CS 3 Final Review Gilbert Chou, Jenny Franco and Colleen Lewis December 14, 2008 1-4pm GPB.
Jenny Lewis, Sr. Director - cscu.net Meeting/SC17/Presentations... · Jenny Lewis, Sr. Director –...
Transcript of Jenny Lewis, Sr. Director - cscu.net Meeting/SC17/Presentations... · Jenny Lewis, Sr. Director –...
Jenny Lewis, Sr. Director – Product DevelopmentTokenization Services
Connie Davis, SVP – Enterprise Digital Strategy
Tokenization – Changing the Payment LandscapeTrends on Mobile Wallets and E-Commerce Tokens
Educating on the Fundamentals of Tokenization
• Issuers Opting to Tokenize their BINs across Debit, Credit & Prepaid starting in 2014• Actual PANs are replaced with tokens during Mobile Wallet Provisioning• If a merchant system is breached, the data captured is less valuable to fraudsters
Digitized Security over Plastic Era
Useless Data (tokens) Sensitive Data (PAN)
Merchant Merchant Network (Visa/MC) Issuer
Token Vaults(PAN/token)
PUBLIC Domain SECURED Domain
US Mobile Wallet Market to exceed $4T by 2021
- Infiniti Research, February 2017
5
Mobile Wallets gain rapid support by IssuersFIS Enables Issuer Participation in 3rd Party Mobile Wallets
FIS Supports ALL Mobile Wallets (Secured Element & HCE)
Credit Debit Prepaid
6
Mobile Wallet Users Are Customers No Credit Union Can Afford to Lose
7Mobile Wallet Users Respond…. What features drove them to the PAYs?
Mobile Wallet “Skeptics”
Time for Issuers to Take Action!
FIS™ Tokenization Services
Learning about Token Provisioning Paths
11
How does it work?
Yellow Path invokes the One Time Passcode service
FIS pulls Mobile Phone / Email Data from Card Management System and Pushes to Visa / MasterCard. Visa / MasterCard Push to the requesting Mobile Wallet
Consumer selects the desired delivery option (text or email)
Visa / MasterCard generate the OTP value and push to FIS for delivery to the end consumer
Consumer enters OTP and Visa / MasterCard Validate / update the token vault
Building Step Up Authentication with One Time Passcode
Now Generally Available!
FIS’s One Time Passcode – “How” it happens
FIS Tokenization Call Center Services
FIS Tokenization Services – Rapid Adoption
FUTURE of emerging payments…
Is “NOW”
“No turning back”
Moving PANs out of Public Doman &
replacing with Tokens for Secure and Safe
Payments “Anywhere” “Anytime”
FIS Data Predicts Rapid Provisioning Increase
The Current Tokenization Landscape…
Total value of digital payments reached $3.66 trillion in 2016
increased 20% over 2015Juniper Research
February 2017
Global EMV Migration drives fraud elsewhere
E-Commerce Growth Trend
Tokens extend beyond the “PAYs…”
Merchant Requested Tokens
“Credential-on-File” Recurring Payments
E-Commerce Digital Wallets
The Increasing Need for eCommerce Tokenization
In 2016, 32% of all internet transactions made through
“Pay with Amazon” were done on a mobile device by more than 33M people….
Payment volume doubled last year
NFC World – February 2017
It’s not just about Mobile Wallets, It’s protection against Card Not Present Fraud
• Card-not-present (CNP) fraud represents a highly profitable practice for cybercriminals• Data breaches occur regularly now. Supplying stolen Card data for fraudulent CNP transactions. • Increasing CNP Fraud is driving eCommerce merchants towards Card On File Tokenization. • New Interchange Classifications such as ‘Cardholder Present’ or ‘Secure Credentials Verified’
incenting eCommerce merchants towards Card On File Tokenization to reduce costs. • Issuers who do delay Tokenizing their BINs restrict merchants from being able to tokenize a
Card On File PAN.
Tokenization is to Card-Not-Present Fraud what EMV was to Card-Present-Fraud
Delaying Tokenization? Issuers Take Note…
E-Commerce/Internet Merchant Accounts - CNP RiskOver 52% of card accounts are setup with online/internet accounts
Account NumberPAN with Tokens
Apple, Samsung,
Android Pay Purchases
AT&T recurring
COF
Netflix recurring
COF
Paypal purchases
COF
City Utility recurring
COF
Automobile recurring
COF
Introduction of Payment Account Reference (PAR) A “Non-Payment” pseudo number that uniquely ties all tokens applied to the primary account number (PAN)
PAR #
Tokenization extends beyond the “PAYs” E-Commerce/“Card-on-File” For Merchant Token Requestors
26
Tokenization in “Card-on-File” Merchant Requests
Hundreds of Merchants embracing e-commerce tokens to replace PANs • Reducing their liability of breach• Mitigating payment disruption
27
Began requesting Tokens for PANs for new consumers withrecurring payment from VISA effective October 1, 2016 Targeting a
phased token replacement of PANs in 2017
VISA targeted April 2017 to begin phasing PayPal PAN’s with tokens in an ACH Migration to Debit Card
Master Card is in early discussions with Paypal, targetingQ4 2017 for providing this wallet/digital checkout
Emerging in 2017 is Tokenization in “Card-on-File” & E-Commerce Merchant Token Requestors
E-Commerce Tokenization aka digital checkouts. VISA Checkout available today without tokenization. The issuer must be enrolled in Tokenisation Services for PANs to be replaced with tokens once VCO begins tokenization. Master Card has MDES for Merchants with Tokenisationrolling out in 2017.
28
E-Commerce Merchant Token Requestors
Internet Of
Things
IoT
29
E-Commerce Tokenization Merchant Requests
E-commerce tokenization reduces the effect of data breaches, CNP fraud, and eliminates the problem of stored card information becoming outdated.
This benefits issuers by:
• Reducing Card Reissuance Costs: If an e-commerce token is compromised, the issuer does not need to reissue the physical card and can push a new token to the e-commerce account.
• Preserving ‘Top-of-Wallet’ Status: A cardholder can continue transacting with the provisioned token even when the underlying card information changes. The cardholder is not prompted to replace their card with an alternative payment method due to expired credentials.
New Options Coming in 2017
31
Suspend Token
De-Activate Token
Lost Phones
FIS Tokenization Services will continue to expand…
Lost Phones – Consumers who have lost their may need Tokens affiliated with a specific wallet suspended or de-activated.
Deactivate Token – Tokens can be de-activated as needed in lieu of completely blocking the PAN.
This could alleviate the need to affect the physical card, and may reduce expense.
Fraud Alerts – in addition to card controls, tokens affiliated with a PAN can be suspended temporarily until the fraud alert is resolved.
Looking Forward…Emerging Use Cases To Solve For
Virtual Card Issuance
APIs for Streamlining Back Office Functions
Mobile Analytics
32
WHO is driving the payment choice emergence? The CONSUMER & MERCHANT
EMV & Tokenization Expanding across Payments…
Is a leader in emerging payment technology ….Working with our external partners at VISA, Master Card, and EMVco/US Payments Forum developing the foundation for the future emerging payment ecosystem.
A Changing Digital Climate
Questions?
Thank You