We think you have liked this presentation. If you wish to download it, please recommend it to your friends in any social system. Share buttons are a little bit lower. Thank you!
Presentation is loading. Please wait.
Published byJuniper Cook
Modified about 1 year ago
© 2012 Presented by: Preparation For EMV Chip Technology Keith Swiat
© 2012 Agenda Trustwave’s Payment Application Practice What is EMV The EMV Mandate Preparing for EMV Questions Preparation For EMV Chip Technology
© 2012 Trustwave’s Payment Application Practice
© 2012 Trustwave’s Payment Application Practice Keith Swiat – 19 years experience in info-sec – 10 focusing on payment card security The Team – 15 PA-DSS Assessors – 5 continents – Nearly 1/3 of all applications listed on the PCI-SSC validated application list have been validated Services – PA-DSS Assessments – P2PE Assessment – PCI Mobile Application Security Guidelines Review Preparation For EMV Chip Technology
© 2012 What is EMV?
© 2012 EMV At A Glance Joint effort between Europay, MasterCard and Visa to provide globally interoperable and secure payments. First version of EMV standard published in Currently managed by EMVCo. Holds payment data on an integrated circuit or “chip” rather than on a mag stripe. Chips can contain RFID capabilities to enable “tap” transactions. Preparation For EMV Chip Technology
© 2012 EMV Technology Overview Solutions are comprised of two components: – Microprocessor, usually embedded in a payment card – EMV-enabled POS (contact or contactless) Transaction Flow – Card Authentication Cardholder offers card to reader – Cardholder Verification Cardholder enters PIN or signature – Transaction Authorization Transaction is approved, card is removed Preparation For EMV Chip Technology
© 2012 Current EMV Usage EMV has a very strong foothold internationally. – EMV terminals in use (estimated): Europe – 11,000,000 APAC – 3,500,00 Africa/Middle East – 350,000 Americas – 3,900,000 – Does not Include the U.S. Preparation For EMV Chip Technology
© 2012 Current EMV Usage EMV has a very strong foothold internationally. – EMV terminals in use (estimated): Europe – 11,000,000 APAC – 3,500,00 Africa/Middle East – 350,000 Americas – 3,900,000 – Does not Include the U.S. Countries that adopt EMV show a sizable reduction in “card present” fraud. Preparation For EMV Chip Technology
© 2012 Current EMV Usage Preparation For EMV Chip Technology
© 2012 EMV and PCI-SSC P2PE The PCI-SSC has recently released their P2PE standard. P2PE addresses security concerns for a different type of transaction: static payment data. Aims to protect card holder data used in mag stripe transactions during both transit and storage between the merchant and acquirer. P2PE can provide a good mechanism to secure cardholder data while EMV is adopted in the U.S. Preparation For EMV Chip Technology
© 2012 EMV and NFC Near Field Communication (NFC) is a derivative of the RFID that is used in EMV chips. NFC can only deliver data over a few centimeters as opposed to RFID’s which can transmit over a few meters. Card-based implementations are passively powered, while Smartphone solutions are powered by the device. Inclusion of NFC in many mobile devices may cause a shift to mobile wallets. Preparation For EMV Chip Technology
© 2012 The EMV Push
© 2012 Who are the players? Visa and MasterCard are taking different approaches to mandating EMV use. Visa – Expand its Technology Innovation Program to allow Merchants forego the need to undergo PCI compliance if at least 75% of transactions come from chip-enabled terminals. – Require U.S. acquiring banks and sub-processor service providers to support merchant acceptance of chip transactions. – institute a U.S. liability shift for domestic and cross-border counterfeit card-present point-of-sale (POS) transactions. MasterCard – Extend its existing EMV liability shift program for inter-regional Maestro ATM transactions Preparation For EMV Chip Technology
© 2012 What are the drivers? Preparation For EMV Chip Technology
© 2012 What are the drivers? (Cont.) Losses from card-present fraud are increasing year after year. – EMV can help mitigate this. Gross dollar volume for mobile payments is rapidly growing. – Some groups estimate mobile payments will reach $214 billion in gross dollar volume by 2015, up from $16 billion in – EMV can aide in securing these mobile payments. Travel between EMV-enabled countries and non-EMV-enabled countries is becoming more difficult. The European Payments Council has considered banning use of magnetic stripe cards. Preparation For EMV Chip Technology
© 2012 EMV Timeline OCTOBER 2012 – PCI AUDIT RELIEF FOR MERCHANTS – PCI Data Security audit fee waiver for EMV-ready merchants (75%+ transactions are EMV) from VISA and MasterCard APRIL 1, 2013 – ACQUIRER AND SUB-PROCESSORS SUPPORT EMV – VISA and MasterCard acquirer processors must support EMV transactions. OCTOBER 2013 – ADC RELIEF FOR MERCHANTS (50%) – MasterCard EMV-ready merchants (75% of POS transactions) receive 50% Account Data Compromise relief. OCTOBER 1, 2015 – FRAUD LIABILITY SHIFT – VISA and MasterCard shift fraud liability to least secure entity. Preparation For EMV Chip Technology
© 2012 EMV Timeline OCTOBER 2015 – ADC RELIEF FOR MERCHANTS (100%) – MasterCard EMV-ready merchants (95% of POS transactions) receive 100% Account Data Compromise relief. OCTOBER 2016 – FRAUD LIABILITY SHIFT FOR ATMS – MasterCard shifts EMV liability to ATM hosts for inter-regional Maestro ATM transactions. OCTOBER 2017 – FRAUD LIABILITY SHIFT FOR AUTOMATED FUEL DISPENSERS – Extended liability deadline ends for fuel dispensers. Preparation For EMV Chip Technology
© 2012 Preparing for EMV
© 2012 Implications For Merchants Shifting compliance stances – There are NO government-enforced mandates for EMV at this time. – The announcements by MasterCard and Visa are only the first. – Additional announcements may impact merchants who are early adopters. Cost – Almost all merchants in the U.S. will have to make a sizable investment to implement EMV acceptance. – Merchants will have to balance the hard and soft costs of upgrading systems to support EMV with potential fraud liability costs. Preparation For EMV Chip Technology
© 2012 Implications For Merchants (Cont.) Determine how much of your transactions are card present. – If you are 100% card-not-present EMV may not apply. How many terminals do you currently employ? Does your current terminal vendor offer an EMV upgrade path? How long did it take for your last terminal upgrade? Preparation For EMV Chip Technology
© 2012 Questions?
© 2012 Keith Swiat Director, Payment Application Practice Trustwave (708) Preparation For EMV Chip Technology
EMV and Other Credit Card Processing Changes Bret Johnson Sr Director of Sales © 2014 Total System Services, Inc. ® All rights reserved worldwide.
EMV 101 Michelle Lehouck EMV Product Manager CPI Card Group.
WHAT IS EMV? A joint effort between Europay, MasterCard and Visa It is a security framework that defines the payment interaction at the physical, electrical,
Communication for the open minded Study on user identification methods in card payments, e-payments and mobile payments Summary of recommendations (WP5)
PCI-DSS Compliance and Payment Card Acceptance Cathy Freeman Cash and Treasury Services Phone:
The Payment Card Industry Data Security Standard (PCI DSS)
PSC – Confidential – All Rights Reserved Tony Bates Mobile Payment Security The Good, the Bad and the Ugly.
MOBILE PAY PRODUCT SUITE MOBILE PAYMENT APPLICATION GENERAL PURPOSE RELOADABLE (GPR) CARD SOLUTION MERCHANT CASH ADVANCE PROGRAM CLOUD BASED POINT OF SALE.
6/2/ DEBIT CARD & CREDIT CARD PRESENTED BY:- Ravi Kumar Gupta.
Surviving the PCI Self -Assessment James Placer, CISSP West Michigan Cisco Users Group Leadership Board.
PCI Boot Camp Presented by the PCI Compliance Task Force.
Session 4: Data Privacy and Fraud Moderator: Bill Houck, Director, Risk Management, UATP Panelist: Peter Warner, EVP, Retail Decisions Cherie Lauretta,
Bank of America Merchant Services ASTRA Meeting Shirley Davis, Relationship Manager JD Wilks, Technical Relationship Manager Melinda Speer, Strategic Account.
2013 PCI Data Security Awareness Training. What is PCI-DSS? The Payment Card Industry Data Security Standards (PCI-DSS) are regulations that were created.
[FI Name]s Merchant Services Program Employee Training Presentation.
Chapter 11 Payment Systems for Electronic Commerce Gary Schneider, 2003.
CARD-LINKED OFFERS Financial Institutions. What We Do We deliver Card-Linked Offers that generate strong results by engaging cardholders and creating.
October 28, Who? What? When? Why? Comply with PCI compliance policies set forth by industry Create internal policies and procedures to protect.
Chris Moore, Strategic Account Leader-Elavon Merchant Processing Overview.
.. PCI Payment Card Industry Compliance October 2012 Presented By: Jason P. Rusch.
Annette Slidge, Sr. Director Paul Gurtner, Director Chris Moore, Client Executive Glen Green, Regional Sales Manager, Merchant Processing Overview.
Credit Card & eCommerce Best Practices Training Days 2010 Dan Hough and Robert Monasky Business Affairs.
Chapter 3 E-Payment Systems eb-course.weebly.com.
Digital Payments Jim Woodworth Head of Marketing, ACI Worldwide.
Mobile Banking Presented by: Cindi Lieblich Vice President – Product Development First Data Corp.
Smart Cards By Sravanthi Karumanchi. Introduction The semiconductor revolution has advanced to the point where the computing power that once took up an.
( e –WALLET ) M-PAYMENT SYSTEM. [ What is M-Payment ? ] M-payment is a real-time payment that is made with the use of a mobile device. Formally known.
Information Security and Identity Theft Tim Sheridan Vice President Citibank ® Commercial Cards November 28, 2007 Global Transaction Services Cash ManagementTrade.
ATM “What If” Session Assumption Validation EMF San Diego – May 20, 2014 Updated May 29,
Card Present & Card Absent Best Practices Facilitator: Kristy A Stanley Fraud and Compliance Officer June
© 2016 SlidePlayer.com Inc. All rights reserved.