Upload
others
View
7
Download
0
Embed Size (px)
Citation preview
The Global Migration to EMV and
What is Happening in the U.S.
Cartes North America, May 2014 – Las Vegas
Philip Andreae, Director, Field Marketing – Payment
Oberthur Technologies
OT: A world leader in secure technologies
2
Unique industry positioning:
• Trusted by over 2,500 financial institutions,
including many of the world’s largest banks
• 20+ years experience in personalization
services
• Selected by 400 mobile telephone
operators, including 7 of the world’s top 10
operators
• Selected by over 70 governments for
national IDs
• Contactless transport cards used in 5 of
the worlds major cities
• Leading supplier to 5 of the world’s top 8
digital TV CAS vendors
Convergence of applications
TRANSPORT
TELECOMMNOs & OEMs
PAYMENT
DIGITAL TV
IDENTITY
© Oberthur Technologies 2014
OT: Digital security and payment solutions
for the mobility space
( Paper ) ( Plastic ) ( Mobile ) ( Cloud )
OT’s core business for decades is to enable and secure emerging payments
From paper and plastic to digital money
3© Oberthur Technologies 2014
A WALK THROUGH TIME
• EMV was designed to assure global interoperability
• Each country moving at their own pace towards a common solution
• Capable of providing Authentication, Verification and Authorization
• With Future Proof Technology to address Fraud, Integrity and Security
5© Oberthur Technologies 2014
Payment Card Security Requirements are Simple
Multifactor Authentication
Fraud protection and flexibility
Something you know (a secret)
PIN: 4785
Something you are (biometric)
Something you have (a device)
THE TECHNOLOGY WAS PROVEN
• 1984 French Banks elected to implement smart cards
• Carte Bancaire develop chip application –B0’
• Merchants receive government incentives
• Cardholders used PIN for both credit and debit
• By 1995 domestic fraud down to 0.02%
6
1984-1995: The French experiment
© Oberthur Technologies 2014
The Integrated Circuit Card is the Future Proof Solution
• 1991 ECPS determined the ICC is the solution to assure the authenticity of the payment card
• An ISO 7011 ID1 card with an embedded computer chip containing a microcomputer
• 1976 a calculator in your card
• 1996 an IBM PC in your pocket
• Today the same technology in a mobile phone, a personal computer or the Internet
• Visa, MasterCard and Europay where independently working on Chip Card specifications
Global interoperability the goal
ECPS = European Council for Payment Systems
7© Oberthur Technologies 2014
1968 1978 1991 1998 2004 2006
1974 1984 1997 2003 2005 2008
German patent for plastic as carrier for microchip acquired
First NFC chip specifications established
First e-passport issued
UK: First country to commit to EMV
ETSI GSM SIM specification established
Miniaturization of electronics proven
LTE standard finalized
U.S. Government
published PIV specifications
ICAO issued first e-passport
specifications
Philips’ first dual interface
card
French banking pilot
begins
Roland Moreno
Smart card patented
The integrated circuit card: The global answer
to counterfeit and lost and stolen fraud
8© Oberthur Technologies 2014
2011
Canada liability shift
2014
U.S. debit resolved
DECEMBER 1993
THE HILTON AT O’HARE
Europay, MasterCard and Visa met shared specifications agreed to guiding principles and set out to develop the Integrated Circuit Card Specification for Payment Systems
9© Oberthur Technologies 2014
A secure physical token
at every point of interaction
10© Oberthur Technologies 2014
In ChipOn Host
Integrated Circuits CardsDesigned to be future proof:• Based on a stable standard• Built on evolving technologies
Offline by TerminalOnline on Issuer Host
Online 0 Floor LimitHost Authorized
OfflineIssuer Defined Card Risk
Management Parameters
“What You Have”
Authentication
“What You Know”
Verification
“You Have the Funds”
Authorization
EMV:
Multi-Application: The dream
Coupons
Parking Cards
Fitness Club
Library Card
Coupons
Membership
Points
Rewards
Coupons
Discounts
Punch Card
Credit
Debit
Prepaid
Tickets
Boarding Pass
Frequent Flyer
VIP - Security
Passport
Drivers License
Government ID
Corporate ID
Pharmacology
Emergency Data:
Blood type, Donor
Status, Allergies
Physician’s Details
Health Insurance Data
Credentials
Access/Rights
vCard
Clothing Sizes
Favorites
Key uses: Authentication, Data Storage, eValue, Identification, and Security
TransitPSE ServicesID Loyalty ProfileHealth
Let’s Consolidate All Cards Onto One Card or into a Mobile Wallet
11© Oberthur Technologies 2014
EMV defined application selection:
Issuer control & consumer choice
12© Oberthur Technologies 2014
Insert Card
into Reader
Answer to reset
Select AID(s)Typically Associated with Payment Brand
Develop Candidate AID List
Consumer Selection
Same Brand and Bank1. Personal Credit Card2. Corporate Credit Card3. Family Debit Card4. Personal Debit Card
Enter 1, 2, 3 or 4To select payment method?
• EMV is being deployed globally
• 2.300+ Billion EMV cards deployed
• 37 Million EMV terminals deployed
• Card schemes are committed
• EMV affects more than the technology and also business processes and product design
• Most organizations do not have appropriate depth of knowledge, and skills are in short supply
• Key is the relationship card, and creating sticky relationships for profit
The future is for those that can offer me “My Card”
13
EMV and chip cards:
More Than a Technology
© Oberthur Technologies 2014
EMVCO
Managed by the Six International Payment Schemes
American Express, Discover, MasterCard Union Pay and Visa
14© Oberthur Technologies 2014
1999: The Founders created EMVCo
Technical standards body managing and enhancing the EMV Specification to meet the needs of stakeholders.
15© Oberthur Technologies 2014
ISO Specifications
• ISO 7816 – Smart Card
• Part 1: Physical characteristics
• Part 2: Cards with contacts – Dimensions and location of the contacts
• Part 3: Cards with contacts – Electrical interface and transmission protocols
• Part 4: Organization, security and commands for interchange
• ISO 14443 – Contactless
• Part 1: Physical characteristics
• Part 2: Radio frequency power and signal interface
• Part 3: Initialization and anti-collision
• Part 4: Transmission protocol
EMVCo Specifications
• EMV Version 4.3 – Contact
• Book 1: Application independent ICC to terminal interface requirements
• Book 2: Security and key management
• Book 3: Application specification
• Book 4: Cardholder, attendant and acquirer interface requirements
• EMV Version 2.3 – Contactless
• Book A: Architecture and general requirements
• Book B: Entry point specification
• Books C1-6: Kernel specifications
• Book D: Communications protocol
16© Oberthur Technologies 2014
The standards and specifications are stable
Chip Cards like computers, mobile phones
and the Internet grow in power and shrink in size
17© Oberthur Technologies 2014
EMV is agnostic to the location of the Secure Element :
Plastic / Mobile / Cloud
18
EMV Chip Card
Host Card Emulation (HCE)
Secure Element (SE)in the Cloud
Hardware Secure Element (SE)
OT trusted by 2,000+ Financial Institutions
The EMV Sensitive Data includes: Secret keys, payment credentials
Plastic SE
Mobile SE
Cloud SE
© Oberthur Technologies 2014
EMVCo
• Managing EMV specifications:
• Contact
• Contactless
• Tokenization
• Manages type approval:
• Readers and Terminals
• CPA cards
• Security evaluation of IC chips
• Monitor market interoperability
Global, Regional and
Domestic Payment Systems
• Product development
• EMV mandates
• Commercial incentives (e.g. Interchange)
• Fraud liability shift policy
• Issuer and acquirer related policies
EMVCo provides cross industry alignment while payment
systems define competitive offerings
19© Oberthur Technologies 2014
1998: The world began the migration to EMV
Countries where EMV Deployment > 50%
Countries migrating to EMV
Countries not migrating yet
America’s Less U.S.
Cards: 54.2%POS: 84.7%
EuropeCards: 81.6%POS: 99.9%
MEACards: 38.9%POS: 86.3%
AsiaPacCards: 17.4%POS: 71.7%
Russia and CISCards: 24.4%POS: 84.7%
Source: EMVCo Q4 2013 figuresIncludes Amex, JCB, MasterCard and Visa data
20© Oberthur Technologies 2014
THE WORLD IS MIGRATING TO EMV
21© Oberthur Technologies 2014
22© Oberthur Technologies 2014
Global interoperability is the goal
In 1994 the Boards of the International Payment systems Agreed EMV was the answer
• The goal:
• Assure global interoperability
• Mitigate fraud
• Implement a future proof technology
• Each country would determine when they would migrate
The magnetic stripe and other security feature Would be retained to assure backward compatibility
The First Migration:
The United Kingdom
23© Oberthur Technologies 2014
24
Why did they decide?
Circa 2005 in Calgary, Canada
For Canada, the time had come
• The globe was migrating to EMV
• Fraud was migrating from Australia and Europe to Canada
• June 2003: Visa Canada announced its plans to migrate to chip
• January 8 2005, CTV W-5 documented the reality of debit card fraud
• October 2005: Interac issued schedule for chip
• American Express, MasterCard and JCB agreed to support the Canadian migration to chip
• 2007: Kitchener Waterloo Pilot was established to assure technical interoperability and consumer and merchants messaging worked
• The fraud results are as expected and Canada is now introducing NFC and mobile payments based on EMV
© Oberthur Technologies 2014
25© Oberthur Technologies 2014
Fraud Migration is Real
Global Interoperability Is the Answer
For the USA the Time Has Come
• August 2011 Visa Inc. announced its roadmap
• June 2012 American Express, MasterCard and Discover agreed to roadmap
• April 2013 Acquirers and Processors must support EMV transactions
• July 2013 Judge Leon put the US Migration to EMV on hold
• December 2013: Counterfeit and Card Fraud made the Front Page
• March 2014 the Court of Appeal resolves the Debit Conundrum
• October 2015 Liability Shifts
• Liability is the responsibility of the Party not protecting the transaction
• Liability remains the Issuer’s if merchant upgrades to EMV
• October 2017 Liability shifts for Automated Fuel Dispensers AFD
DURBIN IN CONTEXT
An Industry Seeking Answers
Issuer
• Sought higher interchange fee income
• Offered signature debit MasterCard or Visa branded on the face of the card
• Selected PIN debit network based on commercial arrangement and regional ATM and POS coverage
Merchant/Acquirer
• Fought the rising cost of Interchange
• If PIN debit was of interest procured PIN capable POS device
• If they supported signature and PIN debit consumer offered the option “like credit” or “as debit”
The debit conundrum
Challenge:
• In EMV the AID is the equivalent of the Payment Brands Logo
• The consumer sees the card as a method of using funds in their checking account
• The consumer does not understand the different Debit Brands and Networks
• EMV assumed a single CVM list per AID
27© Oberthur Technologies 2014
AID – Application Identifier
• The AID is the name of the directory in the chip
that contains the keys, certificates, parameter,
counters and identifies the “application”
• The AID are registered by the payment networks:
RID PIX• Visa (credit or debit) A000000003 1010
Visa Electron A000000003 2010 Visa Interlink A000000003 3010 US Common Debit A000000098 0840
• MasterCard A000000004 1010Maestro Int’l A000000004 3060US Maestro A000000004 2203
• Amex A000000025 01XX
• JCB A000000065 1010
• Discover A000000324 1010
• DNA Common Debit A000000XXX XXXX
Application
• The Payment Networks’ Card and Terminal
specifications defines of the software required in
the card and how the terminal will employ the
EMV tool kit
• Each Payment Network has invested in in
defining, maintaining and certifying
implementations of their specifications
• MasterCard – Mchip
• Visa – VIS
• Discover - D-Pas
• Amex – AEIPS
• The Visa and MasterCard specification define
methods of sharing data between two or more
AIDs to support US Debit requirements
• Card and terminal vendors develop and request
type approval of their products
Multi- Access and Multi-Application
28© Oberthur Technologies 2014
EMV defined application selection:
Issuer control & consumer choice
29© Oberthur Technologies – 2014
Insert Card
into Reader
Answer to reset
Select AID(s)Typically Associated with Payment Brand
Develop Candidate AID ListThe Debit Conundrum
Consumer Selection
US Debit Card One Account
1. Visa or MasterCard2. Star3. Shazam4. Alaska Options
US Debit Card One Account
1. Visa or MasterCard2. US Debit
Enter 1 or 2To select payment method?
April 30th 2014 The EMV Migration Forum Published April 2014“U.S. Debit EMV Technical Proposal”
• Each Debit network must license or develop an EMV application
• EMV specifications
• Visa and MasterCard just published their U.S. Debit specs
• Debit Networks must upgrade network and OBO services to support field 55 and authentication
• Merchants, acquirers, POS vendors and processors must implement a Durbin compliant debit solution
• Merchant interface and terminals must be certified for EMV
30© Oberthur Technologies 2014
Much work still to do
Debit Conundrum
Score Card Owner
Master
Card Visa
AFFN
Alaska Option
Allpoint
ATH
Cirrus MasterCard done done
CU-24 done
Interlink Visa done done
Jeanie Vantiv
Maestro MasterCard done done
Money Pass
Nets
NYCE FIS done
Plus Visa done done
Presto
Pulse Discover done
Shazam done
Star First Data done done
The Co-op Done
The Exchange/Accel Fiserv done done
• Debit card migration has begun
• Merchants are investing on the POS side
• Credit card migration is moving and accelerating
• As Issuers issue EMV cards we are seeing a “me to affect”
• Washington is actively investigating and learning about EMV
• OT is investing to assure chip manufacturing and perso capacity
• Consumers are aware of EMV and asking for higher levels of security
• Since 2011 OT has produced 30 million cards – 25% in the last Quarter
• India and China Are migrating too
• OT advises Issuers reserve capacity for EMV cards
The time is now
32© Oberthur Technologies 2014
Philip AndreaeDirector Field Marketing
[email protected]+1 404 680 9640