EMV and Other Credit Card Processing Changes

EMV and Other Credit Card Processing
Changes
Bret Johnson Sr Director of Sales
© 2014 Total System Services, Inc.® All rights reserved worldwide.
Chip-enabled EMV Cards
• EMV® (Europay, MasterCard®, Visa®) is a global standard for secure
and convenient payment using bank cards and the EMV payments
infrastructure. EMV began in France in 1992
• The use of EMV contact and contactless cards for secure payments
offers multiple benefits:
• A common certified standard for processing transactions ensures
global interoperability
• Better authentication of cardholder data than magnetic stripe cards
• Fraud risks are minimized by authenticating during online transactions
• Digital seal or signature stored in the card’s chip proves authenticity
of the card for offline transactions
2
© 2013 Total System Services, Inc. ® Confidential and proprietary. All rights reserved worldwide.
EMV – Counterfeit Card Fraud Elimination
Intelligence on the card supports…
• Card Authentication Method (CAM)
–
–
•
Verifies that the card is authentic; hasn’t been counterfeited
SDA, DDA, CDA
Cardholder Verification Method (CVM)
–
–
–
–
–
–
Verifies the individual using the card
Adjustable to all card acceptance environments
Online PIN – Verified at the host, just like today
Offline PIN – Verified by the card
Signature – Verified by the cashier
No CVM Required – Just like no-signature and tap-and-go today
• The CVM can be affected by other transaction details
(e.g. amount)
3
© 2013 Total System Services, Inc. ® Confidential and proprietary. All rights reserved worldwide.
Introduction to the AID and Application
VISA AID
MasterCard AID
American Express AID
Discover AID
Diners AID (International only)
AID: Application ID
Application: Underlying EMV application on the card
•
When an EMV terminal encounters an EMV card,
it must determine the correct AID and associated application
•
It is the application on the card that knows how to behave with
the terminal and construct the EMV transaction recognized by
the Card Network and Card Issuer
Affects all “Acquirers” – merchants,
merchant processors, ATM
acquirers. What AIDs and how many
will their devices recognize and
support?
4
Affects all “Card Issuers” – What brands and
networks do my cards belong to? What AIDs and
how many do I need to load onto my cards?
What AID/App is supported by my card
brands/networks? How will I personalize and
configure the card based on functionality I want
to offer my cardholders?
© 2013 Total System Services, Inc. ® Confidential and proprietary. All rights reserved worldwide.
Example: U.S. Credit Card
First U.S. EMV Credit Cards
•
Credit Only Card
•
Single Brand
•
Single AID & Associated Application
•
Single AID and App supports both
Domestic and International Credit
Example: VISA AID
5
© 2013 Total System Services, Inc. ® Confidential and proprietary. All rights reserved worldwide.
Current Mandates / Liability Shifts
Published U.S. EMV Mandates and Liability Shifts
EMV Deployment
Milestones
Key Dates
Visa
MasterCard
PCI Audit Relief
October 2012
Y
Y
PCI Audit Relief
October 2013
POS Acquirer / Processor
Compliance
April 2013
Maestro ATM
Liability Shift
April 2013
Y
Discover
American
Express
Y
Y
Y
Y
Y
Notes
Mandate for POS Acquirers
Inter-Regional Maestro Cards at U.S.
ATMs
Y
April 2015
Y
POS Counterfeit
Liability Shift
(Excluding Fuel Dispensers)
October 2015
Y
POS Lost or Stolen
Liability Shift
(Excluding Fuel Dispensers)
October 2015
Y
Liability shift for merchants excluding
AFD
MasterCard ATM
Liability Shift
October 2016
Y
All MasterCard Branded Cards
Visa ATM
Liability Shift
October 2017
Y
POS Counterfeit Liability Shift
for Fuel Dispensers
October 2017
Y
POS Lost or Stolen Liability
Shift for Fuel Dispensers
October 2017
Visa ATM EMV Mandate
6
Y
Y
Y
U.S. Third Party ATM acquirer
processors must be able to support
EMV chip data for all Visa and/or PLUS
branded products
Liability shift for merchants excluding
AFD
Y
Liability shift for all U.S. ATMs for all
Visa and/or PLUS branded products
Y
Y
Y
Y
© 2013 Total System Services, Inc. ® Confidential and proprietary. All rights reserved worldwide.
Y
Liability shift for AFD
Liability shift for AFD
Pymnts.com Interview Q & A
2. Many countries have already adopted EMV standards, but is EMV’s relevance
shifting now that there are many ways to secure data transmitted during a
payment?
EMV is not really about securing data, it is about authentication. Data on the transaction,
generated by the chip, authenticates the card to the issuer, ensuring that it is not a
counterfeit or "cloned" card. EMV transactions may also include a PIN, even for credit
cards, which authenticates the cardholder to help prevent fraud through lost or stolen
cards. EMV is still the best existing technology in use today to authenticate cards and
cardholders.
Methods of securing data during transmission, such as encryption, help protect the
sensitive credit card information, but do nothing to address authentication.
3. The countries that face EMV adoption now are living in a very different world
than EMV’s initial adopters. What’s the significance of EMV in a world that’s
moving to a cardless environment?
One of the major reasons for the initial adoption of EMV in Europe was to provide a way
of authenticating cards and cardholders in offline environments when communications
were unreliable or prohibitively expensive to authorize every transaction online.
7
© 2013 Total System Services, Inc. ® Confidential and proprietary. All rights reserved worldwide.
NFC and Mobile
How does NFC relate to EMV?
Near Field Communication (NFC) is a complementary technology that
EMV can utilize to enable contactless payments such as with mobile
wallets. With the anticipated growth of NFC-enabled mobile devices for
contactless payments and other applications, EMVCo has been active in
defining the processes for supporting EMV mobile contactless
payments.
Consumers and businesses can benefit from NFC in several ways:
• Interactions are initiated by a simple tap of the device
• NFC is flexible; it is suitable for a broad range of uses in different industries
and environments
• NFC technology follows universally implemented ISO, ECMA, and ETSI
standards
• Transmissions are short range
• NFC works with current contactless cards and readers
All of the SE technology shown employs the same security and functional architecture of a
payment application residing on millions of EMV cards today. Depending on the mobile device
and payment model, the secure element may either be hosted in an embedded device, in a
removable SIM/UICC or in a separate device (e.g. a microSD card).
For more information, visit www.emv-connection.com
8
© 2013 Total System Services, Inc. ® Confidential and proprietary. All rights reserved worldwide.
Previous Frequently Asked Questions
1. Why are EMV credit and debit cards and EMV payment transactions secure?
• EMV secures the payment transaction with enhanced functionality in three areas:
–
–
–
Card authentication, protecting against counterfeit cards.
Cardholder verification, authenticating the cardholder and protecting
against lost and stolen cards.
Transaction authorization, using issuer-defined rules to authorize transactions.
EMV cards store payment information in a secure chip rather than a magnetic stripe; the personalization of EMV cards is done
using issuer-specific keys. Unlike a magnetic stripe card, it is virtually impossible to create a counterfeit EMV card that can be
used to conduct a EMV payment transaction successfully.
2. How does EMV address payments fraud?
• First, the EMV card includes a secure microprocessor chip that can store information
securely and perform cryptographic processing during a payment transaction
• Second, in an EMV transaction, the card is authenticated as being genuine, the cardholder
is verified (PIN or Signature), and the transaction includes dynamic data
• Third, even if fraudsters are able to steal account data from chip transactions, this data
cannot be used to create a fraudulent transaction in an EMV or magnetic stripe
environment, since every EMV transaction carries dynamic data
• Fourth, EMV methodology can also potentially address card-not-present (CNP) fraud, with
cardholders using their EMV cards and individual readers to authenticate Internet
transactions
9
© 2013 Total System Services, Inc. ® Confidential and proprietary. All rights reserved worldwide.
The Target Breach
Will This Speed Up EMV Adoption?
© 2014 Total System Services, Inc.® All rights reserved worldwide.
The answer is yes, but not for the reason you
would probably think. EMV would not have
prevented the Target breach. It was caused by
lack of network security. However, it did bring
light to the problems of credit card data security
in the US.
There's general agreement that EMV alone
would not have prevented the Target breach, in
which thieves accessed data from as many as
110 million customer accounts. But EMV would
have reduced the value of the information by
making it almost impossible to clone the cards.
‹#›
© 2013 Total System Services, Inc. ® Confidential and proprietary. All rights reserved worldwide.
Why is the US slow in implementing EMV?
One reason could be because of cost. Traditional magnetic
stripe cards cost about $2.00, chip card can cost between
$15-$20.
Another problem with improving card security is that new
cards will require new readers, and that presents a big
expense for merchants. Mag card readers typically cost
about $20 in volume purchases while a chip reader costs
about $100
© 2014 Total System Services, Inc.® All rights reserved worldwide.
More Information-Canada started the EMV conversion in 2003
and is now about 85% complete.
Implementation cost in the US estimated to be
about $6 billion, 75% will be borne by
merchants (Target estimates their cost to be
about $100 million)
There are 1.1 billion credit and debit cards in
circulation, only 15 million chip cards issued in
the US
© 2014 Total System Services, Inc.® All rights reserved worldwide.
More Information-Canada started the EMV conversion in 2003
and is now about 85% complete.
Implementation cost in the US estimated to be
about $6 billion, 75% will be borne by
merchants (Target estimates their cost to be
about $100 million)
There are 1.1 billion credit and debit cards in
circulation, only 15 million chip cards issued in
the US
© 2014 Total System Services, Inc.® All rights reserved worldwide.
If I spend the time and money to upgrade to
chip accepting parking equipment, will I get
lower interchange rates?
While this is the case in Europe and
Canada, at this time it does not appear that
the card brands are going to do this in the
US.
© 2014 Total System Services, Inc.® All rights reserved worldwide.
Does EMV replace PCI DSS?
The answer is no, you will still need to
do an annual assessment. PCI DSS is to
try to prevent credit card data beaches.
EMV is designed to prevent fraud.
© 2014 Total System Services, Inc.® All rights reserved worldwide.
What do you need to do now?
Speak to your equipment companies about
their plans for EMV conversion
The reality is that parking is a low fraud risk
and implementation of EMV may be slow in our
industry Be aware, but these is no need to
panic
© 2014 Total System Services, Inc.® All rights reserved worldwide.
Questions
© 2014 Total System Services, Inc.® All rights reserved worldwide.
Visa Mastercard Settlement Dec 13,
2013
A federal judge gave Visa and MasterCard the
go ahead on a $5.7 billion class action lawsuit
to resolve merchant complaints regarding the
swipes fees they are charged. There is a great
deal of dissatisfaction from many retail
organizations because the deal does nothing to
reduce swipe fees or keep them from rising in
the future.
© 2014 Total System Services, Inc.® All rights reserved worldwide.
The settlement does allow merchants to
surcharge if customers use Visa or
MasterCard. However, because of
competition and all of the regulations
regarding surcharging, few merchants
are doing this.
© 2014 Total System Services, Inc.® All rights reserved worldwide.
Merchant Additional Fee Programs
January 2014
© 2013 Total System Services, Inc.® All rights reserved worldwide.
Agenda
Click to edit Master title style
Convenience Fees
Special Payment Network Programs
Merchant Surcharging
Programs At-A-Glance
22
© 2013 Total System Services, Inc.® All rights reserved worldwide.
Merchant Surcharging
© 2013 Total System Services, Inc.® All rights reserved worldwide.
Merchant Surcharging
Click to edit Master title style
Visa and MasterCard modified their rules effective January 27, 2013 to permit
surcharging as part of a litigation settlement.
•
No MCC restrictions.
•
Not permitted on debit or prepaid
activity.
•
Permitted in all acceptance
environments, provided merchant’s
state permits surcharging.
•
Variable or flat/fixed amount
permitted; surcharge amount may
not exceed 4% or the merchant’s
average cost of acceptance,
whichever is lower.
•
Must be included as a part of the
total amount of the transaction at
time of settlement.
–
•
24
Several states have laws prohibiting
surcharges. Where laws conflict with
Visa/MC rules, merchants should adhere
to the law.
30 day advance notification /
registration required.
–
Visa
–
MasterCard
–
Discover
–
Acquirer
© 2013 Total System Services, Inc.® Proprietary. All rights reserved worldwide.
Merchant Surcharging (cont.)
Click to edit Master title style
Discover modified their Op Regs in Mar. 2013 to include surcharge notification
/ registration & consumer disclosure criteria which aligns with that of V/MC.
•
If a merchant elects to surcharge,
they must impose surcharge on ALL
credit card transactions accepted,
regardless of network.
•
Must not be assessed by any third
party. May only be assessed by the
merchant that actually provides the
goods or services to the cardholder.
•
Permitted at brand level or product
level.
•
•
Permitted on non-U.S. issued credit
cards accepted at a U.S. merchant;
including U.S. territories.
Merchants must surcharge MC &
Visa on the same terms and
conditions as any equal or higher
cost competitor that imposes limits
on surcharging.
•
Surcharging practice disclosure
required at point-of-entry and pointof-sale. Transaction receipt must
contain a line item with the actual
surcharge amount.
•
25
Specific fields containing surcharge
information must be supplied at the
time of transaction and passed
through acquirer to Visa and MC.
© 2013 Total System Services, Inc.® Proprietary. All rights reserved worldwide.
Programs At-A-Glance
© 2013 Total System Services, Inc.® All rights reserved worldwide.
Programs At-A-Glance
Click to edit Master title style
Convenience Fees
• No MCC restrictions
Special Payment
Network Programs
Surcharging
• Restricted to specific
government & education
MCCs
• No MCC restrictions
• Single transaction
• May be assessed in any
environment
• Variable or flat/fixed amount
• Assessed by merchant of
record
• Variable or flat/fixed amount
• CNP environment only
• Flat/fixed amount
• Assessed on all payment
methods accepted
• Separate transaction
• Assessed by merchant of
record OR 3rd party service
provider
• May be assessed on all
cards
• May be assessed in any
environment
• Single transaction
• Assessed by merchant of
record
• Must not be assessed on
debit or prepaid activity
• Registration required
• Registration required
Merchants are not permitted to apply more than one additional fee program to cardholders.
27
© 2013 Total System Services, Inc.® Proprietary. All rights reserved worldwide.
Payment Network Rules
“No Signature” Programs
August 2013
© 2012 Total System Services, Inc.® All rights reserved worldwide.
“No Signature” Program Rules
Click to edit Master title style
• Program Names
• MCC Eligibility
• Transaction Criteria
• Benefits
• Resources
29
© 2012 Total System Services, Inc.® All rights reserved worldwide.
Program Names
Click to edit Master title style
• Visa
– Visa Easy Payment Service (VEPS)
• MasterCard
– Quick Payment Service (QPS)
• Discover
– “No Signature Required” (NSR) Program
• American Express
– “No Signature” Program
30
© 2012 Total System Services, Inc.® All rights reserved worldwide.
MCC Eligibility
Click to edit Master title style
•
Visa
–
98% of businesses eligible to accept Visa may participate. Merchants with the following
21 MCCs are ineligible to participate:
MCC
•
MCC
MCC Description
4829
Wire Transfer Money Orders
6011
Financial Institutions-Automated Cash Disbursements
5542
Automated Fuel Dispensers
6012
Financial Institutions-Merchandise Svcs
5960
Direct Marketing-Insurance Services
7995
Betting, incl. Lottery Tickets, Casino Gaming Chips, Off Track
Betting & Wagers at Race Track
5962
Direct Mktg-Travel Related Arrangement Services
9405
Intra-Government Purchases (Gov. only)
5964
Direct Marketing-Catalog Merchants
9700
Int’l Automated Referral Service (Visa use only)
5965
Direct Marketing-Combination Catalog & Retail
Merchants
9701
Visa Credential Server (Visa use only)
5966
Direct Mktg-Outbound Telemarketing Merchants
9702
GCAS Emergency Svcs (Visa use only)
5967
Direct Marketing-Inbound Telemarketing
Merchants
9751
UK Supermarkets-Electronic Hot File
(Region use only)
5968
Direct Marketing-Continuity / Subscription
Merchants
9752
UK Petrol Stations-Electronic Hot File
(Region use only)
5969
Direct Marketing/Direct Marketers (NEC)
9950
Intra-Company Purchases
6010
Financial Institutions-Manual Cash Disbursements
MasterCard
–
31
MCC Description
All merchant categories qualify, except quasi-cash, money transfer, direct marketing and
gambling.
© 2012 Total System Services, Inc.® All rights reserved worldwide.
MCC Eligibility (cont.)
Click to edit Master title style
•
Discover
–
•
All businesses eligible to accept Discover may participate, except merchants with the following
MCCs:
MCC
MCC Description
MCC
MCC Description
4829
Money Transfer – Non-Financial Institution
6531
Payment Service Provider – Money Transfer for a
Purchase
6010
Member Financial Institution – Manual Cash
Disbursements
6532
Payment Service Provider – Member Financial Institution
Financial Institution Payment Transaction
6011
Member Financial Institution – Automated Cash
Disbursements
6533
Payment Service Provider – Merchant Payment
Transaction
6050
Quasi-Cash – Member Financial Institution
6534
Money Transfer – Member Financial Institution
6051
Quasi-Cash – Non-Financial Institution
7995
Betting (e.g., Lottery Tickets, OTB)
American Express
–
32
All Industries eligible to accept American Express may participate, except High Risk
merchants or merchants placed in Amex’s Fraud Full Recourse Program. Additionally, the
following MCCs are excluded from the No Signature Program:
MCC
MCC Description
MCC
MCC Description
5542
Automated Fuel Dispensers
7375
Information Retrieval Services
5964
Direct Marketing – Catalog Merchants
7393
Protective Agencies & Security Services
© 2012 Total System Services, Inc.® All rights reserved worldwide.
Transaction Criteria
Click to edit Master title style
• Card Present environment
• Card-read
• Authorization obtained
• Transaction amounts:
– Visa
• MCC 5310 (Discount Stores) & 5411 (Grocery Stores & Supermarkets) - $50 &
under
• Unattended environment - $15 & under
• All other eligible face-to-face environment MCCs - $25 & under
– MasterCard
• Face-to-face merchant-attended terminal transactions - $50 & under
– Discover
• $50 & under, including applicable taxes, gratuities & cash over
– American Express
• $50 & under
33
© 2012 Total System Services, Inc.® All rights reserved worldwide.
Benefits
Click to edit Master title style
• Faster transaction speed
– Cardholder does not need to sign transaction receipt.
• Cost-savings
– Cardholder does not have to be provided with a copy of the transaction receipt
unless they request one.
• Chargeback protection
– On transactions that meet Visa VEPS criteria, chargeback protection exists on
reason codes: Illegible Fulfillment (60), Transaction Not Recognized (75) and
Fraud-Card Present Environment (81).
– On transactions that meet MC QPS criteria, chargeback protection exists for
fraud dispute reason codes: Requested/Required Information Illegible or Missing
(4802) & No Cardholder Authorization (4837).
– On transactions that meet Discover NSR criteria, chargeback protection exists
for the merchant’s failure to obtain the cardholder’s signature.
– On transactions that meet American Express No Signature criteria, chargeback
protection exists for disputes based solely on the merchant’s failure to obtain the
cardholder’s signature at the point of sale.
34
© 2012 Total System Services, Inc.® All rights reserved worldwide.
Resources
Click to edit Master title style
• Additional information on certain payment network specific
programs can be found as follows:
– http://usa.visa.com/merchants/payment_technologies/veps_faq.html
– http://usa.visa.com/download/merchants/veps-for-merchants-us.pdf
– http://www.mastercard.us/merchants/quick-payment.html
– http://www.mastercard.com/us/merchant/pdf/QPS_Manual.pdf
35
© 2012 Total System Services, Inc.® All rights reserved worldwide.