Emv Presentation

8122019 Emv Presentation

httpslidepdfcomreaderfullemv-presentation 18

1242011

1

EMV Credit Card ParkingTechnology for 2012

What are the various stakeholderobligations to ensure its proper

implementation

Glenn Caldwell

copy COPYRIGHT ndashPARKING amp TRAFFIC CONSULTANTS

In the beginning there was the cardnext there was fraud (its not just about fraud)

Source EMVCo

Fraud History 1980 ndash present

bull Around the world bank card fraud losses to Visa and MasterCar d alone haveincreased from $110 million in 1980 to an estimated $163 billion in 1995

bull The Australian Institute of Criminology has revealed that fraud accounted for5715 cents of every $1000 transacted using credit an d charge cards in 2009

ndash This is an increase of 55 percent since 2006

bull The Australian Crime Commission 2011 report found that in 2010 593819fraudulent credit card transactions occurred scamming Aussies out of awhopping $145854208

bull 10 of Australians says they have been a victim of credit card fraud over thepast 5 years which is relatively low compared to some other countries

ndash America and UK - 27

ndash China and Singapore ndash 15

ndash Germany ndash 8

ndash Dubai - 7

Who are the people we can thank forEMV

bull Albert Gonzalez ndash one of 11 men chargedwith the largest credit card security breachrecorded in 2008 46 million customers

were affected

bull Database driven fraud (rather thanskimming) via ldquoWardrivingrdquo

bull 3 massive attacks

bull TJX Retailers

bull 7 elevenbull Heartland payment systems

copy COPYRIGHT ndash PARKING amp TRAFFIC CONSULTANTS

Recent Changes in fraud behaviour

bull Most common form of identity theft

bull Petrol Pump fraud on the increase as criminals continue to find new areas ofweakness Internet security and PCI are making it increasingly harder forcriminals and they are now moving into new territory Unattended credit card

New Credit Card Skimming Scam Hits RB PQ Ga s StationsNew Credit Card Skimming Scam Hits RB PQ Ga s StationsNew Credit Card Skimming Scam Hits RB PQ Ga s StationsNew Credit Card Skimming Scam Hits RB PQ Ga s StationsNovember 10 2011November 10 2011November 10 2011November 10 2011

New generation of card skimmers sold online hit ColoradoNew generation of card skimmers sold online hit ColoradoNew generation of card skimmers sold online hit ColoradoNew generation of card skimmers sold online hit ColoradoNovember 8 2011November 8 2011November 8 2011November 8 2011


The Parking Journey ndash

Managing cash fraud a priority

983107983151983145983150 983151983150983148983161 983107983151983145983150 +

983123983149983137983154983156 983139983137983154983140

983107983151983145983150 +

983107983154983141983140983145983156 983107983137983154983140(983151983142983142983148983145983150983141)

983107983151983145983150 + 983107983154983141983140983145983156

983107983137983154983140 (983119983150983148983145983150983141) +983117983151983138983145983148983141 983120983137983161983149983141983150983156

(983141983085983139983151983149983149983141983154983139983141 983151983154991260983139983137983154983140 983150983151983156983152983154983141983155983141983150983156991261)

983107983151983145983150 +

983107983154983141983140983145983156

983107983137983154983140

(983119983150983148983145983150983141

983120983107983113)

983107983151983145983150 +

983107983154983141983140983145983156

983107983137983154983140 (983120983107983113

983152983148983157983155

983109983117983126)

983107983137983155983144

983142983154983137983157983140

983107983154983141983140983145983156

983139983137983154983140 983142983154983137983157983140

983110983157983156983157983154983141

983110983154983137983157983140




1242011

2

What is EMV

bull EMVreg is a global standard for credit and debit payment cards based on chip cardtechnology As of end-2010 there were more than 124 billion EMV compliantchip-based payment cards in use worldwide

EMV chip-based payment cards also known as smart cards contain an

embedded microprocessor a type of small computer The microprocessor chipcontains the information needed to use the card for payment and is protectedby various security features Chip cards are a more secure alternative totraditional magnetic stripe payment cards

bull EMVCo manages maintains and enhances the EMVreg Integrated Circuit CardSpecifications for chip-based payment cards and acceptance devices includingpoint of sale (POS) terminals and ATMs EMVCo also establishes and administers

testing and approval processes to evaluate compliance with the EMVSpecifications

Source -EMVCo

Key advantages of EMV

bull More secure than encoded magnetic stripe

bull A unique digital signature of each new transaction is produced in thechip proving authenticity in an offline mode and prevents use offraudulent cards

bull Can be used to secure online transactions through cryptograms

bull Supports enhanced cardholder verification methods

bull Configuration of the card can be changed AFTER it has been issued

bull Contactless (Tap amp Go) ndashupgradeable

bull Offline transactions


We have a General Direction ndash But noreal ldquoDirectiverdquo

Proliferation of EMV POS terminals for attended ndash

yet little progress for unattended


EMV ImplementationEMV ImplementationEMV ImplementationEMV Implementation

ProgramProgramProgramProgram



The AcquirerThe AcquirerThe AcquirerThe Acquirer(your Bank)(your Bank)(your Bank)(your Bank)

The equipmentThe equipmentThe equipmentThe equipment

manufacturermanufacturermanufacturermanufacturerCard ReaderCard ReaderCard ReaderCard Reader

manufacturermanufacturermanufacturermanufacturer

Card Issuers (VisaCard Issuers (VisaCard Issuers (VisaCard Issuers (VisaMasterCard AMEX)MasterCard AMEX)MasterCard AMEX)MasterCard AMEX)

The MerchantThe MerchantThe MerchantThe Merchant

(Councils Car park(Councils Car park(Councils Car park(Councils Car park

owners)owners)owners)owners)

The GatewayThe GatewayThe GatewayThe GatewayProvider(s)Provider(s)Provider(s)Provider(s)

Key stakeholders ndash No one entity has ALL theknowledge It is an informal consortium ofspecialist experts

The ParkingThe ParkingThe ParkingThe Parkingequipment providerequipment providerequipment providerequipment provider

Governing bodiesGoverning bodiesGoverning bodiesGoverning bodies

EMV CO PCI SecurityEMV CO PCI SecurityEMV CO PCI SecurityEMV CO PCI SecurityStandards CouncilStandards CouncilStandards CouncilStandards Council


EMV - An Overview

983107983137983154983140 983124983141983154983149983145983150983137983148983107983137983154983140 983124983141983154983149983145983150983137983148

The EMV Credit Card

bull EMV ldquoSMART CARDrdquo is personalised by the card issuer and certifyingauthority

bull Superior levels of security is achieved by employing Public KeyCryptography

ndash Asymmetric rather than ldquosharedrdquo

983109983117983126 983116983141983158983141983148 2

983107983141983154983156983145983142983145983141983140

983123983151983142983156983159983137983154983141 983115983141983154983150983141983148

983109983117983126 983116983141983158983141983148 1




1242011

3

How it works ndash (summarised)

983107983137983154983140 983105983139983156983145983151983150 983105983150983137983148983161983155983145983155983124983154983137983150983155983137983139983156983145983151983150 983139983141983154983156983145983142983145983139983137983156983141 (983124983107)991252983119983142983142983148983145983150983141

983137983152983152983154983151983158983137983148983105983157983156983144983151983154983145983162983137983156983145983151983150 983122983141983153983157983141983155983156983107983154983161983152983156983151983143983154983137983149

(983105983122983121983107)991252983119983150983148983145983150983141 983137983157983156983144983151983154983145983162983137983156983145983151983150983105983152983152983148983145983139983137983156983145983151983150 983105983157983156983144983141983150983156983145983139983137983156983145983151983150983107983154983161983152983156983151983143983154983137983149

(983105983105983107)991252983119983142983142983148983145983150983141 983140983141983139983148983145983150983141

983124983141983154983149983145983150983137983148 983105983139983156983145983151983150 983137983150983137983148983161983155983145983155

983124983141983154983149983145983150983137983148 983140983141983139983145983140983141983155 983151983150 983159983144983137983156 983145983156 983145983155 983143983151983145983150983143 983156983151 983137983155983147 983156983144983141 983139983137983154983140

983124983141983154983149983145983150983137983148 983122983145983155983147 983105983155983155983141983155983155983149983141983150983156 983080983119983152983156983145983151983150983137983148983081

983141983143 983110983148983151983151983154 983148983145983149983145983156983155

983107983137983154983140 983112983151983148983140983141983154 983126983141983154983145983142983145983139983137983156983145983151983150

983145983141 983123983145983143983150983137983156983157983154983141 983120983113983118 983118983151 983107983126983117

983119983142983142983148983145983150983141 983108983137983156983137 983105983157983156983144983141983150983156983145983139983137983156983145983151983150983123983156983137983156983145983139 983108983137983156983137 983105983157983156983144983141983150983156983145983139983137983156983145983151983150 (983155983137983149983141 983147983141983161) 983108983161983150983137983149983145983139 983108983137983156983137 983105983157983156983144983141983150983156983145983139983137983156983145983151983150 (983150983141983159 983115983141983161 983141983137983139983144 983156983145983149983141)

983105983152983152983148983145983139983137983156983145983151983150 983123983141983148983141983139983156983145983151983150 983078 983122983141983137983140983145983150983143983108983141983156983141983154983149983145983150983141 983159983144983145983139983144 983137983152983152983148983145983139983137983156983145983151983150 983159983145983148983148 983138983141 983157983155983141983140 (983126983145983155983137

983117983137983155983156983141983154983107983137983154983140) 983122983141983137983140 983137983152983152983148983145983139983137983156983145983151983150 983140983137983156983137

983124983141983154983149983145983150983137983148

983126983141983154983145983142983145983139983137983156983145983151983150

983154983141983155983157983148983156983155


How it Works (continued)

983119983150983148983145983150983141 983120983154983151983139983141983155983155983145983150983143 (983145983142 983154983141983153983157983145983154983141983140)

(983107983137983154983140 983113983155983155983157983141983154 983149983137983161 983159983137983150983156 983156983151 983155983141983150983140

983157983152983140983137983156983141983155 983156983151 983156983144983141 983139983137983154983140 983152983151983155983156

983145983155983155983157983137983150983139983141)

983107983151983149983152983148983141983156983145983151983150 983137983150983140 983123983139983154983145983152983156

983120983154983151983139983141983155983155983145983150983143 (983157983152983140983137983156983141983155 983137983154983141

983137983152983152983148983145983141983140)

983124983154983137983150983155983137983139983156983145983151983150 983145983155 983139983151983149983152983148983141983156983141983140

983137983155 983105983152983152983154983151983158983141983140 983151983154 983108983141983139983148983145983150983141983140


Key Terms

bull CAT UPT - Cardholder Activated TerminalUnattended Payment Terminal

bull UnattendedUnattendedUnattendedUnattended

bull Card not presentCard not presentCard not presentCard not present

bull PAN ndashPr imary Account Number

bull No CVMNo CVMNo CVMNo CVM ndashndashndashndash No Customer Verification MethodNo Customer Verification MethodNo Customer Verification MethodNo Customer Verification Method

bull EMV level 1EMV level 1EMV level 1EMV level 1


bull 2 key triple des encryption2 key triple des encryption2 key triple des encryption2 key triple des encryption---- K1 = K2 K1=K3 Data Encryption standard

bull Cryptograms ndash AAC TC ARQC ARPC

bull Digital Signaturebull PCI-DSS

bull PA-DSS

bull PCIPCIPCIPCI ndashndashndashndash PTS (31)PTS (31)PTS (31)PTS (31)

bull Chip amp PIN

bull RSA Public Key Cryptography


Liability Shift

The Liability ShiftThe Liability ShiftThe Liability ShiftThe Liability Shift applies to the party (IssuerAcquirer) for all losses related tofraud incurred by card payment transactions that are non-EMV compliant

Eg Mastercard ldquoAn acquirer operating a magstripe-only terminal will be liablefor any counterfeit fraud that is conducted at that terminal using acounterfeit card that was originally issued with a chip The principle is thatthe fraud would have been prevented if the terminal had been chip-capablerdquo

Possible Eg Floor limits A terminal has a floor limit set to $20 Yet decides to goonline for a $19 transaction despite the card having an offline limit of $10

ndash Floor limits Lost amp Stolen cards Counterfeit cards OnlineofflineInsufficient funds (offline restrictions applied to each card to reduce

this) $100 (greater or lesser than)

bull The liability parameters must be verified by your AcquirerThe liability parameters must be verified by your AcquirerThe liability parameters must be verified by your AcquirerThe liability parameters must be verified by your Acquirer

Mastercardndash An introduction to chip


Liability Shift

bull The Liability shift is already in place ndash We are just waiting on deadlines

until the penalties start applying

bull PenaltiesPER TRANSACTION PER TERMINAL

bull Whatrsquos in it for the card schemes

bull Whatrsquos in it for the merchant


SimpleIsnrsquot It



1242011

4

The Complex Dialogue that is EMV amp PCI

PCI ndashDSS

bull PCI security standards are technical and operational requirements set by thePCI Security Standards Council (PCI SSC ) to protect cardholder data The

standards apply to all entities that store process or tran smit cardholder datandash with guidance for software developers and manufacturers of applicationsand devices used in those transactions

Source PCI Security Standards Council

PCI -Terms

bull The PCI DSSThe PCI DSSThe PCI DSSThe PCI DSS applies to all entities that store process andor transmitcardholder data It covers technical and operational system componentsincluded in or connected to cardholder data If you are a merchant who

accepts or processes payment cards you must comply with the PCI DSS (theorganisation)

bull The PAThe PAThe PAThe PA----DSSDSSDSSDSS is for software developers and integrators of paymentapplications that store process or transmit cardholder data as part ofauthorization or settlement when these applications are sold distributed orlicensed to third parties

bull The PCI PTSThe PCI PTSThe PCI PTSThe PCI PTS (formerly PCI P ED) is a set of security r equirements focused oncharacteristics and management of devices used in the protection ofcardholder PINs and other payment processing related activities Therequirements are for manufacturers to follow in the design manufactureand transport of a device to the entity that implements it Most r elevant is

the new standard ndash PCI-PTS (31) for payment terminals with no PIN entry(October 2011)

PTS= PIN Transaction Security


PCI and EMV

bull However EMV by itself does not protect the confidentiality of or inappropriate accessHowever EMV by itself does not protect the confidentiality of or inappropriate accessHowever EMV by itself does not protect the confidentiality of or inappropriate accessHowever EMV by itself does not protect the confidentiality of or inappropriate accessto sensitive cardholder datato sensitive cardholder datato sensitive cardholder datato sensitive cardholder data Current EMV acceptance and processing environments

may process both EMV and non-EMV transactions (such as magnetic stripe or primaryaccount numbers (PAN) These non-EMV transactions do not have the same fraud-reduction capabilities of EMV transactions and consequently require additional

protection

bull In addition it is important to note that in EMV environments the PAN is not kept

confidential at any point in the transaction indeed it is necessary for the PAN to beprocessed by the point-of-sale terminal in the clear in order to complete critical stepsin the EMV transaction process The expiry date and other c ardholder data are also

transmitted in clear-text

bull The potential for these transaction types andor data elements to be exposed and

used fraudulently within both the face-to-face channel and the card-not-present

channel are the reasons why it is necessary to implement PCI DSS in todayrsquos EMVacceptance environment(s)

bull By design PCI DSS does not distinguish between underlying transaction securitymechanisms but instead seeks to protect the PAN and other sensitive authentication

data Both PCI and EMV are essential elements in the fight against fraud and dataexposure Together they provide the greatest level of security for cardholder datathroughout the entire transaction process


Deadlines

VISA timeline

bull All new unattended payment terminals must be EMV from April 2012

bull All existing unattended transactions must change over to EMV by January

2014

MasterCard Timeline

bull All Unattended payment terminals must be EMV by April 2013

What if your bank is not ready to process EMV transactions in time forVisa mandate April 2012

What if the Merchant is not ready

bull Do you have budget deadlines that need to be submitted for 2012 ndash 2013

bull Need to get estimates for credit card upgrades including full scope of works


Upgrades of current equipment

Off street

bull New EMV card readers installed (separate to a coding unit)

bull No PIN - Good News

On-street

bull New card readers

bull New CPU

bull New software

Other Changes

bull Gateway configuration

Only the equipment provider can provide a definitive answer




1242011

5

EMV Terminals ndash local options

All in one card reader ndash Level 1 amp 2

eg Hypercom

Open architecture solution ndash level 1

eg Magtek I-65

What is the difference and does it really matter

bull Answer speak to your bank Check for PCI Certification


Key issues

bull Parking Equipment Upgrade Costs

bull What are the penalties for non-compliancebull Does the bank have a say in regards to the merchants choice of

equipment supplier

bull In light of the announcements recently from Visa and MC if amerchant has recently bought equipment that is not EMV enabled ndashbut the upgrade costs are high ndash what can they do

bull What are the equipment providers obliged to sell in the currentenvironment

bull For all new equipment ndash if it is ldquoEMV compliantrdquo but not ldquoEMV

enabledrdquo then what is involved in complete the process Is there anyadditional costs to the customer

bull Contactlesswhen is it going to roll out


What is the business case for Shifting to EMV

Considerations

bull What is the true value of the liability shift

bull What is the real financial incentive

bull Capital upgrades ndash cost

bull Risk management factors (reduced fraud)

bull Compliance to current standards

bull Future proof

bull How old is the current equipment


Stakeholder Collaboration ampConsultation

bull Suppliers to work with Third Party Certifiers + Banks + Acquirers

bull Merchants to determine what PCI obligations they may have

bull Gateway providers to assist as required

bull Organisations (eg Witham Labs) are available to assist with PCIcompliance

bull Acquirers must demonstrate leadership and direction


ImplementationWhat are the responsibilities for each

stakeholder in regards to the roll out ofEMV

Stakeholders

1 COUNCILS amp CAR PARK OWNERS (THE MERCHANT)

2 BANKS (THE ACQUIRER)

3 PARKING EQUIPMENT PROVIDERS (SUPPLIERS)

4 GATEWAY PROVIDERS




1242011

6

The Merchant

bull Councils

bull Car park operators

bull Car park owners and managers

bull Universities

bull Hospitals


The MerchantWho can you trust for the best advice

bull Your team ndash internal stakeholders

bull Must be your preferred bank

bull Get technical advice

bull Ensure they are ldquopart of the t eamrdquo


Your bank ndash how they can help

bull Provide written advice regarding the changes to unattended transactions

ndash Timeframes

ndash Fines

ndash Liability shifts

bull How does this apply to transactions above and below $100

bull In what way does it include lost stolen and counterfeit cards

ndash Technical direction

bull Provide advice on PCI and EMV standards

bull Review current credit card payment solutions

bull Assist with the assessment of future upgrades and capital purchases ( canyou get them to sit on the panel)

bull Project manage the EMV certification process with the gateway providerssuppliers and independent certification agencies (eg Witham Labs andFIME)


The Supplier

bull Understand EMV technical requirements

bull Develop a technical roadmap that includes contactless

bull Organise gateway partners and major banks

bull Develop or acquire EMV terminal hardware + software

bull Futureproof to include Contactless


EMV Certification Process

983107983141983154983156983145983142983161983145983150983143983137983143983141983150983139983161

(983141983143 983110983113983117983109)

983124983144983141

983106983137983150983147

983124983144983141

983111983137983156983141983159983137983161

983152983154983151983158983145983140983141983154

983124983144983141

983123983157983152983152983148983145983141983154

983123983157983152983152983148983145983141983154 983140983141983158983141983148983151983152983155 983156983141983139983144983150983145983139983137983148

983152983154983151983140983157983139983156

983123983157983152983152983148983145983141983154 983149983137983150983137983143983141983155 983109983117983126

983139983141983154983156983145983142983145983139983137983156983145983151983150 983137983150983140 983120983107983113 983142983151983154

983137983152983152983148983145983139983137983138983148983141 983152983137983161983149983141983150983156 983155983151983148983157983156983145983151983150983155

983123983157983152983152983148983145983141983154 991251 983143983137983156983141983159983137983161 983152983154983151983158983145983140983141983154 991251

983105983139983153983157983145983154983145983150983143 983138983137983150983147 983141983155983156983137983138983148983145983155983144983141983155 983137

983159983151983154983147983145983150983143 983143983154983151983157983152

983109983117983126 983156983141983155983156983145983150983143 983139983151983149983149983141983150983139983141983155 991251

983140983137983156983137 983148983151983143983155 983137983154983141 983139983154983141983137983156983141983140

983105983148983148 983140983137983156983137 983137983150983140 983148983151983143983155 983137983154983141

983155983157983138983149983145983156983156983141983140 983156983151 983137983150 983109983117983126

983139983141983154983156983145983142983161983145983150983143 983138983151983140983161 983142983151983154 983158983141983154983145983142983145983139983137983156983145983151983150

983107983137983154983140 983123983139983144983141983149983141 983145983155983155983157983141983155 983148983141983156983156983141983154 983151983142

983137983152983152983154983151983158983137983148


Put IT in writing

bull EMV status of current equipment

ndash Are the reader EMV level 1 compliant at least

bull What is the end-to-end upgrade to EMV

ndash What will it cost

ndash When will it be ready

ndash Which banks and gateway providers is this compatible with

bull Overseas EMV certification (eg Europe) next steps

ndash Local gateway and banking partners (SPECIFIC DATA FIELDS MUST BEACCOMODATED BY THE BANK)

ndash Local testing for MasterCard and Visa

ndash Letters of Approval for local solutions

ndash Relevant PCI compliance




1242011

7

Gateway Providers

bull There are a variety of gateway providers that have varying depths ofplatforms They are the link between the merchant and the acquirer

bull The banks do not have the capacity to develop a new in terface every time anew merchant comes along with a new device OR there are new bankingrequirements that affect interface architecture

bull The gateway provider becomes a partner to the bank in that they take onboard the banking mandates on their behalf

Key Roles

1 ndash An Aggregator and interface provider that develops the technology tofacilitate merchant transactions

2 ndash And when required ndash educate merchants

bull The gateway provider may decide to become involved in technology and

develop a plug and play terminal for the unattended (or attended) market


The Acquirer (The Bank)

bull Likely to NOT be EMV ready for unattended transactions

bull Currently handling EMV for ATTENDED transactionshoweverbull Need to update system (in some instances) to handle the extra data

elements relating to unattended transactions

bull Please do not send out the relationship manager to ldquorelayrdquo questionsand answers Get one of the technical people to be included inclient meetings


The Merchant (Part 2) ndash Dorsquos and Donts

bull Establish a working groupworking groupworking groupworking group that includes internal staff (operations financecontracts etc) plus representatives from the bank

bull DO NOT GET INTO THE BUSINESS OF STORING CREDIT CARD DATA ndashou tsourcethis to your providers

bull Ensure you have contracts in place to cover parking equipment maintenancebanking gateway processes These contracts must stipulatebull PCI certification is current and relevant to the applications being used and

covers the process end-to-endbull Relevant technology has EMV certification (Levels 1 amp 2)bull Card Scheme approval of the solutionbull Liability shifts are clearbull Upgrade costs are well definedbull No increases in merchant fees

bull Any current EMV architecture is relevant and will contribute to a futureupgrade

bull Back of office management systems and reporting will continue withminimal disruption to transaction history Credit Card History can be trackedon back office systems (with the permission of the card holder only)

bull YOU MUST WORK WITH YOUR BANK AS THE PRIMARY PARTNER IN THE PROCESSTHEY MUST UNDERSTAND THE ENTIRE SITUATION ON A TECHNICAL AND RISKMANAGEMENT LEVEL


Budget Implications

bull Forecasting cost to upgrade in 2012 ndash 2013

bull Local Councils ndash procurement guidelines and ldquoexceptional circumstancesrdquo

bull Do your current contracts with your suppliers cover EM V retrofitting andmaintenance


Conclusion

bull EMV solutions must be ldquoend to endrdquo for it work EM V ldquocompliantrdquo solutionsdo not necessarily stack up

bull Unattended ndash No CVM ndash No PIN ndash Online (Floor limit = 0)

bull The Acquirer is ultimately responsible for verifying the EMV and P CIcompliance for the merchants facilities Merchant cannot be expected toknow if a transaction is EMV or not and is securely transmitted

bull Acquirers must assist with project management of the EMV certificationprocess

bull Any claims made by suppliers must be put in writing with technicaldiagrams and specifications and verified by the bank

bull Your bank is expected to have a clear vision and roadmap for EMV andcontactless in the unattended space ndashincluding liability rules fines and

technical aspects of EMV for both MasterCard and Visa

bull A Working group is essential to ensure a united position on various issuesand that the journey is a lot smoother

bull The merchant (Council car park owners) must be given a chance to upgrade

their current facilities with sufficient time to allow for budgetingprocurement and implementation


Contactless ndash how does it fit into the

picturebull AMEX ndash latest developments ndash commence rolling out chip cards

before XMAS

bull Mag stripe for HOW LONG Currently used as a fall back

bull Contact ndashTHEN ndash Contactless How and EMV solution easily bridgesthe gap to introduce contactless

bull Benefits of contactless Transit systems ndash reduce read errors andmaintenance Near Field communication Faster transactions




1242011

8

Next Steps

bull Other options in the meantime

ndash Pay by phone ndash Coin only For some meters with low revenue

bull Expected increases in ldquoCard not presentrdquo fraud due to EMV

bull Develop a consistent message on what

ndash Parking Association role PAA steering g roup

Regular updates on changes to PCI and EMV for unattended

ndash Councils to work together


for more informationvisit us at parkingconsultantscomparkingconsultantscomparkingconsultantscomparkingconsultantscom

subscribe to

for the latest in parking industry

news




1242011

2

What is EMV

bull EMVreg is a global standard for credit and debit payment cards based on chip cardtechnology As of end-2010 there were more than 124 billion EMV compliantchip-based payment cards in use worldwide

EMV chip-based payment cards also known as smart cards contain an

embedded microprocessor a type of small computer The microprocessor chipcontains the information needed to use the card for payment and is protectedby various security features Chip cards are a more secure alternative totraditional magnetic stripe payment cards

bull EMVCo manages maintains and enhances the EMVreg Integrated Circuit CardSpecifications for chip-based payment cards and acceptance devices includingpoint of sale (POS) terminals and ATMs EMVCo also establishes and administers

testing and approval processes to evaluate compliance with the EMVSpecifications

Source -EMVCo

Key advantages of EMV

bull More secure than encoded magnetic stripe

bull A unique digital signature of each new transaction is produced in thechip proving authenticity in an offline mode and prevents use offraudulent cards

bull Can be used to secure online transactions through cryptograms

bull Supports enhanced cardholder verification methods

bull Configuration of the card can be changed AFTER it has been issued

bull Contactless (Tap amp Go) ndashupgradeable

bull Offline transactions


We have a General Direction ndash But noreal ldquoDirectiverdquo

Proliferation of EMV POS terminals for attended ndash

yet little progress for unattended






The AcquirerThe AcquirerThe AcquirerThe Acquirer(your Bank)(your Bank)(your Bank)(your Bank)

The equipmentThe equipmentThe equipmentThe equipment

manufacturermanufacturermanufacturermanufacturerCard ReaderCard ReaderCard ReaderCard Reader

manufacturermanufacturermanufacturermanufacturer

Card Issuers (VisaCard Issuers (VisaCard Issuers (VisaCard Issuers (VisaMasterCard AMEX)MasterCard AMEX)MasterCard AMEX)MasterCard AMEX)

The MerchantThe MerchantThe MerchantThe Merchant

(Councils Car park(Councils Car park(Councils Car park(Councils Car park

owners)owners)owners)owners)

The GatewayThe GatewayThe GatewayThe GatewayProvider(s)Provider(s)Provider(s)Provider(s)

Key stakeholders ndash No one entity has ALL theknowledge It is an informal consortium ofspecialist experts

The ParkingThe ParkingThe ParkingThe Parkingequipment providerequipment providerequipment providerequipment provider

Governing bodiesGoverning bodiesGoverning bodiesGoverning bodies

EMV CO PCI SecurityEMV CO PCI SecurityEMV CO PCI SecurityEMV CO PCI SecurityStandards CouncilStandards CouncilStandards CouncilStandards Council


EMV - An Overview

983107983137983154983140 983124983141983154983149983145983150983137983148983107983137983154983140 983124983141983154983149983145983150983137983148

The EMV Credit Card

bull EMV ldquoSMART CARDrdquo is personalised by the card issuer and certifyingauthority

bull Superior levels of security is achieved by employing Public KeyCryptography

ndash Asymmetric rather than ldquosharedrdquo

983109983117983126 983116983141983158983141983148 2

983107983141983154983156983145983142983145983141983140

983123983151983142983156983159983137983154983141 983115983141983154983150983141983148

983109983117983126 983116983141983158983141983148 1




1242011

3


983107983137983154983140 983105983139983156983145983151983150 983105983150983137983148983161983155983145983155983124983154983137983150983155983137983139983156983145983151983150 983139983141983154983156983145983142983145983139983137983156983141 (983124983107)991252983119983142983142983148983145983150983141

983137983152983152983154983151983158983137983148983105983157983156983144983151983154983145983162983137983156983145983151983150 983122983141983153983157983141983155983156983107983154983161983152983156983151983143983154983137983149

(983105983122983121983107)991252983119983150983148983145983150983141 983137983157983156983144983151983154983145983162983137983156983145983151983150983105983152983152983148983145983139983137983156983145983151983150 983105983157983156983144983141983150983156983145983139983137983156983145983151983150983107983154983161983152983156983151983143983154983137983149

(983105983105983107)991252983119983142983142983148983145983150983141 983140983141983139983148983145983150983141

983124983141983154983149983145983150983137983148 983105983139983156983145983151983150 983137983150983137983148983161983155983145983155

983124983141983154983149983145983150983137983148 983140983141983139983145983140983141983155 983151983150 983159983144983137983156 983145983156 983145983155 983143983151983145983150983143 983156983151 983137983155983147 983156983144983141 983139983137983154983140

983124983141983154983149983145983150983137983148 983122983145983155983147 983105983155983155983141983155983155983149983141983150983156 983080983119983152983156983145983151983150983137983148983081

983141983143 983110983148983151983151983154 983148983145983149983145983156983155

983107983137983154983140 983112983151983148983140983141983154 983126983141983154983145983142983145983139983137983156983145983151983150

983145983141 983123983145983143983150983137983156983157983154983141 983120983113983118 983118983151 983107983126983117

983119983142983142983148983145983150983141 983108983137983156983137 983105983157983156983144983141983150983156983145983139983137983156983145983151983150983123983156983137983156983145983139 983108983137983156983137 983105983157983156983144983141983150983156983145983139983137983156983145983151983150 (983155983137983149983141 983147983141983161) 983108983161983150983137983149983145983139 983108983137983156983137 983105983157983156983144983141983150983156983145983139983137983156983145983151983150 (983150983141983159 983115983141983161 983141983137983139983144 983156983145983149983141)

983105983152983152983148983145983139983137983156983145983151983150 983123983141983148983141983139983156983145983151983150 983078 983122983141983137983140983145983150983143983108983141983156983141983154983149983145983150983141 983159983144983145983139983144 983137983152983152983148983145983139983137983156983145983151983150 983159983145983148983148 983138983141 983157983155983141983140 (983126983145983155983137

983117983137983155983156983141983154983107983137983154983140) 983122983141983137983140 983137983152983152983148983145983139983137983156983145983151983150 983140983137983156983137

983124983141983154983149983145983150983137983148

983126983141983154983145983142983145983139983137983156983145983151983150

983154983141983155983157983148983156983155



983119983150983148983145983150983141 983120983154983151983139983141983155983155983145983150983143 (983145983142 983154983141983153983157983145983154983141983140)

(983107983137983154983140 983113983155983155983157983141983154 983149983137983161 983159983137983150983156 983156983151 983155983141983150983140

983157983152983140983137983156983141983155 983156983151 983156983144983141 983139983137983154983140 983152983151983155983156

983145983155983155983157983137983150983139983141)

983107983151983149983152983148983141983156983145983151983150 983137983150983140 983123983139983154983145983152983156

983120983154983151983139983141983155983155983145983150983143 (983157983152983140983137983156983141983155 983137983154983141

983137983152983152983148983145983141983140)

983124983154983137983150983155983137983139983156983145983151983150 983145983155 983139983151983149983152983148983141983156983141983140

983137983155 983105983152983152983154983151983158983141983140 983151983154 983108983141983139983148983145983150983141983140


Key Terms











bull PA-DSS


bull Chip amp PIN



Liability Shift









Liability Shift







SimpleIsnrsquot It



1242011

4


PCI ndashDSS




PCI -Terms








PCI and EMV



protection










Deadlines

VISA timeline



2014

MasterCard Timeline








Off street



On-street


bull New CPU

bull New software

Other Changes






1242011

5



eg Hypercom


eg Magtek I-65




Key issues



equipment supplier








Considerations






bull Future proof












Stakeholders




4 GATEWAY PROVIDERS




1242011

6

The Merchant

bull Councils



bull Universities

bull Hospitals










ndash Timeframes

ndash Fines










The Supplier








983107983141983154983156983145983142983161983145983150983143983137983143983141983150983139983161

(983141983143 983110983113983117983109)

983124983144983141

983106983137983150983147

983124983144983141

983111983137983156983141983159983137983161

983152983154983151983158983145983140983141983154

983124983144983141

983123983157983152983152983148983145983141983154

983123983157983152983152983148983145983141983154 983140983141983158983141983148983151983152983155 983156983141983139983144983150983145983139983137983148

983152983154983151983140983157983139983156

983123983157983152983152983148983145983141983154 983149983137983150983137983143983141983155 983109983117983126

983139983141983154983156983145983142983145983139983137983156983145983151983150 983137983150983140 983120983107983113 983142983151983154

983137983152983152983148983145983139983137983138983148983141 983152983137983161983149983141983150983156 983155983151983148983157983156983145983151983150983155

983123983157983152983152983148983145983141983154 991251 983143983137983156983141983159983137983161 983152983154983151983158983145983140983141983154 991251

983105983139983153983157983145983154983145983150983143 983138983137983150983147 983141983155983156983137983138983148983145983155983144983141983155 983137

983159983151983154983147983145983150983143 983143983154983151983157983152

983109983117983126 983156983141983155983156983145983150983143 983139983151983149983149983141983150983139983141983155 991251

983140983137983156983137 983148983151983143983155 983137983154983141 983139983154983141983137983156983141983140

983105983148983148 983140983137983156983137 983137983150983140 983148983151983143983155 983137983154983141

983155983157983138983149983145983156983156983141983140 983156983151 983137983150 983109983117983126

983139983141983154983156983145983142983161983145983150983143 983138983151983140983161 983142983151983154 983158983141983154983145983142983145983139983137983156983145983151983150

983107983137983154983140 983123983139983144983141983149983141 983145983155983155983157983141983155 983148983141983156983156983141983154 983151983142

983137983152983152983154983151983158983137983148


Put IT in writing















1242011

7

Gateway Providers




Key Roles





















Budget Implications





Conclusion














before XMAS







1242011

8

Next Steps










subscribe to


news




1242011

3


983107983137983154983140 983105983139983156983145983151983150 983105983150983137983148983161983155983145983155983124983154983137983150983155983137983139983156983145983151983150 983139983141983154983156983145983142983145983139983137983156983141 (983124983107)991252983119983142983142983148983145983150983141

983137983152983152983154983151983158983137983148983105983157983156983144983151983154983145983162983137983156983145983151983150 983122983141983153983157983141983155983156983107983154983161983152983156983151983143983154983137983149

(983105983122983121983107)991252983119983150983148983145983150983141 983137983157983156983144983151983154983145983162983137983156983145983151983150983105983152983152983148983145983139983137983156983145983151983150 983105983157983156983144983141983150983156983145983139983137983156983145983151983150983107983154983161983152983156983151983143983154983137983149

(983105983105983107)991252983119983142983142983148983145983150983141 983140983141983139983148983145983150983141

983124983141983154983149983145983150983137983148 983105983139983156983145983151983150 983137983150983137983148983161983155983145983155

983124983141983154983149983145983150983137983148 983140983141983139983145983140983141983155 983151983150 983159983144983137983156 983145983156 983145983155 983143983151983145983150983143 983156983151 983137983155983147 983156983144983141 983139983137983154983140

983124983141983154983149983145983150983137983148 983122983145983155983147 983105983155983155983141983155983155983149983141983150983156 983080983119983152983156983145983151983150983137983148983081

983141983143 983110983148983151983151983154 983148983145983149983145983156983155

983107983137983154983140 983112983151983148983140983141983154 983126983141983154983145983142983145983139983137983156983145983151983150

983145983141 983123983145983143983150983137983156983157983154983141 983120983113983118 983118983151 983107983126983117

983119983142983142983148983145983150983141 983108983137983156983137 983105983157983156983144983141983150983156983145983139983137983156983145983151983150983123983156983137983156983145983139 983108983137983156983137 983105983157983156983144983141983150983156983145983139983137983156983145983151983150 (983155983137983149983141 983147983141983161) 983108983161983150983137983149983145983139 983108983137983156983137 983105983157983156983144983141983150983156983145983139983137983156983145983151983150 (983150983141983159 983115983141983161 983141983137983139983144 983156983145983149983141)

983105983152983152983148983145983139983137983156983145983151983150 983123983141983148983141983139983156983145983151983150 983078 983122983141983137983140983145983150983143983108983141983156983141983154983149983145983150983141 983159983144983145983139983144 983137983152983152983148983145983139983137983156983145983151983150 983159983145983148983148 983138983141 983157983155983141983140 (983126983145983155983137

983117983137983155983156983141983154983107983137983154983140) 983122983141983137983140 983137983152983152983148983145983139983137983156983145983151983150 983140983137983156983137

983124983141983154983149983145983150983137983148

983126983141983154983145983142983145983139983137983156983145983151983150

983154983141983155983157983148983156983155



983119983150983148983145983150983141 983120983154983151983139983141983155983155983145983150983143 (983145983142 983154983141983153983157983145983154983141983140)

(983107983137983154983140 983113983155983155983157983141983154 983149983137983161 983159983137983150983156 983156983151 983155983141983150983140

983157983152983140983137983156983141983155 983156983151 983156983144983141 983139983137983154983140 983152983151983155983156

983145983155983155983157983137983150983139983141)

983107983151983149983152983148983141983156983145983151983150 983137983150983140 983123983139983154983145983152983156

983120983154983151983139983141983155983155983145983150983143 (983157983152983140983137983156983141983155 983137983154983141

983137983152983152983148983145983141983140)

983124983154983137983150983155983137983139983156983145983151983150 983145983155 983139983151983149983152983148983141983156983141983140

983137983155 983105983152983152983154983151983158983141983140 983151983154 983108983141983139983148983145983150983141983140


Key Terms











bull PA-DSS


bull Chip amp PIN



Liability Shift









Liability Shift







SimpleIsnrsquot It



1242011

4


PCI ndashDSS




PCI -Terms








PCI and EMV



protection










Deadlines

VISA timeline



2014

MasterCard Timeline








Off street



On-street


bull New CPU

bull New software

Other Changes






1242011

5



eg Hypercom


eg Magtek I-65




Key issues



equipment supplier








Considerations






bull Future proof












Stakeholders




4 GATEWAY PROVIDERS




1242011

6

The Merchant

bull Councils



bull Universities

bull Hospitals










ndash Timeframes

ndash Fines










The Supplier








983107983141983154983156983145983142983161983145983150983143983137983143983141983150983139983161

(983141983143 983110983113983117983109)

983124983144983141

983106983137983150983147

983124983144983141

983111983137983156983141983159983137983161

983152983154983151983158983145983140983141983154

983124983144983141

983123983157983152983152983148983145983141983154

983123983157983152983152983148983145983141983154 983140983141983158983141983148983151983152983155 983156983141983139983144983150983145983139983137983148

983152983154983151983140983157983139983156

983123983157983152983152983148983145983141983154 983149983137983150983137983143983141983155 983109983117983126

983139983141983154983156983145983142983145983139983137983156983145983151983150 983137983150983140 983120983107983113 983142983151983154

983137983152983152983148983145983139983137983138983148983141 983152983137983161983149983141983150983156 983155983151983148983157983156983145983151983150983155

983123983157983152983152983148983145983141983154 991251 983143983137983156983141983159983137983161 983152983154983151983158983145983140983141983154 991251

983105983139983153983157983145983154983145983150983143 983138983137983150983147 983141983155983156983137983138983148983145983155983144983141983155 983137

983159983151983154983147983145983150983143 983143983154983151983157983152

983109983117983126 983156983141983155983156983145983150983143 983139983151983149983149983141983150983139983141983155 991251

983140983137983156983137 983148983151983143983155 983137983154983141 983139983154983141983137983156983141983140

983105983148983148 983140983137983156983137 983137983150983140 983148983151983143983155 983137983154983141

983155983157983138983149983145983156983156983141983140 983156983151 983137983150 983109983117983126

983139983141983154983156983145983142983161983145983150983143 983138983151983140983161 983142983151983154 983158983141983154983145983142983145983139983137983156983145983151983150

983107983137983154983140 983123983139983144983141983149983141 983145983155983155983157983141983155 983148983141983156983156983141983154 983151983142

983137983152983152983154983151983158983137983148


Put IT in writing















1242011

7

Gateway Providers




Key Roles





















Budget Implications





Conclusion














before XMAS







1242011

8

Next Steps










subscribe to


news




1242011

4


PCI ndashDSS




PCI -Terms








PCI and EMV



protection










Deadlines

VISA timeline



2014

MasterCard Timeline








Off street



On-street


bull New CPU

bull New software

Other Changes






1242011

5



eg Hypercom


eg Magtek I-65




Key issues



equipment supplier








Considerations






bull Future proof












Stakeholders




4 GATEWAY PROVIDERS




1242011

6

The Merchant

bull Councils



bull Universities

bull Hospitals










ndash Timeframes

ndash Fines










The Supplier








983107983141983154983156983145983142983161983145983150983143983137983143983141983150983139983161

(983141983143 983110983113983117983109)

983124983144983141

983106983137983150983147

983124983144983141

983111983137983156983141983159983137983161

983152983154983151983158983145983140983141983154

983124983144983141

983123983157983152983152983148983145983141983154

983123983157983152983152983148983145983141983154 983140983141983158983141983148983151983152983155 983156983141983139983144983150983145983139983137983148

983152983154983151983140983157983139983156

983123983157983152983152983148983145983141983154 983149983137983150983137983143983141983155 983109983117983126

983139983141983154983156983145983142983145983139983137983156983145983151983150 983137983150983140 983120983107983113 983142983151983154

983137983152983152983148983145983139983137983138983148983141 983152983137983161983149983141983150983156 983155983151983148983157983156983145983151983150983155

983123983157983152983152983148983145983141983154 991251 983143983137983156983141983159983137983161 983152983154983151983158983145983140983141983154 991251

983105983139983153983157983145983154983145983150983143 983138983137983150983147 983141983155983156983137983138983148983145983155983144983141983155 983137

983159983151983154983147983145983150983143 983143983154983151983157983152

983109983117983126 983156983141983155983156983145983150983143 983139983151983149983149983141983150983139983141983155 991251

983140983137983156983137 983148983151983143983155 983137983154983141 983139983154983141983137983156983141983140

983105983148983148 983140983137983156983137 983137983150983140 983148983151983143983155 983137983154983141

983155983157983138983149983145983156983156983141983140 983156983151 983137983150 983109983117983126

983139983141983154983156983145983142983161983145983150983143 983138983151983140983161 983142983151983154 983158983141983154983145983142983145983139983137983156983145983151983150

983107983137983154983140 983123983139983144983141983149983141 983145983155983155983157983141983155 983148983141983156983156983141983154 983151983142

983137983152983152983154983151983158983137983148


Put IT in writing















1242011

7

Gateway Providers




Key Roles





















Budget Implications





Conclusion














before XMAS







1242011

8

Next Steps










subscribe to


news




1242011

5



eg Hypercom


eg Magtek I-65




Key issues



equipment supplier








Considerations






bull Future proof












Stakeholders




4 GATEWAY PROVIDERS




1242011

6

The Merchant

bull Councils



bull Universities

bull Hospitals










ndash Timeframes

ndash Fines










The Supplier








983107983141983154983156983145983142983161983145983150983143983137983143983141983150983139983161

(983141983143 983110983113983117983109)

983124983144983141

983106983137983150983147

983124983144983141

983111983137983156983141983159983137983161

983152983154983151983158983145983140983141983154

983124983144983141

983123983157983152983152983148983145983141983154

983123983157983152983152983148983145983141983154 983140983141983158983141983148983151983152983155 983156983141983139983144983150983145983139983137983148

983152983154983151983140983157983139983156

983123983157983152983152983148983145983141983154 983149983137983150983137983143983141983155 983109983117983126

983139983141983154983156983145983142983145983139983137983156983145983151983150 983137983150983140 983120983107983113 983142983151983154

983137983152983152983148983145983139983137983138983148983141 983152983137983161983149983141983150983156 983155983151983148983157983156983145983151983150983155

983123983157983152983152983148983145983141983154 991251 983143983137983156983141983159983137983161 983152983154983151983158983145983140983141983154 991251

983105983139983153983157983145983154983145983150983143 983138983137983150983147 983141983155983156983137983138983148983145983155983144983141983155 983137

983159983151983154983147983145983150983143 983143983154983151983157983152

983109983117983126 983156983141983155983156983145983150983143 983139983151983149983149983141983150983139983141983155 991251

983140983137983156983137 983148983151983143983155 983137983154983141 983139983154983141983137983156983141983140

983105983148983148 983140983137983156983137 983137983150983140 983148983151983143983155 983137983154983141

983155983157983138983149983145983156983156983141983140 983156983151 983137983150 983109983117983126

983139983141983154983156983145983142983161983145983150983143 983138983151983140983161 983142983151983154 983158983141983154983145983142983145983139983137983156983145983151983150

983107983137983154983140 983123983139983144983141983149983141 983145983155983155983157983141983155 983148983141983156983156983141983154 983151983142

983137983152983152983154983151983158983137983148


Put IT in writing















1242011

7

Gateway Providers




Key Roles





















Budget Implications





Conclusion














before XMAS







1242011

8

Next Steps










subscribe to


news




1242011

6

The Merchant

bull Councils



bull Universities

bull Hospitals










ndash Timeframes

ndash Fines










The Supplier








983107983141983154983156983145983142983161983145983150983143983137983143983141983150983139983161

(983141983143 983110983113983117983109)

983124983144983141

983106983137983150983147

983124983144983141

983111983137983156983141983159983137983161

983152983154983151983158983145983140983141983154

983124983144983141

983123983157983152983152983148983145983141983154

983123983157983152983152983148983145983141983154 983140983141983158983141983148983151983152983155 983156983141983139983144983150983145983139983137983148

983152983154983151983140983157983139983156

983123983157983152983152983148983145983141983154 983149983137983150983137983143983141983155 983109983117983126

983139983141983154983156983145983142983145983139983137983156983145983151983150 983137983150983140 983120983107983113 983142983151983154

983137983152983152983148983145983139983137983138983148983141 983152983137983161983149983141983150983156 983155983151983148983157983156983145983151983150983155

983123983157983152983152983148983145983141983154 991251 983143983137983156983141983159983137983161 983152983154983151983158983145983140983141983154 991251

983105983139983153983157983145983154983145983150983143 983138983137983150983147 983141983155983156983137983138983148983145983155983144983141983155 983137

983159983151983154983147983145983150983143 983143983154983151983157983152

983109983117983126 983156983141983155983156983145983150983143 983139983151983149983149983141983150983139983141983155 991251

983140983137983156983137 983148983151983143983155 983137983154983141 983139983154983141983137983156983141983140

983105983148983148 983140983137983156983137 983137983150983140 983148983151983143983155 983137983154983141

983155983157983138983149983145983156983156983141983140 983156983151 983137983150 983109983117983126

983139983141983154983156983145983142983161983145983150983143 983138983151983140983161 983142983151983154 983158983141983154983145983142983145983139983137983156983145983151983150

983107983137983154983140 983123983139983144983141983149983141 983145983155983155983157983141983155 983148983141983156983156983141983154 983151983142

983137983152983152983154983151983158983137983148


Put IT in writing















1242011

7

Gateway Providers




Key Roles





















Budget Implications





Conclusion














before XMAS







1242011

8

Next Steps










subscribe to


news




1242011

7

Gateway Providers




Key Roles





















Budget Implications





Conclusion














before XMAS







1242011

8

Next Steps










subscribe to


news




1242011

8

Next Steps










subscribe to


news


Emv Presentation

Documents

Transcript of Emv Presentation