Add to collection(s) Add to saved
  1. Business
  2. Finance

Leanne Phelps: EMV, Tokenization and Apple Pay

advertisement 
EMV, Tokenization and Apple Pay
The New Landscape
Carolina’s Credit Unions Council
October 10, 2014
Leanne Phelps
Senior Vice President, Card Services
State Employees’ Credit Union
Agenda
•
EMV: The Technology
•
Tokenization
•
Mobile Payments with Apple Pay
About State Employees’ Credit Union
• Serving state employees, teachers and their family members in
North Carolina
• 1.9 million members
• 255 branch offices
• 1,100 ATMs
SECU Card Programs
• Debit Portfolio - Route through Visa DPS to SECU Host
• 1.3 million Visa Check Cards
• $10.3 billion annual purchase volume
• 305 million transactions
• Credit Portfolio – Processed through First Data Resources
• 300,000 Visa credit cards
• $1.1 billion open credit lines
• 14.5 million transactions
Why EMV?
•
•
•
•
Secure chip stores payment information
Chip card authentication prevents counterfeiting
Adds cardholder verification methods
Offers online or offline authorization
Form Factors Options
• Contact
– Chip is embedded in a card
– A contact card is inserted into a smart card reader
– The contact points on the chip make contact with
the card reader
• Contactless
– The chip may be embedded in cards, key fobs,
stickers, mobile phones, etc.
– A contactless chip requires close proximity to a
reader (“tap and go”)
– Both the chip and the reader have an antenna and they
use an RF (radio frequency) signal to communicate
EMV – Building the Momentum
The Top 10 Discussions
•
•
•
•
•
•
•
•
•
•
Authentication – Static vs. Dynamic
Transaction / Authorization Differences vs. Today
What is on the actual Chip – Application Identifier logic
Card / Chip Lifecycle
Visa Recommendation for personalization
Liability Shift
Planning and Implementation timing
Unaffiliated networks
Vendor Support
Card / Chip Lifecycle
Transaction Flow Comparison
Today – Magnetic Stripe
Issuer makes and
passes
Authorization
Decision
FI
Card
Swiped
Terminal Reads
& Passes Track
& Authorization
Data
Merchant
Acquirer
Processor
Issuer
Processor
Issuer Processor or Issuer
validates cryptogram or
cryptogram value, makes and
passes Authorization
Decision
I
Tomorrow - EMV
New and Different
Card Inserted
The terminal and chip card
verify the response
cryptogram
Merchant Acquirer
Processor
Issuer
Processor
FI
The Issuer Processor or the
FI verifies the request
cryptogram and generates a
response cryptogram
• Communication between the chip card and the terminal – in both directions
• Terminal to determine, by the Service Code, whether card is magnetic stripe only or chip card
- Service code is unique and placed on both the chip and magnetic stripe (begins with a 2 or 6)
- Track 2 equivalent on the chip
EMV – Building the Momentum
Configuration
Routing
Multi-access
BIN table
Visa
Industry Support
Common
Visa
• One application / Two
application identifiers
(AIDs)
• Simplified personalization
• Easier card management
• Less application code and
potentially less expensive
chip
• Supports domestic and
international usage
• EMV compliant
• Fully supported by Visa
• Uses existing network
routing infrastructure
• Offers issuer flexibility
through BIN file
management
• All of the major
unaffiliated debit
networks support the
Visa U.S. Common Debit
AID
• Enables merchants and
POS acquirers to manage
routing selection on a
transaction by transaction
basis
• Maestro
• Nets
• Star
• CU 24
• NYCE
• Shazam
• Pulse
• AFFN
• Solution endorsed by EMV
Migration Forum (EMF)
• Accel
• CO-OP
Card Personalization Best Practices
Transaction
Authorization
Card
Authentication
Issuer
Cardholder
Verification
Method (CVM)
List
• Always online
• No offline authorization by chip
• Always online
• No offline data authentication1
Visa Credit
Signature
No CVM
Online PIN (for ATM only)
Visa Debit
Signature
Online PIN (POS and ATM)
No CVM
U.S. Common Debit AID
Online PIN (POS and ATM)
No CVM
Best practices should reduce complexity, cost and time-to-market
Card Personalization Considerations
• Adding a contact chip to a mag stripe card impacts the card ordering /
issuing process from both a timing and monetary perspective.
• A key stakeholder is the provider of card processing services . . . What type
of chip can they support and can they support you?
• Certification of the chips by the associations is taking between 90 days and
six months.
• Based upon chip type and market availability of the chips, the turn times for
card manufacturing should not vary much from mag stripe cards – perhaps
adds two weeks. However, bear in mind that there is a growing global
demand for chips (China, South America), which could impact chip
availability.
Points to Remember
• Adding a chip to a mag stripe card will increase costs – costs can be
impacted by the type and size of chip. You can assume to add about a dollar
to the present costs for manufacturing custom cards.
• Personalization Vendors are exploring ways to lower the costs of chip cards
for small financial institutions, including the use of generic design plastics
(hot-stamped with the credit union’s logo) and print-on-demand using edge
to edge imaging equipment.
• The fees for personalizing the chips are incremental, and subject again to
the type and number of applications being loaded onto the chip. Credit
unions should expect these fees to be in the $0.25 to $0.40 per card range.
• Financial institutions should also ask their processor about possible fees
associated with an EMV program (new BINs, key management, EMV
transaction fees).
Key EMV dates from Card Brands
15
© 2012 VeriFone Systems, Inc.
Support of Debit Networks
Network
Common AID Licensing
Support Status
Maestro
Visa U.S. Common Debit AID
Certified/Ready to
Support
Pulse
Visa U.S. Common Debit AID
January 2015
Certification
NYCE
Visa U.S. Common Debit AID
January 2015
Certification
STAR
Visa U.S. Common Debit AID
February 2015
Certification
CO-OP
Visa U.S. Common Debit AID
April 2015 Certification
ACCEL /
AllPoint
Visa U.S. Common Debit AID
Specifications Under
Review
CU24
Visa U.S. Common Debit AID
Pending Specifications
Liability Shift
Counterfeit Fraud
Liability Shifts
Rewards investment
in EMV
POS: October 1, 2015
AFD & ATM:
October 1, 2017
• After Liability Shift: Liability shifts to the acquirer
if counterfeit fraud occurs on a contact chip
capable card and the merchant is not contact
chip capable
• Does not cover contactless, card-not-present
transactions, or lost/stolen fraud
• Covers domestic and cross-border transactions
Transaction Examples
Chip-on-chip transactions
Mag-stripe cards at chip
terminals
Contact chip at mag-stripe
terminals
Counterfeit Liability
Issuer holds the limited exposure that
still exists
Issuer holds liability
Acquirer holds liability
Key Vendors – Information & Requirements
Host – Software Vendor
•
•
•
•
•
Enhancement Control Support
Segmentation of base
POS entry mode – new data same field
PINs – Host vs. Stripe
Certification and Timing
Networks & Gateways
• Processor must code and certify with
each network
• Certification and Timing
Plastic Card Vendors
*VOL has the most updated listing of certified vendors
*VOL has the common AID personalization
specifications Debit & Credit
•
•
•
•
•
Must be Visa/MasterCard Certified
Card Art
Standard Chip & CVM’s
Timing and Availability
Key management
Instant Issuance Vendors
• Timing and Availability
• Test plastic will be required for certification
Planning - 6 Weeks
Key Considerations
Planning
•
•
•
•
•
•
•
Vendor Readiness and Timelines
Budget – ROI
Issuance Strategy – Full or Segmentation – At Reissue
Internal Education Plan
Cardholder Education
Marketing Strategy
PINs – Customer Selected – Host vs. Stripe Considerations
and Project (if applicable)
• Credit First
• Debit – Date Coordination with Networks
Requirements
Build
Certification
Launch
Tokenization – what is it??
Tokenization is the process of replacing the original payment credentials (PAN) with a
unique “alternate identifier” which may be used in its stead to initiate payment activity.
Replaces a traditional card account
number with a unique payment token /
digital account number
Restricts the use of a payment token
by device, merchant, transaction
type or channel
Payment tokens further enhance security of digital payments and simplify purchase experience when
shopping on mobile, computers or other smart devices and help reduce fraudulent activity….
October 2013/March 2014
April 2014 / June 2014
October 2014
Industry standard
Card Brand enabled
Pay
2015+
More to come…
Core concepts
A Payment Token is a “alternate identifier” that can be used in
place of a Personal Account Number (PAN) to initiate a payment
transaction
• Global and interoperable
• Compatible with existing
network routing
Enables new
• Compatible with existing
channels
payment technologies
(web, NFC, POS standards)
• Supports future payment
technologies
Interoperable
• Improved security
• Regulatory compliant
• Multiple Payment Tokens can
be attached to a single PAN
Global
Secure
Payment Tokens
Industry standard
and service
Minimizes
ecosystem
impact
Supports new participation
Payment Tokens - Token Attributes
•
Interoperable with BIN based account numbers / PANs – PAN / Account Number
Validation Rules, Security, Structure and Regulatory Obligations Remain Enforced
•
Distinct and identifiable in system – merchant, consumer device(s) and issuer
•
Able to support authentication by different entities and types (Issuer, Wallet, Merchant,
etc)
Tokens add
value to the
processing
environment
while
improving
visibility and
protecting
cardholder
information
Existing PAN / Account Number Structure
################
FI BIN Range –
BIN - Identifies FI
Various Use
Identifies Cardholder
New Token Structure
################
Identifies FI
Identifies Cardholder by PAN AND by Device AND by Merchant
The Big Announcement!
• iPhone 6 – 4.7” display
• iPhone 6 Plus – 5.5” display
• NFC!!!
• Apple Watch – with NFC!!!
• iOS 8
• And…….
Apple Pay Basics
• Latest addition to the mobile wallet landscape
leveraging NFC
• By Invitation-Only
• Security and Privacy at the core of Apple Pay
• Utilizes traditional payment rails preserving
interchange
• Requires tokenization
Apple Pay: What we know
Scope and
Timing
•
•
•
•
In-Store
Payments
Streamlined
online
payments
Available on
iPhone 6, 6
Plus, and
Apple Watch
in 2015
US Only in
October 2014
Apple’s
Motivation
and Value
Proposition
•
•
•
•
Replace
physical
wallet
Payments
will be
faster, more
secure, and
private
Apple’s has
46% of
market
5 -10%
terminals
are NFC
enabled
Payment
Accounts
•
•
•
Add from
iTune
account or
take a
picture of
card
Stored as a
token on
secure
element of
device
Use via
Passbook
app
Completing
Transactions
•
•
In-store:
contactless
NFC terminals
with Touch ID
authentication
In-App:
integrated via
the Apple Pay
API with Touch
ID
authentication
Data and
Security
•
•
Data stays
with
merchant
and financial
institution
Merchant
processes
token, not
card #
Announced Participants
Networks
Banks / Issuers
In store
Merchants
In App
Apple Pay and Payment Tokens
Why Does Apple Matter?
• Widespread consumer acceptance and usage
• 10 million devices sold in first 3 days!
• 800+ million iTunes accounts already on file
• Leverages existing payments ecosystem and preserves
interchange
• Improves payment security = reduces potential fraud
• Tokenization
• Secure Element (Device number associated with token)
• Touch ID authenticates device and card owner
Still to Come….. 2015 and beyond
What is your payments roadmap?
• Ensure your members can access their CU accounts from any
channel they choose!
• Start with implementing EMV
• Enroll your card programs in tokenization
• Get ready for the next generation of payments through mobile!
Questions???
Leanne Phelps
State Employees’ Credit Union
leanne.phelps@ncsecu.org
919-839-5134
Related documents
Paying with plastic - Ulster Bank MoneySense at Home
Paying with plastic - Ulster Bank MoneySense at Home
ppt
ppt
EMV chip n pin 2015 - DBC Payment Advisors
EMV chip n pin 2015 - DBC Payment Advisors
MasterCard & Visa - Memorial University of Newfoundland
MasterCard & Visa - Memorial University of Newfoundland
The Adoption of the EMV Standard in the U.S.
The Adoption of the EMV Standard in the U.S.
Chapter 12: Labor Forces
Chapter 12: Labor Forces
Security in a Mobile App World – A Payments Perspective
Security in a Mobile App World – A Payments Perspective
Immigration Proposals and Foreign Investment
Immigration Proposals and Foreign Investment
Download
advertisement