Upload
others
View
4
Download
0
Embed Size (px)
Citation preview
The World Leader in Display Card Manufacturing
Digital Dynamic CVV/CVC Codes on EMV Cards
Francine Dubois – NID Security
NIDSecurity–AnOTcompany
NID Security
NIDSecurity
2
Migration to EMV: The impact on CNP Fraud
TheWorldLeaderinDisplayCardManufacturing
AnOTcompany
NIDSecurity
3
ABOUTEMV
Reduc<onincard-presentfraud
Enhancedcardauthen<ca<onEnhancedcardholderverifica<on(PIN)Dynamicdataauthen.ca.on/authen.ccardrequired
PaymentinfostoredonsecurechipCounterfei.ngvirtuallyimpossible
TheWorldLeaderinDisplayCardManufacturing
AnOTcompany
NIDSecurity
4
FRAUDTRENDS&DRIVERS
CNPfraudlossesrepresentmorethan60%oftotalfraudinEuropetoday
Globaladop<onofEMVcausesfraudtomigratetopathsoflowerresistance
GrowthofUSonlinecommerceandtransac<onsaLractsfraudsters
9% CAGR 2012-2017
TheWorldLeaderinDisplayCardManufacturing
AnOTcompany
NIDSecurity
5
RISEOFCARDNOTPRESENTFRAUD
EMVenablesstrongdecreaseofcounterfeit/CPfraud,butfraudismigraLngtoCNP
1. Source: Canadian Bankers Association
US:CardNotPresent(CNP)fraudlossestoreach$6.4Bbyend2018
Europe: • CNP fraud accounts for 60% of the total value of card fraud in 2012
• CNP fraud increased by 21% to €794M
“DatafromtheU.K.,FranceandAustraliashowthatCNPfraudbecamealargerpor.onofoverallfraudduringandaDertheirEMVchipconversions,asEMVchipdrama.callyreducedthecard-presentfraudissuesbutdidnotaddressthecard-not-presentfraudproblem.“(WhitePaper,EMVMigra.onForum)
TheWorldLeaderinDisplayCardManufacturing
AnOTcompany
NIDSecurity
6
CNPFRAUD,AREALITYINDIFFERENTREGIONS
AustraliaTotalCardFraudValue$AUS300M
2014(+16%vs.2012)
23%
77%
CanadaCreditCardFraudValue$CAD465M
2013(+6%vs.2012)
36%
64%
17%
23% 60%
ATMsPOSterminalsCard-not-present
40%
28%
32%
OtherCard-not-present+11%
OtherCard-not-present Card-not-present
OtherCounterfeit
UKTotalCardFraudValue£479M
2014(+6%vs.2013)
69%
31%
OtherCard-not-present+10%
Sources:ECB,UFFAUK,,CanadianBankersassocia.on,APCA,CyberSource,USFederalReserve,AITE
EuropeTotalFraudValue€1.33B
2012(+15%vs.2011)
USATotalGPCardFraud
Value$4B2012
TheWorldLeaderinDisplayCardManufacturing
AnOTcompany
NIDSecurity
7
FIGHTINGCNPFRAUD–ADIFFICULTBALANCE
April11,2016
Security
OperaLngcosts
Useracceptanceandexperience
Easeofdeployment
TheidealsoluLon …butinpracLce
TheWorldLeaderinDisplayCardManufacturing
AnOTcompany
NIDSecurity
8
SAMPLEOFAUTHENTICATIONSOLUTIONS
3D Secure Tokenization Secret question
SMS
Keyfob/calculator Biometrics Virtual cards
TheWorldLeaderinDisplayCardManufacturing
AnOTcompany
NIDSecurity
9
CNPFRAUDIMPACTONISSUERS
Issuers and end-users eventually get refunded but… Ø Cost of treatment of fraud cases and card replacement on
issuers Ø Lost revenue while card is replaced and loss of recurring
revenue if switched to other card Ø Cardholders : “I’m not well protected” – “maybe I should limit my
online activity?” Management of recurring billing on card, …
TheWorldLeaderinDisplayCardManufacturing
AnOTcompany
NIDSecurity
In this instance, not the PAN, but the “security code”
10
THETREND–TOKENIZATIONOFCARDDATA
Stolen data used within 10-30 days
following theft
Dynamic code valid for less than 1h
Security code is the easiest data
to turn dynamic
TheWorldLeaderinDisplayCardManufacturing
AnOTcompany
NIDSecurity
11
COMPLEMENTSTOKENIZATION
End User Merchant Processor
Card info + DCVX2 9876 0123 4567 8901 + 976
Surrogate card info(tokenized data) 1000 6661 3334 8901+ 456
§ HelpspreventfraudulentuseofstolencardinfoforCNPtransac<ons
§ Addsalayerofprotec<onatendpointsagainst:§ The]ofentered/swipeddatabymalware,keyloggers,trojans,
eavesdropping,shouldersurfing(i.e.duringenrollment)§ The]ofstoredplaindatainlegacysystems§ The]ofcardinforma<ontransmigedoverclearchannels(phone,fax,
mail...)
NIDSecurity
12
DYNAMIC CVV/CVC CODES ON EMV CARDS
TheWorldLeaderinDisplayCardManufacturing
AnOTcompany
NIDSecurity
13
WHATISADYNAMICCVV/CVCCODECARD
§ Automa<crefreshofdynamiccode(customizablefrequency)
§ SmallDisplay§ InternalbaLerythatlastupto5yrs
§ Standardcreditcardformat(ISO7810)
§ Accommodatesallstandardcardfeatures:contact-contactlesschip,embossing,magne<cstripe,…
TheWorldLeaderinDisplayCardManufacturing
AnOTcompany
NIDSecurity
14
HIGHLEVELVIEWOFIMPLEMENTATIONSCENARIOS
A.TokenServiceProvider B.Hostedbyprocessor
Merchant Merchant
NetworkNetwork
Processor
dCVx2VerificaLonServer
Processor
SaaSTSP
C.Hostedbyprocessingbank/issuer/agent
Merchant
Network
dCVx2VerificaLonServer
Bank/Issuer/Agent
TheWorldLeaderinDisplayCardManufacturing
AnOTcompany
NIDSecurity
15
SAFER,FRICTIONLESSCNPTRANSACTIONS
§ Safertransac<onsoveranychannel(ie:website,app,voice…)
§ Simpleandelegantsolu<onthatworksonanydevice
§ Fric<onless,nocomplexenrollmentprocess
§ Noaddi<onalso]wareorpluginrequired
§ Cardinfolessvulnerableif
device/computerislostorstolen
TheWorldLeaderinDisplayCardManufacturing
AnOTcompany
NIDSecurity
16
PERFECTSOLUTIONTOSECURECNPTRANSACTIONS
Simultaneouslyaddressestheneedsofissuers,merchants,andend-users
Controlled,predictableTCO,
virtuallyanewcardateveryrefresh
Topofwallet,100%cardholderadop<on,FricLonless,zerolearningcurve.
Moresecure.TokenizestheCVC/V2,protectsatthesource
Lowimpactoninfrastructure.
Anissueronlysolu<on
Transparent,fricLonlesstoeMerchants,increasedconversionrates
NIDSecurity
17
ABOUT NID Security
TheWorldLeaderinDisplayCardManufacturing
AnOTcompany
NIDSecurity AboutNagraIDSecurity
TheWorldLeaderinDisplayCardManufacturing
Dual Interface DCVV, ePaper Display Cards
Before NIDS commercialized the 1st ISO Display Card with bi-stable display
2005
Introduced 1st alpha-numeric card with 12-button keypad
2008 2012
3rd Gen Display Card with ultra-fast LCD
Introduced EMV payment card with information display & new capacitive 12-button keypad
Introduced the VISA Codesure with dot matrix display
4-in-1 Display Card Debit/Credit Paypass/SecureCode
2006 2009 2010 2011
Production ramp-up, delivery of 1M card in 6 months timeframe
2014 20152014
Introduced the 1st dCVV payment card
www.nidsecurity.com