We think you have liked this presentation. If you wish to download it, please recommend it to your friends in any social system. Share buttons are a little bit lower. Thank you!
Presentation is loading. Please wait.
Published byJuniper Cook
Modified over 7 years ago
© 2012 Presented by: Preparation For EMV Chip Technology Keith Swiat
© 2012 Agenda Trustwave’s Payment Application Practice What is EMV The EMV Mandate Preparing for EMV Questions Preparation For EMV Chip Technology
© 2012 Trustwave’s Payment Application Practice
© 2012 Trustwave’s Payment Application Practice Keith Swiat – 19 years experience in info-sec – 10 focusing on payment card security The Team – 15 PA-DSS Assessors – 5 continents – Nearly 1/3 of all applications listed on the PCI-SSC validated application list have been validated Services – PA-DSS Assessments – P2PE Assessment – PCI Mobile Application Security Guidelines Review Preparation For EMV Chip Technology
© 2012 What is EMV?
© 2012 EMV At A Glance Joint effort between Europay, MasterCard and Visa to provide globally interoperable and secure payments. First version of EMV standard published in 1996. Currently managed by EMVCo. Holds payment data on an integrated circuit or “chip” rather than on a mag stripe. Chips can contain RFID capabilities to enable “tap” transactions. Preparation For EMV Chip Technology
© 2012 EMV Technology Overview Solutions are comprised of two components: – Microprocessor, usually embedded in a payment card – EMV-enabled POS (contact or contactless) Transaction Flow – Card Authentication Cardholder offers card to reader – Cardholder Verification Cardholder enters PIN or signature – Transaction Authorization Transaction is approved, card is removed Preparation For EMV Chip Technology
© 2012 Current EMV Usage EMV has a very strong foothold internationally. – EMV terminals in use (estimated): Europe – 11,000,000 APAC – 3,500,00 Africa/Middle East – 350,000 Americas – 3,900,000 – Does not Include the U.S. Preparation For EMV Chip Technology
© 2012 Current EMV Usage EMV has a very strong foothold internationally. – EMV terminals in use (estimated): Europe – 11,000,000 APAC – 3,500,00 Africa/Middle East – 350,000 Americas – 3,900,000 – Does not Include the U.S. Countries that adopt EMV show a sizable reduction in “card present” fraud. Preparation For EMV Chip Technology
© 2012 Current EMV Usage Preparation For EMV Chip Technology
© 2012 EMV and PCI-SSC P2PE The PCI-SSC has recently released their P2PE standard. P2PE addresses security concerns for a different type of transaction: static payment data. Aims to protect card holder data used in mag stripe transactions during both transit and storage between the merchant and acquirer. P2PE can provide a good mechanism to secure cardholder data while EMV is adopted in the U.S. Preparation For EMV Chip Technology
© 2012 EMV and NFC Near Field Communication (NFC) is a derivative of the RFID that is used in EMV chips. NFC can only deliver data over a few centimeters as opposed to RFID’s which can transmit over a few meters. Card-based implementations are passively powered, while Smartphone solutions are powered by the device. Inclusion of NFC in many mobile devices may cause a shift to mobile wallets. Preparation For EMV Chip Technology
© 2012 The EMV Push
© 2012 Who are the players? Visa and MasterCard are taking different approaches to mandating EMV use. Visa – Expand its Technology Innovation Program to allow Merchants forego the need to undergo PCI compliance if at least 75% of transactions come from chip-enabled terminals. – Require U.S. acquiring banks and sub-processor service providers to support merchant acceptance of chip transactions. – institute a U.S. liability shift for domestic and cross-border counterfeit card-present point-of-sale (POS) transactions. MasterCard – Extend its existing EMV liability shift program for inter-regional Maestro ATM transactions Preparation For EMV Chip Technology
© 2012 What are the drivers? Preparation For EMV Chip Technology
© 2012 What are the drivers? (Cont.) Losses from card-present fraud are increasing year after year. – EMV can help mitigate this. Gross dollar volume for mobile payments is rapidly growing. – Some groups estimate mobile payments will reach $214 billion in gross dollar volume by 2015, up from $16 billion in 2010. – EMV can aide in securing these mobile payments. Travel between EMV-enabled countries and non-EMV-enabled countries is becoming more difficult. The European Payments Council has considered banning use of magnetic stripe cards. Preparation For EMV Chip Technology
© 2012 EMV Timeline OCTOBER 2012 – PCI AUDIT RELIEF FOR MERCHANTS – PCI Data Security audit fee waiver for EMV-ready merchants (75%+ transactions are EMV) from VISA and MasterCard APRIL 1, 2013 – ACQUIRER AND SUB-PROCESSORS SUPPORT EMV – VISA and MasterCard acquirer processors must support EMV transactions. OCTOBER 2013 – ADC RELIEF FOR MERCHANTS (50%) – MasterCard EMV-ready merchants (75% of POS transactions) receive 50% Account Data Compromise relief. OCTOBER 1, 2015 – FRAUD LIABILITY SHIFT – VISA and MasterCard shift fraud liability to least secure entity. Preparation For EMV Chip Technology
© 2012 EMV Timeline OCTOBER 2015 – ADC RELIEF FOR MERCHANTS (100%) – MasterCard EMV-ready merchants (95% of POS transactions) receive 100% Account Data Compromise relief. OCTOBER 2016 – FRAUD LIABILITY SHIFT FOR ATMS – MasterCard shifts EMV liability to ATM hosts for inter-regional Maestro ATM transactions. OCTOBER 2017 – FRAUD LIABILITY SHIFT FOR AUTOMATED FUEL DISPENSERS – Extended liability deadline ends for fuel dispensers. Preparation For EMV Chip Technology
© 2012 Preparing for EMV
© 2012 Implications For Merchants Shifting compliance stances – There are NO government-enforced mandates for EMV at this time. – The announcements by MasterCard and Visa are only the first. – Additional announcements may impact merchants who are early adopters. Cost – Almost all merchants in the U.S. will have to make a sizable investment to implement EMV acceptance. – Merchants will have to balance the hard and soft costs of upgrading systems to support EMV with potential fraud liability costs. Preparation For EMV Chip Technology
© 2012 Implications For Merchants (Cont.) Determine how much of your transactions are card present. – If you are 100% card-not-present EMV may not apply. How many terminals do you currently employ? Does your current terminal vendor offer an EMV upgrade path? How long did it take for your last terminal upgrade? Preparation For EMV Chip Technology
© 2012 Questions?
© 2012 Keith Swiat Director, Payment Application Practice Trustwave (708) 829-6575 email@example.com Preparation For EMV Chip Technology
October 28, Who? What? When? Why? Comply with PCI compliance policies set forth by industry Create internal policies and procedures to protect.
WHAT IS EMV? A joint effort between Europay, MasterCard and Visa It is a security framework that defines the payment interaction at the physical, electrical,
Mobile Payment Security The Good, the Bad and the Ugly
Troy Leach April 2012 The PCI Security Standards Council.
HCE AND BLE UNIVERSITY TOMORROWS TRANSACTIONS LONDON, 20 TH MARCH 2014.
What happens here: Affects us here and here Have you ever come to work: Cams Alerts – Visa Alerts MasterCard Alerts Fraud Notices and it’s only 8:10.
CONFIDENTIAL AND PROPRIETARY ©2014 DISCOVER FINANCIAL SERVICES 2014 Discover ® Dealer Incentive Program & EMV Update.
Trends in Card Processing North Carolina Ecommerce Conference
Leanne Phelps Senior Vice President, Card Services
Protecting Your Customers’ Card Data ASTRA Presentation Brian Chapman and Peter O’Rourke.
1 U.S. EMV Migration Update and Best Practices Hap Huynh, Senior Director Risk Products April 2015.
Understanding Commercial Card and the use of Controls Louisiana GFOA Fall Conference October 9, 2014 Rhonda C. Engel, SVP Commercial Card Sales Manager.
Designing an EMV Trial – What Should You Consider Now? Tracey Black GFH Group Inc. Cardware GFH GROUP INC.
Northwest Card Association Acquirer Update January 2012.
EMV – What you need to know… Jay J. Davis Territory Alliance Manager
Memorial University of Newfoundland An Update on Chip September 26, 2007.
LECTURE 7 REF: CHAPTER 11 ELECTRONIC COMMERCE PAYMENT SYSTEMS PREPARED BY : L. Nouf Almujally Copyright © 2010 Pearson Education, Inc. 1.
Visa Europe Implementing PCI DSS Requirements Within Your Organisation September 2008 Simon Breeden.
Mobile Payment Solutions and the EMV/PCI Impact
© 2022 SlidePlayer.com Inc. All rights reserved.