P2PE, EMV and Tokenization - The Holy Trinity of Payment Security
-
Upload
creditcall -
Category
Technology
-
view
861 -
download
2
Transcript of P2PE, EMV and Tokenization - The Holy Trinity of Payment Security
![Page 1: P2PE, EMV and Tokenization - The Holy Trinity of Payment Security](https://reader035.fdocuments.net/reader035/viewer/2022062523/58792b5f1a28ab7c448b5689/html5/thumbnails/1.jpg)
![Page 2: P2PE, EMV and Tokenization - The Holy Trinity of Payment Security](https://reader035.fdocuments.net/reader035/viewer/2022062523/58792b5f1a28ab7c448b5689/html5/thumbnails/2.jpg)
P2PE, EMV & TOKENIZATION
www.GoRSPA.org/Education
The ‘Holy Trinity’ of Payment Security
![Page 3: P2PE, EMV and Tokenization - The Holy Trinity of Payment Security](https://reader035.fdocuments.net/reader035/viewer/2022062523/58792b5f1a28ab7c448b5689/html5/thumbnails/3.jpg)
Jeremy GumbleyCreditcallCTO
@jeremy_gumbley linkedin.com/in/jgumbley
[email protected] @jeremy_gumbley www.creditcall.com/emv-migration
![Page 4: P2PE, EMV and Tokenization - The Holy Trinity of Payment Security](https://reader035.fdocuments.net/reader035/viewer/2022062523/58792b5f1a28ab7c448b5689/html5/thumbnails/4.jpg)
EMV is Coming to the U.S.
Long time for EMV to
arrive
Contactless is already
here
U.S. EMV cards do
[email protected] @jeremy_gumbley www.creditcall.com/emv-migration
![Page 5: P2PE, EMV and Tokenization - The Holy Trinity of Payment Security](https://reader035.fdocuments.net/reader035/viewer/2022062523/58792b5f1a28ab7c448b5689/html5/thumbnails/5.jpg)
Chip Cards by Numbers575 million EMV cards to be issued by the end of 2015
59% of retail locations will be EMV-compliant by the end of 2015
78,800 EMV chip-activated merchant locations
70% of U.S. credit cards will be issued as EMV cards by the end of 2015
[email protected] @jeremy_gumbley www.creditcall.com/emv-migration
![Page 6: P2PE, EMV and Tokenization - The Holy Trinity of Payment Security](https://reader035.fdocuments.net/reader035/viewer/2022062523/58792b5f1a28ab7c448b5689/html5/thumbnails/6.jpg)
Chip Cards by Numbers86% of financial institutions plan on issuing EMV debit cards BY 2015
$3.50 Average cost for issuing a new EMV card
$500 Average cost of an EMV-compliant POS terminal
Sources: Javelin Research & Strategy, Aite Group, 2014 PULSE Debit Issuer Survey
[email protected] @jeremy_gumbley www.creditcall.com/emv-migration
![Page 7: P2PE, EMV and Tokenization - The Holy Trinity of Payment Security](https://reader035.fdocuments.net/reader035/viewer/2022062523/58792b5f1a28ab7c448b5689/html5/thumbnails/7.jpg)
Why is EMV Required?
Liability shift Global approach to securityFraud reduction
[email protected] @jeremy_gumbley www.creditcall.com/emv-migration
![Page 9: P2PE, EMV and Tokenization - The Holy Trinity of Payment Security](https://reader035.fdocuments.net/reader035/viewer/2022062523/58792b5f1a28ab7c448b5689/html5/thumbnails/9.jpg)
EMV
Tokenization
Weapons Against Card Fraud
[email protected] @jeremy_gumbley www.creditcall.com/emv-migration
![Page 10: P2PE, EMV and Tokenization - The Holy Trinity of Payment Security](https://reader035.fdocuments.net/reader035/viewer/2022062523/58792b5f1a28ab7c448b5689/html5/thumbnails/10.jpg)
P2PE PCI P2PE (Certified ) P2PE (Non-Certified)P2PE implementation manual for merchant to follow
Mandatory - Merchants must follow PIM to get PCI P2PE protection
Not defined
Secure supply chain Mandatory - Merchants must use scheme defined by solution provider
Not defined
PCI DSS De-scoping Yes - If merchant is only using PCI P2PE certified solution to take card payments; Merchants can complete a PCI DSS SAQ designed for P2PE
No - It remains each processor’s decision as to whether the solution offers any de-scoping of PCI DSS
PINpad key injection cost Yes YesPINpad encryption licence cost
Yes Yes
Solution provider costs to provide encryption
Yes Yes
Certification costs Solution provider has to cover costs of P2PE assessment. Merchant should have lower PCI DSS costs if only using certified solution
Merchant has all the cost of PCI DSS
P2PE vs. PCI P2PE
[email protected] @jeremy_gumbley www.creditcall.com/emv-migration
![Page 13: P2PE, EMV and Tokenization - The Holy Trinity of Payment Security](https://reader035.fdocuments.net/reader035/viewer/2022062523/58792b5f1a28ab7c448b5689/html5/thumbnails/13.jpg)
P2PE Can Protect Against
Loss of cardholder data
Brand & reputation damage
Loss of revenue
Payment brand penalties
PCI fines
[email protected] @jeremy_gumbley www.creditcall.com/emv-migration
![Page 14: P2PE, EMV and Tokenization - The Holy Trinity of Payment Security](https://reader035.fdocuments.net/reader035/viewer/2022062523/58792b5f1a28ab7c448b5689/html5/thumbnails/14.jpg)
DynamicApplication Cryptogram changes with each
transactionEMVStatic
Card data always the same
[email protected] @jeremy_gumbley www.creditcall.com/emv-migration
![Page 15: P2PE, EMV and Tokenization - The Holy Trinity of Payment Security](https://reader035.fdocuments.net/reader035/viewer/2022062523/58792b5f1a28ab7c448b5689/html5/thumbnails/15.jpg)
TokenizationTokenization Proprietary Gateway
Scheme Network GeneratedComplexity Simple HardRe-usable for other payments Yes Possibly. Depends on TokenOnline/Offline Online Offline capable Real-time 3rd party dependency (i.e. token service provider)
No Yes
Works with existing magstripe cards
Yes No
Cost None TBCCross gateway compatible No Potentially
[email protected] @jeremy_gumbley www.creditcall.com/emv-migration
![Page 16: P2PE, EMV and Tokenization - The Holy Trinity of Payment Security](https://reader035.fdocuments.net/reader035/viewer/2022062523/58792b5f1a28ab7c448b5689/html5/thumbnails/16.jpg)
2 Tokenization3 Processor Interfaces and EMV Messages4 Card Brand Certifications
5 Terminal Management Systems
1 P2PE
Getting a PINpad
Tip of the Iceberg
[email protected] @jeremy_gumbley www.creditcall.com/emv-migration
![Page 17: P2PE, EMV and Tokenization - The Holy Trinity of Payment Security](https://reader035.fdocuments.net/reader035/viewer/2022062523/58792b5f1a28ab7c448b5689/html5/thumbnails/17.jpg)
If you have any questions, please contact:
Jeremy GumbleyCTO
Creditcall Corp1133 Broadway, Suite 706, New York, 10010
800 868 [email protected]/emv-migration
@jeremy_gumbley
@Creditcall