Presentation is loading. Please wait.

Presentation is loading. Please wait.

©2013 MasterCard. Proprietary and Confidential June 12, 2014 AITEC Banking and Mobile Money COMESA 2013 1 Nairobi, 12 September 2013 James Wainaina, Vice.

Similar presentations


Presentation on theme: "©2013 MasterCard. Proprietary and Confidential June 12, 2014 AITEC Banking and Mobile Money COMESA 2013 1 Nairobi, 12 September 2013 James Wainaina, Vice."— Presentation transcript:

1 ©2013 MasterCard. Proprietary and Confidential June 12, 2014 AITEC Banking and Mobile Money COMESA Nairobi, 12 September 2013 James Wainaina, Vice President and Area Business Head, MasterCard East Africa

2 ©2013 MasterCard. Proprietary and Confidential Agenda The MasterCard Story Card Security in East Africa Advancing Security, Advancing Commerce Role of Partnerships June 12,

3 ©2013 MasterCard. Proprietary and Confidential The MasterCard Story June 12,

4 ©2013 MasterCard. Proprietary and Confidential MasterCard Today *This represents MasterCard-branded GDV, does not include Maestro or Cirrus All figures as of Dec. 31, countries and territories 35.9 million acceptance locations 7,542 employees 34.2 billion transactions US $3.6 trillion * gross dollar volume June 12,

5 ©2013 MasterCard. Proprietary and Confidential Four-Party Payment System ACQUIRER ISSUER CARDHOLDER MERCHANT June 12,

6 ©2013 MasterCard. Proprietary and Confidential Our Role We invent them. Consumers want better ways to pay. We invent them. We help them move faster. Checkout lines are too slow. We help them move faster. We speed them on their way. Commuters are busy. We speed them on their way. We make it simple. Procurement is complicated. We make it simple. We find ways to serve them. People have no bank accounts. We find ways to serve them. June 12,

7 ©2013 MasterCard. Proprietary and Confidential Card Security in East Africa June 12,

8 ©2013 MasterCard. Proprietary and Confidential 8 June 12, 2014 Banks reported US $17.52 million lost between April 2012 and April 2013 Loss of revenue Identity theft, electronic funds transfer, bad cheques, credit card fraud, loan fraud and online fraud are some methods used to orchestrate fraud InfrastructureInfrastructure Eliminating online and digital insecurities is key as more and more consumers become accepting of online payment channels Cyber security Securing electronic payments 77% of Kenyans willing to buy goods online Kenyan National Payments Systems arm of CBK works to modernize and increase efficiencies of the nations electronic payments MasterCard Intelligence: MasterCard Online Shopping Survey 2012

9 ©2013 MasterCard. Proprietary and Confidential Advancing Security, Advancing Commerce June 12,

10 ©2013 MasterCard. Proprietary and Confidential Fraud management for more secure payments Industry Level Initiatives Customer Level Fraud Management Initiatives MasterCard Fraud Management Solutions, Products and Services Developing industry standards with stakeholders Partnering with government agencies Enabling Strong Authentication: EMV (chip & pin), 3D Secure (MasterCard Secure Code) Mandated Data Security: PCI-DSS MasterCards SAFE ( Issuing Bank confirmed reporting fraud to MasterCard) ADC Account Data Comprise event management (between issuer and acquirer) Fraud management reviews and fraud consulting services. Cardholder & Merchant Fraud Prevention Education (Academy, website, conferences). Excessive Chargeback Program (ECP): Expert Monitoring Solutions Global Merchant Audit Program (GMAP) Bin Blocking Services SIS Master Card stand in facility FRM (ATM covering prepaid and debit)

11 ©2013 MasterCard. Proprietary and Confidential EMV Compliance testing has two levels: – EMV Level 1, which covers physical, electrical and transport level interfaces, (i.e. the hardware) and – EMV Level 2, which covers payment application selection and credit financial transaction processing (i.e. the software) If the MPOS features a Chip Reader then both EMV certifications must be in place EMV / MasterCard Certification February 19, 2013 Page 11 MasterCard Terminal Integration Process (TIP) – Check that a Chip terminal meets MasterCard brand requirements TIP must happen before a terminal can be deployed MasterCard Terminal Quality Management (TQM) – while EMV L1 tests one or two readers this checks that the 200 th, 200Kth and 2 millionth devices that are produced are the same as the first! If the MPOS features Chip then it must have a TQM certificate Note: Acquirer compliance requirements remains the same as in the case of regular EDC terminal

12 ©2013 MasterCard. Proprietary and Confidential PCI Data Security Standard (PCI DSS) – the standard was created to increase controls around cardholder data to reduce card fraud via its exposure If card data is being handled, stored, routed then PCI DSS certifications must be in place PCI PIN Transaction Security Standard (PTS) – was specifically designed to protect consumer PIN data from theft. It is also intended to enforce hardware security of devices that accept consumer PINs and house secret encryption keys of the acquirer If the MPOS solution can accept consumer PINs, then PCI PTS certifications must be in place PCI Certification PCI Point to Point Encryption Standard (P2PE) – Secure encryption of payment card data at the point-of-interaction (POI) Not currently a requirement of MasterCard Rules, however it is an MPOS Best Practice PCI Payment Application Security Standard (PA-DSS) – Secure payment applications, when implemented into a PCI DSS-compliant environment, will help to minimize the potential for security breaches leading to compromises. BP BP = MasterCard Best Practice https://www.pcisecuritystandards.org

13 ©2013 MasterCard. Proprietary and Confidential Page 13 Securing MPOS Payment Applications PCI SSC is not certifying MPOS payment applications that reside on multi-purpose, consumer mobile devices (referred by PCI SSC as a Mobile Payment Acceptance Application Category 3). MCW recommends – secure coding / secure software updates / process for handling lost & stolen devices / remote disablement Securing Transaction Data Captured by an MPOS Card Reader Accessory P2PE / enciphered data is transmitted via the mobile device to the MPOS solution provider server / cryptographic authentication for device authentication Securing Personal Account Numbers (PAN) PAN should not be retained on the mobile device / For Key entered trns – encryption of PAN for transmission EMV Chip Transactions EMV level 2 kernel can be on device or on server or split between both Service providers to ensure there is no latency Online only trns allowed MasterCard mPOS Program – Some best Practices Service Providers

14 ©2013 MasterCard. Proprietary and Confidential Control in retail payments Giving cardholders greater control over how and where their card is used Multi-level transaction blocking Geographical limit of the acceptance of cards based on pre-defined regions Enhanced controls: apply different authorization limits based on multiple criteria such as Amount, Merchant Category, Transaction Type etc. Cardholders create personalized spending profiles for their accounts, setting up alerts and spending limits according to budget goals and account security concerns Solutions for both individuals & corporates

15 ©2013 MasterCard. Proprietary and Confidential Role of Partnerships June 12,

16 ©2013 MasterCard. Proprietary and Confidential Partnerships to fortify the electronic payments ecosystem Enhance efficiency and effectiveness of payment systems Provider of payment systems (KEPSS) Government Action Industry Initiatives Private Investment Industry-wide shift for adoption of secure ATM and card transactions Joint education drives at customer, issuer and merchant levels June 12, 2014 Page 16 Between , greater usage of electronic payments contributed to 0.8 % increase in GDP in emerging markets and 0.3% increase in GDP in developed markets.. -Moodys Analytics, February 2013 Investment in systems upgrade for issuance of EMV chip and PIN cards as banks adopt new systems


Download ppt "©2013 MasterCard. Proprietary and Confidential June 12, 2014 AITEC Banking and Mobile Money COMESA 2013 1 Nairobi, 12 September 2013 James Wainaina, Vice."

Similar presentations


Ads by Google