The Global Migration to EMV and What is Happening in the U.S....•Card schemes are committed •EMV affects more than the technology and also business processes and product design

The Global Migration to EMV and

What is Happening in the U.S.

Cartes North America, May 2014 – Las Vegas

Philip Andreae, Director, Field Marketing – Payment

Oberthur Technologies

OT: A world leader in secure technologies

2

Unique industry positioning:

• Trusted by over 2,500 financial institutions,

including many of the world’s largest banks

• 20+ years experience in personalization

services

• Selected by 400 mobile telephone

operators, including 7 of the world’s top 10

operators

• Selected by over 70 governments for

national IDs

• Contactless transport cards used in 5 of

the worlds major cities

• Leading supplier to 5 of the world’s top 8

digital TV CAS vendors

Convergence of applications

TRANSPORT

TELECOMMNOs & OEMs

PAYMENT

DIGITAL TV

IDENTITY

© Oberthur Technologies 2014

OT: Digital security and payment solutions

for the mobility space

( Paper ) ( Plastic ) ( Mobile ) ( Cloud )

OT’s core business for decades is to enable and secure emerging payments

From paper and plastic to digital money

3© Oberthur Technologies 2014

A WALK THROUGH TIME

• EMV was designed to assure global interoperability

• Each country moving at their own pace towards a common solution

• Capable of providing Authentication, Verification and Authorization

• With Future Proof Technology to address Fraud, Integrity and Security


Payment Card Security Requirements are Simple

Multifactor Authentication

Fraud protection and flexibility

Something you know (a secret)

PIN: 4785

Something you are (biometric)

Something you have (a device)

THE TECHNOLOGY WAS PROVEN

• 1984 French Banks elected to implement smart cards

• Carte Bancaire develop chip application –B0’

• Merchants receive government incentives

• Cardholders used PIN for both credit and debit

• By 1995 domestic fraud down to 0.02%

6

1984-1995: The French experiment


The Integrated Circuit Card is the Future Proof Solution

• 1991 ECPS determined the ICC is the solution to assure the authenticity of the payment card

• An ISO 7011 ID1 card with an embedded computer chip containing a microcomputer

• 1976 a calculator in your card

• 1996 an IBM PC in your pocket

• Today the same technology in a mobile phone, a personal computer or the Internet

• Visa, MasterCard and Europay where independently working on Chip Card specifications

Global interoperability the goal

ECPS = European Council for Payment Systems


1968 1978 1991 1998 2004 2006

1974 1984 1997 2003 2005 2008

German patent for plastic as carrier for microchip acquired

First NFC chip specifications established

First e-passport issued

UK: First country to commit to EMV

ETSI GSM SIM specification established

Miniaturization of electronics proven

LTE standard finalized

U.S. Government

published PIV specifications

ICAO issued first e-passport

specifications

Philips’ first dual interface

card

French banking pilot

begins

Roland Moreno

Smart card patented

The integrated circuit card: The global answer

to counterfeit and lost and stolen fraud


2011

Canada liability shift

2014

U.S. debit resolved

DECEMBER 1993

THE HILTON AT O’HARE

Europay, MasterCard and Visa met shared specifications agreed to guiding principles and set out to develop the Integrated Circuit Card Specification for Payment Systems


A secure physical token

at every point of interaction


In ChipOn Host

Integrated Circuits CardsDesigned to be future proof:• Based on a stable standard• Built on evolving technologies

Offline by TerminalOnline on Issuer Host

Online 0 Floor LimitHost Authorized

OfflineIssuer Defined Card Risk

Management Parameters

“What You Have”

Authentication

“What You Know”

Verification

“You Have the Funds”

Authorization

EMV:

Multi-Application: The dream

Coupons

Parking Cards

Fitness Club

Library Card

Coupons

Membership

Points

Rewards

Coupons

Discounts

Punch Card

Credit

Debit

Prepaid

Tickets

Boarding Pass

Frequent Flyer

VIP - Security

Passport

Drivers License

Government ID

Corporate ID

Pharmacology

Emergency Data:

Blood type, Donor

Status, Allergies

Physician’s Details

Health Insurance Data

Credentials

Access/Rights

vCard

Clothing Sizes

Favorites

Key uses: Authentication, Data Storage, eValue, Identification, and Security

TransitPSE ServicesID Loyalty ProfileHealth

Let’s Consolidate All Cards Onto One Card or into a Mobile Wallet


EMV defined application selection:

Issuer control & consumer choice


Insert Card

into Reader

Answer to reset

Select AID(s)Typically Associated with Payment Brand

Develop Candidate AID List

Consumer Selection

Same Brand and Bank1. Personal Credit Card2. Corporate Credit Card3. Family Debit Card4. Personal Debit Card

Enter 1, 2, 3 or 4To select payment method?

• EMV is being deployed globally

• 2.300+ Billion EMV cards deployed

• 37 Million EMV terminals deployed

• Card schemes are committed

• EMV affects more than the technology and also business processes and product design

• Most organizations do not have appropriate depth of knowledge, and skills are in short supply

• Key is the relationship card, and creating sticky relationships for profit

The future is for those that can offer me “My Card”

13

EMV and chip cards:

More Than a Technology


EMVCO

Managed by the Six International Payment Schemes

American Express, Discover, MasterCard Union Pay and Visa


1999: The Founders created EMVCo

Technical standards body managing and enhancing the EMV Specification to meet the needs of stakeholders.


ISO Specifications

• ISO 7816 – Smart Card

• Part 1: Physical characteristics

• Part 2: Cards with contacts – Dimensions and location of the contacts

• Part 3: Cards with contacts – Electrical interface and transmission protocols

• Part 4: Organization, security and commands for interchange

• ISO 14443 – Contactless

• Part 1: Physical characteristics

• Part 2: Radio frequency power and signal interface

• Part 3: Initialization and anti-collision

• Part 4: Transmission protocol

EMVCo Specifications

• EMV Version 4.3 – Contact

• Book 1: Application independent ICC to terminal interface requirements

• Book 2: Security and key management

• Book 3: Application specification

• Book 4: Cardholder, attendant and acquirer interface requirements

• EMV Version 2.3 – Contactless

• Book A: Architecture and general requirements

• Book B: Entry point specification

• Books C1-6: Kernel specifications

• Book D: Communications protocol


The standards and specifications are stable

Chip Cards like computers, mobile phones

and the Internet grow in power and shrink in size


EMV is agnostic to the location of the Secure Element :

Plastic / Mobile / Cloud

18

EMV Chip Card

Host Card Emulation (HCE)

Secure Element (SE)in the Cloud

Hardware Secure Element (SE)

OT trusted by 2,000+ Financial Institutions

The EMV Sensitive Data includes: Secret keys, payment credentials

Plastic SE

Mobile SE

Cloud SE


EMVCo

• Managing EMV specifications:

• Contact

• Contactless

• Tokenization

• Manages type approval:

• Readers and Terminals

• CPA cards

• Security evaluation of IC chips

• Monitor market interoperability

Global, Regional and

Domestic Payment Systems

• Product development

• EMV mandates

• Commercial incentives (e.g. Interchange)

• Fraud liability shift policy

• Issuer and acquirer related policies

EMVCo provides cross industry alignment while payment

systems define competitive offerings


1998: The world began the migration to EMV

Countries where EMV Deployment > 50%

Countries migrating to EMV

Countries not migrating yet

America’s Less U.S.

Cards: 54.2%POS: 84.7%

EuropeCards: 81.6%POS: 99.9%

MEACards: 38.9%POS: 86.3%

AsiaPacCards: 17.4%POS: 71.7%

Russia and CISCards: 24.4%POS: 84.7%

Source: EMVCo Q4 2013 figuresIncludes Amex, JCB, MasterCard and Visa data


THE WORLD IS MIGRATING TO EMV



Global interoperability is the goal

In 1994 the Boards of the International Payment systems Agreed EMV was the answer

• The goal:

• Assure global interoperability

• Mitigate fraud

• Implement a future proof technology

• Each country would determine when they would migrate

The magnetic stripe and other security feature Would be retained to assure backward compatibility

The First Migration:

The United Kingdom


24

Why did they decide?

Circa 2005 in Calgary, Canada

For Canada, the time had come

• The globe was migrating to EMV

• Fraud was migrating from Australia and Europe to Canada

• June 2003: Visa Canada announced its plans to migrate to chip

• January 8 2005, CTV W-5 documented the reality of debit card fraud

• October 2005: Interac issued schedule for chip

• American Express, MasterCard and JCB agreed to support the Canadian migration to chip

• 2007: Kitchener Waterloo Pilot was established to assure technical interoperability and consumer and merchants messaging worked

• The fraud results are as expected and Canada is now introducing NFC and mobile payments based on EMV



Fraud Migration is Real

Global Interoperability Is the Answer

For the USA the Time Has Come

• August 2011 Visa Inc. announced its roadmap

• June 2012 American Express, MasterCard and Discover agreed to roadmap

• April 2013 Acquirers and Processors must support EMV transactions

• July 2013 Judge Leon put the US Migration to EMV on hold

• December 2013: Counterfeit and Card Fraud made the Front Page

• March 2014 the Court of Appeal resolves the Debit Conundrum

• October 2015 Liability Shifts

• Liability is the responsibility of the Party not protecting the transaction

• Liability remains the Issuer’s if merchant upgrades to EMV

• October 2017 Liability shifts for Automated Fuel Dispensers AFD

DURBIN IN CONTEXT

An Industry Seeking Answers

Issuer

• Sought higher interchange fee income

• Offered signature debit MasterCard or Visa branded on the face of the card

• Selected PIN debit network based on commercial arrangement and regional ATM and POS coverage

Merchant/Acquirer

• Fought the rising cost of Interchange

• If PIN debit was of interest procured PIN capable POS device

• If they supported signature and PIN debit consumer offered the option “like credit” or “as debit”

The debit conundrum

Challenge:

• In EMV the AID is the equivalent of the Payment Brands Logo

• The consumer sees the card as a method of using funds in their checking account

• The consumer does not understand the different Debit Brands and Networks

• EMV assumed a single CVM list per AID


AID – Application Identifier

• The AID is the name of the directory in the chip

that contains the keys, certificates, parameter,

counters and identifies the “application”

• The AID are registered by the payment networks:

RID PIX• Visa (credit or debit) A000000003 1010

Visa Electron A000000003 2010 Visa Interlink A000000003 3010 US Common Debit A000000098 0840

• MasterCard A000000004 1010Maestro Int’l A000000004 3060US Maestro A000000004 2203

• Amex A000000025 01XX

• JCB A000000065 1010

• Discover A000000324 1010

• DNA Common Debit A000000XXX XXXX

Application

• The Payment Networks’ Card and Terminal

specifications defines of the software required in

the card and how the terminal will employ the

EMV tool kit

• Each Payment Network has invested in in

defining, maintaining and certifying

implementations of their specifications

• MasterCard – Mchip

• Visa – VIS

• Discover - D-Pas

• Amex – AEIPS

• The Visa and MasterCard specification define

methods of sharing data between two or more

AIDs to support US Debit requirements

• Card and terminal vendors develop and request

type approval of their products

Multi- Access and Multi-Application


EMV defined application selection:

Issuer control & consumer choice

29© Oberthur Technologies – 2014

Insert Card

into Reader

Answer to reset

Select AID(s)Typically Associated with Payment Brand

Develop Candidate AID ListThe Debit Conundrum

Consumer Selection

US Debit Card One Account

1. Visa or MasterCard2. Star3. Shazam4. Alaska Options

US Debit Card One Account

1. Visa or MasterCard2. US Debit

Enter 1 or 2To select payment method?

April 30th 2014 The EMV Migration Forum Published April 2014“U.S. Debit EMV Technical Proposal”

• Each Debit network must license or develop an EMV application

• EMV specifications

• Visa and MasterCard just published their U.S. Debit specs

• Debit Networks must upgrade network and OBO services to support field 55 and authentication

• Merchants, acquirers, POS vendors and processors must implement a Durbin compliant debit solution

• Merchant interface and terminals must be certified for EMV


Much work still to do

Debit Conundrum

Score Card Owner

Master

Card Visa

AFFN

Alaska Option

Allpoint

ATH

Cirrus MasterCard done done

CU-24 done

Interlink Visa done done

Jeanie Vantiv

Maestro MasterCard done done

Money Pass

Nets

NYCE FIS done

Plus Visa done done

Presto

Pulse Discover done

Shazam done

Star First Data done done

The Co-op Done

The Exchange/Accel Fiserv done done

• Debit card migration has begun

• Merchants are investing on the POS side

• Credit card migration is moving and accelerating

• As Issuers issue EMV cards we are seeing a “me to affect”

• Washington is actively investigating and learning about EMV

• OT is investing to assure chip manufacturing and perso capacity

• Consumers are aware of EMV and asking for higher levels of security

• Since 2011 OT has produced 30 million cards – 25% in the last Quarter

• India and China Are migrating too

• OT advises Issuers reserve capacity for EMV cards

The time is now


Philip AndreaeDirector Field Marketing

[email protected]+1 404 680 9640

mailto:[email protected]

Documents

The Global Migration to EMV and What is Happening in the U.S....•Card schemes are committed •EMV affects more than the technology and also business processes and product design