inches
EMV contact –card is placed into a device that reads the data on the chip
EMV contactless payments –simply tap the card and pay securely
Mobile EMV = NFC mobile payments –provides secure mobile payments, increased loyalty and marketing options for issuers
The date is nearo October, 2015 – Fraud Liability Shift
The party that has made investment in the most secure EMV options is protected from financial liability for card-present fraud losses for both counterfeit and lost, stolen and non-receipt fraud on this date.
Bottom line: the weakest link in the EMV transaction chain is responsible for fraud
Shoreline Confidential8
Kaspersky Lab revealed that lost financial data ranged from $66,000 to $938,000 per organization, depending on the size of the firm. Meanwhile, the American Bankers Association took a look at losses after a major corporate breach and found that the average loss on a fraudulently used debit card was $331. (Source: http://www.information-management.com/)
Not a deadline or a mandate
• EMV is not solving card not present fraud by itself; limited exposure? CNP specific solutions are out there
Aftermath of Recent Data Breaches
9
o Breaches have created a tipping point in consumer and media perception of payment security.
o Securing the payment eco-system is now a matter of urgency.
US EMV Card Projections
2 925
255
575635
120
255300
2011 2012 2013 2014 2015 2016
Before Target Breach
After Target Breach
Shoreline Confidential10
%B5268xxxxxxxxxxxx^Smith/John^110120116604000000000000000000000?
;5268xxxxxxxxxxxx=11012011660400000000
o Static data stored on a magnetic stripe can be easily skimmed to make cloned cards
o No way to verify card authenticity–cloned cards are indistinguishable from the original
o Signature is a weak form of cardholder authentication
Why EMV?
Shoreline Confidential11
COPY = ORIGINAL
OriginalCounterfeit
000000000000000000083902014A200228830C8859DE1F37E74D8B657FB70D110108002C035400BA038001C0003200000E16181E20242A8488A8AEB2CADADC000000621C731008038400621C5A0808038400621C4108080384006216030003030000621DFA0008038400621F8804020480006214500002020000621084040204000062149500010480006205F5000604800062116D00030200006212610003028000621CAC0008038400621E6600080384000000000000000000000000000000000062196B0062017B0062049C006206930062073C0062097D00620A1800620A5E00620B3700620B3B00620E5F00620ECB00621EF50062218C006222350000000000000000000021E921AB21A721E521C2219E03800380043A0756075B07880C880080043A105A00C004BA185A057A5A000005FA005A000005FA005A05FA05FA00002020200005010100000110160600010000558988FFA0000000041010006200000000000000000000000000000014145A1000000351080000005A554E2003040000EA60004E200F0000000000000000000000000000000000067A0A16051316232636000000000000005A83C13175E543256125AB0EE34F54EAA431EA2AE557264CC12A1F6E868A268994000000000000000062E0D0833DB0F19D15DC4C706DE3BCAB0000000000000000A291D970A2C20DF76EE60E022CB646C100000000000000000000000000000000000000000000000000000000000000000000000000000000000000005AAD126F5A5A5A5A5A000000000000000000000000FF0100000000000000000100005B6373B15ABED28E130038FCE57D5A752AD9B0CF98F50000000000000000241234FFFFFFFFFF00000000000000000000000000000000000000000000000000FFFFFFFFFFFFFFFF50000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000A19F27019F02065F2A029A039F36029F520600000000000000000000000000000000000000000000000000000000D55502F60200D6550295029F1455029D019F235502AA0100CA5502970600CB5502A40600C45502FB0300C55502FE0300C35502F80300C95502910200D15502C3199F4F9503541100C85502930200945603042000825603010200C75502900100D35502DC1200D7550324039FA15502AB069FA25502BD0600CD55032A0300CE55032D0300CF5503270300DE9502740900D95603332000D8560330029FA75503530100DA5602F20200DB5602F40200DC5602EE0200DD5602F0028577C46B600E5D1ECC0FE9EB0F42B13E15FEA9F7479A0F3217C4BCD742108178D9FB07D11F32A2426098F1328BF92E6CCEF353D1FD4386C68DDD9B9EA1EEAB978E5B8B3074BB128D07F50B207148DEAAD0C034B755ED83A38BD82B2A74D69CE1E65F0B9E7454BE9224FB65AA859BEA5DFBBEAB631A51FB1F5F54E16F3934C8DFC833A6A110158BAE3217DEE096E409DD20FDFEF2EB6716CB23A71B42E318C23546F88BB9AECBF36390E569CBD1F5C5A3366CFDBAFBE54A29D4CC696DF2E60163D58950C8AF189BD38BEF90B0A9ED4E0039204F1300E4457551C440BFAF41EB52D98E916DAE7F1DDB3779187FC869DF8CF99E0114A77AF8AF0EFF5226D5CF2D4F9E8C2A50FF6B6FD1E4AEFA2C2308570DB429258FCEF9C40001761154F07A0000000041010500A4D41535445524341524400296F278407A0000000041010A51C500A4D4153544552434152448701015F2D02656EBF0C059F4D020B0A00000000
Why EMV?
o Chip dynamically communicates with authorization system or POS to guarantee Card Authenticity Cardholder Authenticity Transaction Authenticity
o Protects against Card Skimming Card Cloning Man in the Middle Attacks
Shoreline Confidential12
Original
Mag stripe data on a chip card is different than on a regular card;
if cloned or stolen the EMV enabled systems will not allow a non-EMV transaction
Three basic steps of an EMV transaction
o Verify the Card is Authentic
o Verify the Cardholder is Authentic
o Authorize the Transaction
Shoreline Confidential13
What is an EMV Profile?
o An EMV Profile is a set of rules and controls that determines how an EMV Chip Card will behave in the field
o Ingredients of an EMV Profile: Card and transaction authentication: Online vs. Offline Cardholder verification: Pin vs. Signature Usage type: Contact vs. Contactless Usage & Transaction Risk Limits
Shoreline Confidential14
Standard EMV Profiles
o Payment Associations have defined “off the shelf” EMV profiles to simplify the decision making process
o Payment processors will support some or all of these “off the shelf” profiles
o Debit profile examples VISA : U.S. Debit Personalization Profile for Online-Only Card, supports Durbin-compliant
Common AID, Signature preferring (VISA), Online PIN preferring (Debit Network)
MasterCard: Profile 35 in combination with 61 (common debit AID), online only, supports Durbin-compliant Common AID, Online PIN preferring
MasterCard: Profile 19 in combination with 61 (common debit AID), supports offline card authentication (C/DDA), supports Durbin-compliant Common AID, Online PIN preferring
Shoreline Confidential15
Try it yourself: http://www.mastercard.us/simplify_emv.html
Contact vs. Contactless
o Contactless EMV solves checkout speed issue
o Contactless EMV helps capture cash
o Contactless EMV increases cardholder stickiness translating to issuer top of wallet
o Contactless EMV creates a consistent consumer experience between card and mobile transactions.
Shoreline Confidential16
“Dip & Wait” nature of contact EMV is not in line with consumer & merchant expectation of immediacy & convenience
Apple Pay is driving merchant activation of contactless POS
Which chip card to buy?
Shoreline Confidential17
“The brand says we only need the 4k chip, but the personalization vendor continues to push the 10k and the instant issuance vendor says 12k. I have been getting the run around from all of my vendors.”
- a frustrated VP of payment solutions
o How Much Memory? 4k 8k, 12k
o What type of CVM?
SDA
DDA
CDA
What type of EMV Card should I Buy?
o What Payment Applications? VSDC 2.8.1am2s MChip Select MChip Advanced
o What Operating System? Java Multos Native
Shoreline Confidential18
Shoreline suggests a simpler approach
Shoreline Confidential19
o Type? Contact EMV Contact + Contactless EMV
o What EMV Profile? Visa US Debit Profile MasterCard Profile #X
o Quantity? 1,000 10,000
o Color of Module? Gold Silver (palladium)
o Shoreline is integrated & certified today for EMV Issuance with major processors
o Pre- Approved by payment associations
o Shoreline offers Gemalto cards which can support any standard EMV profile and facilitate a future proof roll out strategy
Shoreline suggests a simple approach
Shoreline Confidential20
EMV Card procurement and inventory considerations
o Lead times – 8-12 weeks for custom orders after design’s approval
o Cost vs. Volume vs. Minimum Order size
o EMV roll out strategy Friends and family pilot Natural re-issue, lost/stolen replacements Mass re-issue
o Chip (operating system + payment application) expiration dates Not related to card expiration Initial term – 3 years, with subsequent 1- or 3-year
renewal(s) Applies to
- Card manufacturer’s ability to sell- Issuer’s ability to issue (+12 months)
Shoreline Confidential21
Adapt Your Card Artwork to EMV – Proof and approval needed
o Shoreline offers 6 pin chips as standard for contact only cards
o Request a design specification sheet/mock card design
Shoreline Confidential22
We are #1 in Payment Cards
Shoreline Confidential23
Total Chip Card Shipments 2013Rank Manufacturer/Headquarters Millions
1 Gemalto Netherlands 2,178.0
2 Oberthur France 930.0
3 Giesecke & Devrient (G&D) Germany 875.1
4 Morpho Germany 680.0
5 Watchdata System China/Singapore 401.1
6 Bluefish Technology Denmark 319.0
7 Beautiful Card Taiwan 252.5
8 AB Card Group Turkey 191.7
9 Asia Credit Card Production China 179.0
10 Jing King Tech Holdings Hong Kong 148.5
11 Exceet Card Group Germany 143.0
12 COS Software Co. China 115.0
13 Goldpac China 101.2
14 DZ Card Thailand 99.0
15 Valid Brazil 98.5
16 HID Global United States 90.0
17 CPI Card Group United States 76.6
Payment Cards with Chipsvs. Mag Stripes Only (mil.) 2013
Chip Magnetic Stripe
Gemalto
Perfect
Oberthur
G&D
CPI
Valid
Morpho
AB Note
IntelCav
Note: Chip cards include Visa, MasterCard, American Express, JCB, and Maestro cards with mag-stripes as well as ATM-only and domestic-only debit cards, transportation cards, and other proprietary cards. © 2013 The Nilson Report
645/150
2/643
280/280
322/233
15/350
30/247
101/52
13/135
47/78
Experience Matters Scale Matters Global Presence Matters