Embed Size (px)
Citation preview
NCR SECURITY - EMV
Shawn Phillips
NCR Confidential
Cool Stuff?
NCR Confidential
125 years of self-service innovation
Travel & Gaming
Retail & Hospitality
Entertainment
Total Savings
Check-in
Pay Bill 23 billion consumer self-service transactions processed globally using NCR products and services
Financial Services
NCR Confidential
ATM risk mitigation & fraud management
Cost Reduction
Intelligent Deposit &
Truncation Multivendor Strategies
Regulatory Compliance
Risk Mitigation Fraud
Management
ATM deployers need a multi layered risk management strategy that minimizes reputational damage and financial losses
Managing Operations Manage Cost & Control Risk
NCR Confidential
Skimming still top global ATM crime
Skimming still biggest global challenge 97% ATMs in Europe EMV compliant Skimming incidents up 3% but losses down 14% (EAST)
Fraud migration to non-EMV countries: US losses approaching $1 billion annually (Bankrate.com); average loss $50K (ABA)
NCR Confidential
So with EMV, what’s going to change?
Host
Software
Hardware
Consumer Cards
NCR Confidential
What does the ATM have to do?
• Establish that the card has a chip
• Select the application
• Read all the data from the card
• Perform checking, verification, risk management
• Generate Application Cryptogram value
• Send this to the host
EMV Transaction
NCR Confidential
What does the Host do?
• Validate cryptogram value
• Generate the response data (ARPC)
• Perform all the usual transaction authorization
• Send all this data back to the ATM
EMV Transaction
NCR Confidential
... and back to the ATM ..
• Performs External Authentication to check that the host is valid
• Completes the transaction, final decision is taken decline or approve
• Updates the ICC with Script data received by the host
EMV Transaction
NCR Confidential
Key areas of Focus - ‘To-do’ List
The Project Team • Multi-faceted project • Cards, switch, SW, HW • Begin assembling the team • Determine organizational need • Speak with MC and Visa Switch Processors • Speak with your account rep • Determine processor’s plans • Test plans • Certification plans • Brand approval dates
Card Issuing • Which applications on card? • Card spec – memory, futures? • Card management solutions • Dates and project milestones
Contactless – Card/Phone • Contactless – phone/POS only • ATM contactless definition does not exist
presently • May be defined ≈ 2015 kernel
ATM Hardware • Review your installed base • Motorized/Dip/Contactless • Order kit upgrades • Consider replacements • Determine Win7 vs XP impacts • May cause obsolescence
ATM Application Software • EMV kernel • Application updates • UA – Asset Scanning • Software distribution • SM&S – latest versions only Education • Cardholders & Merchants • Chip & • Dip & hold vs. dip & pull • PIN vs. Signature • Increased call volumes Marketing Planning • Mailers / Media ad placements • Decals • Point of sales
NCR Confidential
Ready for EMV ?
NCR can help
Not to be Underestimated
Are you aware ? Are you planning ? Are you prepared ?
Discovery and Awareness Architecture and Design Application development
NCR Confidential
EMV Consulting
Uncover requirements or gaps
Prioritized based on business value
- Findings report - Recommendations - Next Steps
Provide EMV education and training Evaluate current technical infrastructure
Understanding of EMV
• Creates or evaluates EMV plan • Determines gaps • Lead in delivery and systems integration
Short and long term recommendations
Data Gathering Discovery Prioritization
Recommendations and
Roadmap
Provide lessons learned from banks in Canada & Europe Determine gaps from EMV requirements
Prioritize technical changes need -Infrastructure changes - Card & payments applications - Key management systems - Standards
Provide comprehensive roadmap for technical changes - Infrastructure changes - Card & payments applications - Key management systems - Standards
NCR Confidential
Thank you!
