Upload
others
View
37
Download
1
Embed Size (px)
Citation preview
November 28th, 2018
How to Participate in EMV 3-D Secure & Increase Your CNP Approvals
AUTHENTICATION WEBINAR SERIES
Proprietary & Confidential
©20
18 M
aste
rcar
d. P
ropr
ieta
ry a
nd C
onfi
dent
ial.
Today’s Speakers
Director, North America Product Management, Mastercard
Patrick Kelly
SVP, Global Commercialization, Mastercard
Seckin YilgorenVP, Product, Mastercard
Craig Gilbert
©20
18 M
aste
rcar
d. P
ropr
ieta
ry a
nd C
onfi
dent
ial.
q Introduction to EMV 3-D Secure & Mastercard Identity Check
q Benefits of participating
q User Experience Demo
q How Mastercard can help enable you
q Enhancements to Mastercard 3-D Secure Construct & Program
q Next steps to implement EMV 3-D Secure for your business
q Mastercard Identity Check Program Roadmap
Agenda
©20
18 M
aste
rcar
d. P
ropr
ieta
ry a
nd C
onfi
dent
ial.
EMV3DS“ 3DS 2.0 ”
A new industry standard used to check a consumer’s identity on digital payment transactions
Mastercard’s implementation of EMV 3DSA simple and secure way to verify a consumer’s identity in real-time during a digital payment transaction
©20
18 M
aste
rcar
d. P
ropr
ieta
ry a
nd C
onfi
dent
ial.
5
©20
18 M
aste
rcar
d. P
ropr
ieta
ry a
nd C
onfi
dent
ial.
3DS 1.0 Standards
3DS 2.0Standards Benefits of 3DS 2.0
AUTHENTICATION METHOD
Static passwords & security questions
Eliminates static passwords for stronger two-factor authentication e.g., risk based,
one time password, biometrics etc. • Greater security
• Greater convenience
INTERFACES Bowser dependent Supports different payment channelse.g., in-app, IoT, browser, etc.
• Better UX • Wider applications
• Great control by the merchant
DATA Only 15 data elements available
Enables 10X more data to be exchanged
• Increased accuracy• Improved decisioning
USE CASES Supports guest check-out only
Supports guest checkout with additional use cases, e.g., provisioning of Card on File, wallets, tokenization,
etc.
• Expanded use• Greater security
DECISIONING Merchants bound by issuer decisioning
Enhances decisioning by increased merchant flow of data
• Greater flexibility
What is changing with EMV 3-D Secure (2.0)?
Global Activation: November 6th, 2018
©20
18 M
aste
rcar
d. P
ropr
ieta
ry a
nd C
onfi
dent
ial.
Acquirer BIN
Acquirer Merchant ID
Cardholder Account Number
DS URL
Message, Extension, Version
Acquirer BIN
Acquirer Merchant ID
Card Expiry Date
Cardholder Account Number
DS URL
Merchant Country Code
Message Category, Extension, Type, Version
Purchase Amount, Currency, Date & Time
Recurring Expiry, Frequency
More than 10 X Data
Browser User-Agent
Browser User-Agent
IP address
Browser Time Zone
Cardholder Email Address, Home Phone Number, Mobile Phone Number, Work Phone Number
Cardholder Name
SDK App ID, SDK Encrypted Data, Ephemeral Public Key
SDK Reference Number, SDK Transaction ID
3DS Requestor URL
Browser Accept Headers
Cardholder Account Information (Account Age,
Change, Password Change, Number of Transactions per Day /
Year, Shipping Name Indicator, Suspicious Activity, Payment
Account Age etc.)
Cardholder Account Identifier, Billing Address
Cardholder Shipping Address
Transaction Type
Account Type
Browser Time Zone
DS Reference Number, Transaction ID
EMV Payment Token Indicator
Purchase Date & Time
Recurring Expiry, Frequency
3DS Server Reference Number, Operator ID, Transaction ID, URL
Address Match Indicator
Device Channel, Device Information, Rendering Options
Supported
Message Category, Type
Merchant Name
Merchant Country Code
Merchant Category Code
Merchant Risk Indicator (Delivery Timeframe, Re-order, Pre-order, Gift Card)
3DS Requestor Authentication Information (Method), Challenge Indicator, ID, Initiated Indicator
3DS Requestor Name, Non-payment Indicator, Prior Transaction Authentication information
Instalment Payment Data
Browser Java Enabled, Language, Screen Color Depth, Height, Width
3DS 1.0 Data (Initial Message – VEReq) 3DS 2.0 Data (Initial Message – AReq)
How much more data & insights are leveraged in 3DS 2.0 versus 3DS 1.0?
©20
18 M
aste
rcar
d. P
ropr
ieta
ry a
nd C
onfi
dent
ial.
7MARCH 20, 2018
Free from onerous authentication steps
PLAY DEMO
How is the user experience?
©20
18 M
aste
rcar
d. P
ropr
ieta
ry a
nd C
onfi
dent
ial.
8
Mastercard’s Full Product Suite Enhances 3DS 2.0
Merchant Issuer
3DS Server Provider
Access Control Server
Mastercard Directory Server & Program Enhancements
RBA Services
2
3
NuData 3DS
Identity Check Mobile
Digital Transaction
Insights
Data Only Payment Authentication Digital Transition Insights
1
4
©20
18 M
aste
rcar
d. P
ropr
ieta
ry a
nd C
onfi
dent
ial.
9
Mastercard provides the ecosystem with greater choice to optimize the usage of EMV 3DS
Payment Authentication
Data Only
3DS 2.0 Use Case
FrictionlessExperience
Influence Issuer Approval Decision
No Transaction Latency
Liability Shift Real-time Mastercard Risk
Assessment
©20
18 M
aste
rcar
d. P
ropr
ieta
ry a
nd C
onfi
dent
ial.
10
Issuers will receive Digital Transaction Insights for 3DS 2.0 Authentication & Data Only transactions from merchants
Cardholder positive transaction history
Known device with positive association with cardholder
Typical geolocation and IP, behavioral and transaction pattern
Shipping address has been used with the PAN and is the same as last transaction
Suspicious Account Activity
Unknown device with no association with presented cardholder data
Recent High Risk change to Device or Profile Information
PAN associated with fraud event
O
PJ
1
Reason Code Examples:
N
A
B
DF
©20
18 M
aste
rcar
d. P
ropr
ieta
ry a
nd C
onfi
dent
ial.
11
Program Enhancements to 3DS 2.0 Construct
NEW Cryptogram
Authorization Data Elements
What is it?The Accountholder Authentication Value (AAV) provides evidentiary support of authentication.The AAV is getting an upgrade to become more simplified and useful.
What is it? The “Transaction ID” is a unique identifier generated for each 3DS 2.0 authentication request. The “Protocol ID” indicates if a merchant requested 3DS 1.0 or 3DS 2.0 authentication
Who does it impact?Issuers and ACSs
Who does it impact?Acquirers & Issuers
2
Network Monitoring
What is it? Ceiling on fully authenticated fraud level
Minimum approval level on fully authenticated transactions
Authentication value (cryptogram) required for all transactions
Who does it impact?Merchants & Issuers
©20
18 M
aste
rcar
d. P
ropr
ieta
ry a
nd C
onfi
dent
ial.
1 2 3 4
Stand-In RBA responds to merchant initiated authentication requests when issuer is not able to respond
• Data (Device, Cardholder, Transaction Details) sent to the Mastercard Authentication Network
• Mastercard generates RBAanalysis and score
• Cardholder initiates e-commerce transaction
• Merchant environment collects rich 3DS 2.0 data
• Mastercard Stand-In RBA determines authentication response for 3 Issuer scenarios
• Issuer Card Range not enrolled
• ACS does not respond
• ACS is unable to authenticate
• RBA Scoring Output:
• Low Risk = Fully Authenticated AAV
• Non-Low Risk = Merchant Only Authentication (Attempts)
12
3
©20
18 M
aste
rcar
d. P
ropr
ieta
ry a
nd C
onfi
dent
ial.
*= Component requires EMVCo certification
3DS Server*
• Supports 3-D Secure authentication for all payment networks
• Flexible Suite of APIs for merchants, acquirers and/or PSPs to integrate
1
2
Supports authentication all Payment flows
• Brower
• Mobile
3DS Server
1
2
4Mastercard 3DS 2.0 Solutions for
Merchants, Acquirers & PSPs
©20
18 M
aste
rcar
d. P
ropr
ieta
ry a
nd C
onfi
dent
ial.
3DS 2.0 Increases Approval Rates & Decreases Fraud
14
+5%Increase in approvals when transactions are fully authenticated1
<8BPSLower digital fraud when dynamic authentication is used2
Global ResultsIncrease Approvals
Reduce Fraud
1. MASTERCARD. Q1 - Q3 2016 DATA, ACROSS ALL CARD TYPES. 2016. 2. MASTERCARD. SECURECODE CARDHOLDER VERIFICATION METHOD (CVM) FRAUD STUDY. 2013.
*Contact your Mastercard representative to engage in a quantification effort specific to your business.
APPROVALS RATES Q4 2017
Case Study
0.6713.01
Cineplex 3DS Txns Canada All eCommTxns
NET FRAUD BPS Q4 2017
85%
97%
Canada All eCommTrxns
Cineplex 3DS trxns
©20
18 M
aste
rcar
d. P
ropr
ieta
ry a
nd C
onfi
dent
ial.
15
100+ customers
enrolled globally
Thousand of transactions
processed
Global availability in Nov ‘18
3DS 2.0 & Identity Check Rollout is Underway
Merchants and Issuers live in US &
Europe
©20
18 M
aste
rcar
d. P
ropr
ieta
ry a
nd C
onfi
dent
ial.
16MARCH 20, 2018
3DS 2.0 Early Adopter Program Learnings
EMV 3-D Secure processing time is 2x-3x faster than former standard
Merchant must ensure that EMV 3-D Secure data is formatted correctly and present when “conditional” per the EMVco Specification
Merchants, Acquirers and PSPs need to make sure that the authentication data is passed successfully in payment authorization (Account Authentication Value and Security Level indicator)
©20
18 M
aste
rcar
d. P
ropr
ieta
ry a
nd C
onfi
dent
ial.
18. Q4 19.Q1 19.Q2 19.Q3 19.Q4
2018 2019
December Identity Check Program Compliance (All)
NovemberIdentity Check / 3DS 2.0Activation (All)
NovemberStand-In RBA service Launch (Issuers)
Mastercard Identity Check Program: Roadmap
July Compliance monitoring for Directory Transaction ID & Protocol ID (Acquirers)
DecemberMastercard Payment Gateway and NuData to offer 3DS 2.0 (Merchants/PSPs)
December 3DS 2.0 Cryptogram requirement (Issuers and ACS)
December Early Adopter Program concludes
©20
18 M
aste
rcar
d. P
ropr
ieta
ry a
nd C
onfi
dent
ial.
18
AUTHENTICATION WEBINAR SERIES
Thank You! Please contact Patrick for any additional information
Webinar Recording & Deck will be Sent Out to All Participants
Patrick Kelly
©20
18 M
aste
rcar
d. P
ropr
ieta
ry a
nd C
onfi
dent
ial.
19
Acquirer
What Acquirers need to do to be ready for the next generation of 3-D Secure (EMV 3-D Secure) WHAT YOU CAN DO NOW
ü Review documentation, Identity Check Program and Requirements on Authentication Network Information Center via MC Connect
ü Register for Identity Check Programü Ensure Acquirer authorization system is updated to support
new Identity Check data elements (Transaction ID & Protocol ID)
ü Partner with Mastercard to quantify value and ROI for merchant to use EMV 3DS
Access Authentication Network Information Center (MC Connect):ü Access Authentication Network
Information Center on MC Connect
ü Acquire, 3DS Server Provider and Merchant Onboarding Guide
ü SPA 2 Technician Guideü EMV 3DS FAQ
©20
18 M
aste
rcar
d. P
ropr
ieta
ry a
nd C
onfi
dent
ial.
20
Issuers
What Issuers need to do to be ready for the next generation of 3-D Secure (EMV 3-D Secure)
WHAT YOU CAN DO NOWü Register in Identity Check Program platform (MC Connect)ü Enroll portfolios in Identity Check Program in Identity Solution
Service Management application (MC Connect)üUtilize Mastercard Stand-In RBA service (no action)ü Register ACS as a service provider with Mastercard ü Select Identity Check compliant challenge method, this is
optional (OTP, Biometrics)ü Initiate project with ACS provider to support new SPA 2
Account Authentication Value (AAV)ü Ensure processor supports authorization logic for Digital
Transaction insights (Data Element 48 Sub element 56)
Access Authentication Network Information Center (MC Connect):ü Issuer, Service Providers,
Operator and Processor Onboarding Guide
ü Utilize checklist in Onboarding guide
ü SPA 2 Technician Guideü EMV 3DS FAQ
©20
18 M
aste
rcar
d. P
ropr
ieta
ry a
nd C
onfi
dent
ial.
21
Merchants
What Merchants need to do to be ready for the next generation of 3-D Secure (EMV 3-D Secure)
WHAT YOU CAN DO NOWü Select and integrate with 3DS authentication
environment via an 3DS Service Provider üDefine thresholds for 3DS Authentication and ensure all
EMV 3DS data elements can be passed ü Register on the Identity Check Program via Acquirer ü Ensure Acquirer authorization system is updated to support
EMV 3DS authentication requirements (Secure Payment Authentication 2 (SPA) AAV)
ü Review branding, onboarding, and program requirements
Access Authentication Network Information Center (MC Connect):ü Acquire, 3DS Server
Provider and Merchant Onboarding Guide
ü EMV 3DS FAQ
©20
18 M
aste
rcar
d. P
ropr
ieta
ry a
nd C
onfi
dent
ial.
Future Use Case #3 : Recurring Payments – For e.g. Subscription with possibly variable amount, variable frequency, combined with one-time purchase, with fixed threshold.
Payee Payer3DS for $20 $201
Authentication Authorization Clearing
$25
$20
23
3RI for $20 $20
3RI for $25 $25$20
Use Case #1: Partial/ Split Shipment – For e.g. Ordered products are not all available at the same time. The Merchant decides to ship separately.
Payee Payer3DS for $550 $5501
Authentication Authorization Clearing
$350$200
23
Use Case #2: Aggregator model – For e.g. Market places (e.g. Expedia) managing multiple merchants like combined travel booking of airline, hotel and car rental).
Payee Payer3DS for $800$600
1
Authentication Authorization Clearing
$200$600
23 $200
Payment Use-Cases