MAG Webinar: EMV & Cardholder Verification Method PriorityUpcoming MAG Educational Opportunities •...
Transcript of MAG Webinar: EMV & Cardholder Verification Method PriorityUpcoming MAG Educational Opportunities •...
MAG Webinar: EMV & Cardholder Verification Method Priority
Moderator: John Drechny- Senior Director of Payment Services , Walmart
Speaker: Jeff Stroud– Senior Managing Consultant, MasterCard Advisors
Speaker: Guy Berg- MasterCard Worldwide
Speaker: Simon Hurry- Sr. Business Leader, Chip Infrastructure-Visa, Inc.
Monday, June 3-12:00pm-1:00pm CT
Upcoming MAG Educational Opportunities
• WEBINAR: GETTING STARTED WITH EMV: BEST PRACTICES AND COMMON PITFALLS June 20, 2013- 12:00pm-1:00pm CT Register Online at www.merchantadvisorygroup.org
• EDUCATIONAL CLASS- Payments+ Planning for Tomorrow’s Payments: Consumer Engagement, EMV, Routing-Presented by W.Capra June 26, 2013 McDonald’s COB, Chicago, IL Register Online at www.merchantadvisorygroup.org
• Mark Your Calendars! Annual Conference-Celebrating 5 Years in the Big Easy October 7-9, 2013 Astor Crowne Plaza New Orleans New Orleans, LA
Registration Opens online in Mid-July
Detailed analysis of CVM Processing
Jeff Stroud MasterCard Advisors – Senior Managing Consultant
Guy Berg-MasterCard Worldwide
EMV & Cardholder Verification Method Priority
EMV Application Anatomy for Standard EMV
Application AID
CVM List Card
Authentication Method
Other Risk Management
Settings
EMV Profile
Standard EMV CVM List
Application AID
CVM List Card
Authentication Method
Other Risk Management
Settings
EMV Profile
Card Conveys to the terminal the preferred CVM
The Issuer sets the order of the CVM list
The CVM list will vary by issuer
Standard EMV CVM List
Application AID
CVM List Card
Authentication Method
Other Risk Management
Settings
EMV Profile
Card Perspective Terminal Perspective
Offline PIN Plaintext Enciphered
Online Enciphered PIN Signature No CVM
CVMs supported by the terminal
EMV Application Anatomy for Durbin EMV
Application AID
CVM List Card
Authentication Method
Other Risk Management
Settings
EMV Profile
Application AID
CVM List Card
Authentication Method
Other Risk Management
Settings
EMV Profile
Application Selection Process
EMV Application Anatomy for Durbin EMV
Application AID
CVM List Card
Authentication Method
Other Risk Management
Settings
EMV Profile
Application AID
CVM List Card
Authentication Method
Other Risk Management
Settings
EMV Profile
Application Selection Process
Conditions
Methods Amount Conditions
CVM Fallback
CVM List is defined on the card
CVM List provides the terminal with four pieces of information on how an issuer wishes the cardholder to be verified
1. CVM Method
Order of methods is in priority order that issuer wishes
2. Conditions of use
3. What if the CVM method is unsuccessful
4. In the case where conditions applied to a CVM method involve amounts, CVM list will contain AMOUNT X and AMOUNT Y values that the terminal will validate the condition against
Anatomy of a CVM List
CVM Methods Conditions
Methods Amount
Conditions
CVM Fallback
Offline Plaintext PIN
Online Enciphered PIN
Offline Enciphered PIN
Signature
No CVM
CVM Conditions
Always
If unattended cash
If not unattended cash and not manual cash and not purchase with cashback
If terminal supports CVM
If manual cash
If purchase with cash back
Conditions
Methods Amount
Conditions
CVM Fallback
EMV Defines CVMs that terminals may be capable of supporting Offline PIN (new with EMV)
Plaintext
Enciphered
Online Enciphered PIN (exists today with magstripe)
Signature (exists today with magstripe)
No CVM (exists today with magstripe – QPS)
Terminal Supported CVMs
CVM List (From Card)
TERMINAL
Terminal Processing of CVM List
CVM #1
CONDITION OF USE
CVM #2
CONDITION OF USE
Conditions Satisfied
CVM Processing Fails
CVM Supported If condition is not
satisfied AND CVM Method is not
supported Conditions Satisfied
CVM Supported If condition is not
satisfied AND CVM Method is not
supported
Occurs when the conditions for the preferred CVM method to be performed are met but the CVM method cannot be performed or, when performed, the CVM method failed
CVM Fallback Configuration Options Do not fallback if the CVM fails but proceed with the transaction
Fallback to the next CVM in the priority list
Examples of CVM method unable to be performed: PIN Entry required but PIN Bypassed (either by customer or merchant)
PIN Entry Required but PIN Pad is not present or not working
PIN Try Limit Exceeded
CVM Fallback Processing
Processing logic for when CVM Fallback is Supported by Card
CVM #1 CONDITION OF USE
Apply Next CVM
CVM #2 CONDITION OF USE
Apply Next CVM
Conditions Satisfied
Condition of Use Satisfied but CVM cannot be executed
successfully
When CVM Fallback is Not Supported by Card
CVM #1 CONDITION OF USE
Do Not Apply Next CVM
CVM #2 CONDITION OF USE
Apply Next CVM
Conditions Satisfied
Condition of Use Satisfied but CVM cannot be executed
successfully
CVM Processing Fails
Potential CVM Profiles on card (assumes Multiple AIDs)
US Debit AID
Offline PIN If Terminal Supports
Apply Next
Online PIN If Terminal Supports
Apply Next
Online PIN If Unattended Cash
Apply Next
No CVM If Terminal Supports
Do Not Apply Next
International AID
Online PIN If Terminal Supports
Apply Next
Signature If Terminal Supports
Do Not Apply Next
Online PIN If Unattended Cash
Apply Next
No CVM If Terminal Supports
Do Not Apply Next
May support Signature
May support Online PIN
May support Offline PIN (both
Plaintext and Enciphered)
May support No CVM
•Settings are dependent on how Terminal Vendor has certified their EMV Kernel with EMVCo
CVM Support defined within Terminal Capabilities
International AID
Online PIN If Terminal Supports
Apply Next
Signature If Terminal Supports
Do Not Apply Next
Online PIN If Unattended Cash
Apply Next
No CVM If Terminal Supports
Do Not Apply Next
Attended POS Terminal
Terminal Supported CVMs: Signature Online PIN Offline PIN
US Debit AID
Offline PIN If Terminal Supports
Apply Next
Online PIN If Terminal Supports
Apply Next
Online PIN If Unattended Cash
Apply Next
No CVM If Terminal Supports
Do Not Apply Next
International AID
Online PIN If Terminal Supports
Apply Next
Signature If Terminal Supports
Do Not Apply Next
Online PIN If Unattended Cash
Apply Next
No CVM If Terminal Supports
Do Not Apply Next
Attended POS Terminal Terminal Supported CVMs: Signature
US Debit AID
Offline PIN If Terminal Supports
Apply Next
Online PIN If Terminal Supports
Apply Next
Online PIN If Unattended Cash
Apply Next
No CVM If Terminal Supports
Do Not Apply Next
International AID
Online PIN If Terminal Supports
Apply Next
Signature If Terminal Supports
Do Not Apply Next
Online PIN If Unattended Cash
Apply Next
No CVM If Terminal Supports
Do Not Apply Next
Attended POS Terminal US Debit AID
Offline PIN If Terminal Supports
Apply Next
Online PIN If Terminal Supports
Apply Next
Online PIN If Unattended Cash
Apply Next
No CVM If Terminal Supports
Do Not Apply Next
Terminal Supported CVMs: Signature Online PIN No CVM
Simplifying Deployment
Simon Hurry
June 3, 2013
2004 2005 2006 2007 2008 2009 2010 2011 2012
US
Chip Impact on Counterfeit Fraud
Asia Pacific
•EMV chip has demonstrated its effectiveness at reducing counterfeit fraud
•The counterfeit fraud liability shift effective date in Asia Pacific was January 1, 2006
United States
•Counterfeit fraud in the U.S. continues to grow
•The counterfeit fraud liability shift effective date in the U.S. is October 2015
2004 2005 2006 2007 2008 2009 2010 2011 2012
Asia Pacific
Data Source: Visa Fraud Reporting System,TC40 client submitted annual domestic counterfeit fraud (ex cash) volume
- 68%
(from 2004 to 2012)
+ 394%
(from 2004 to 2012)
The U.S. is a complex and unique market
While we have learned a great deal from EMV implementations in other countries, the U.S. is more complex
• Zero floor limit environment
• Numerous domestic debit networks
• 2 processing environments – dual and SMS
• Newly regulated debit environment
• Simultaneous migration to contact and contactless chip
Visa’s overwhelming focus on the U.S. implementation has been to keep things simple and minimize impact on all stakeholders
• There are 3 different types of PIN ‒ online PIN, offline clear text PIN and offline enciphered PIN
• Chip cards can support multiple cardholder verification methods
• Online PIN
• Often not supported on international cross-border POS transactions
• Offline PIN
• Expensive and difficult to implement and manage
• Difficult to synchronize with the online PIN
• Requires merchants to manage PKI root keys
The simplest and least expensive option is to use signature and ‘no CVM’ as the baseline for global interoperability
Basics of Chip With Online or Offline PIN
PIN on chip is a lot more complex than people think
Recommended U.S. Chip Implementation
• Dual Interface
• Deploy latest version of Visa Contactless spec
• Support qVSDC
Chip Interface Options
• Signature
• If support PIN, deploy online PIN
• No CVM
Cardholder Verification Methods
Card
Authorization
• ALWAYS ONLINE
• No Offline
• ALWAYS ONLINE
• No Offline
• Signature
• Online PIN (Debit)
• No CVM
• Common AID is online PIN preferring
• Dual Interface OR contact with mobile companion
• Use latest version of Visa Contactless & Mobile spec
• No “Contactless-Only”
Card Profile Terminal Configuration
26
CVM Options designed for simplicity
CVM Goals
• Globally signature preferring cards are the lowest common denominator for acceptance.
• Online PIN is needed for cash, and domestic PIN debit networks.
• Offline PIN can be supported but is difficult and expensive to manage.
• No CVM is needed for VEPS and unattended devices.
• Continue to look for increased merchant operational efficiency.
• Balance fraud risk management with convenience.
• Maintain existing customer experience.
Signature
No CVM
Offline PIN
Online PIN
Signature
No CVM
Terminal’s Supported CVMs Card’s CVM List
X
X
X
CVM Options Credit Example
Online PIN
Signature
No CVM
Offline PIN
Online PIN
Signature
No CVM
Terminal’s Supported CVMs Card’s CVM List
X
Debit Example