HCE READY TOKENIZATION SERVICE Vision & Use-Cases · 2017-06-20 · 9 Acceleration of fraudulent...

Vision & Use-Cases

April 2017

HCE READY

TOKENIZATION SERVICE

Agenda

▪ Megatrends in payment marketplace

▪ Product portfolio & Software components

▪ Value propositions to the payment ecosystem participants

▪ Tokenization opening new horizons

▪ Takeways

2

Megatrends for banks & retailers

▪ Mobile at the heart of digital interactions

▪ Demanding & self-driven consumers

▪ Speed of OTT’s and FinTech’s

▪ Payment regulation

3

Digital & Mobile Payment : Not a technology choice any more !

Digital cards on all devices

4

Consumer devices, Internet of Things

CARD MANAGEMENT SYSTEM

TOKEN MANAGEMENT SYSTEM

Digital Payment & HCE Technology

▪ All major international card schemes have issued HCE specifications

▪ EMVCo issued a global framework

5

Where do we stand?

▪ Slowdown of Banks-led HCE projects due to OEM-Pay’s arrival

▪ Many HCE projects are still in pilot or experiment mode

▪ HCE technology also selected by OEMs / OTTs for their wallets

But …

Digital Payment & HCE Technology

▪ Go-to-market: mBanking or mWallet ?

▪ Consistent and fluid User Experience▪ for enrolment

▪ for authentication in payment flows

▪ Support multiple payment brands

▪ Domestic Payment solution

▪ Security & functional certification

6

What is coming next?

Need for industrialization & massification

Issuers need to be visible on all channels

OEM’s WalletsTokenization & Management

Wearable Wallets

MNO’s Wallets

Banks’ Wallets

Retailers’ Wallets

Aggregators’ Wallets

Token Requestorsfor services - aggregators wallets

CUB3 Services Hub

Facilitate on-boarding and provide tokenization to Requestors

CUB3 Services HUB• Lifecycle management

• Tokenization management

• Transaction management

• Mobile platform

Server-based

Mobile App’

Innovative

FinTech’s

mPOS

Acquirers

Domestic

Networks

Transaction

Processors

Digital Commerce at stake

▪ Current countermeasures have failed partially

• Strong SSL authentication,

• PCI conformity (not storing sensitive data, PAN, CVV2, expiration date),

• Monitoring and scoring,

• Layering security, encryption End-to-End, 3D-Secure, etc.

▪ Standardized

• EMVCo tokenization was designed to use current ISO/IEC 8583 message formats that

support interoperability with the existing payments infrastructure. It is intended to fight

against fraud in current CNP channels (such as online transactions)

9

Acceleration of fraudulent activities

« Mobile PresentTransactions! »

Agenda


▪ Product portfolio & Software components• Issuers side:

• Tokenization Components of CUB3 Services Hub (C3SH)

• Mobile Wallet (SDK) and Token Requestor Gateway

• Acquirers side:• mPOS, as additional

• CPP: CUB3 Plug-in Pay

• CPB: CUB3 Payment Button



▪ Takeways

10

Token Service Provider

Cloud based Payment Architecture

11

Issuers

Digitalized

card

CUB3 Mobile SDKMerchant

Lifecycle

Account

Management

Tokenization

Management

Transaction

Management

Mobile

Application

Platform

Switch Acquirers

CUB3 Services Hub

Acquirer Network

Tokenization Components of C3SH

▪ Interaction with the POS through NFC

controller and HCE module

▪ Analyzing the APDUs and generating

the cryptography requested by the POS

▪ De-tokenization

▪ Cryptograms validations

▪ Pin Validation

▪ Fraud Management

▪ Log transaction

▪ Issuers API authorizations

▪ Enrollment process

▪ Provisioning process

▪ Replenishment process

▪ Life cycle Management

- Suspend tokens

- Resume tokens

- Disposal tokens

▪ Issuers Lifecycle API

▪ Issuers ID&V API

Mobilen

Platform

▪ Mobile wallet authentication

▪ Communication security

▪ Access control

▪ Token requestor gateway

Transaction

Management

Tokenization

Management

▪ Token Generation

▪ LUK/SUK generation

▪ Remote Notifications

▪ Life cycle management

▪ Token Vault

▪ HSM interface

Lifecycle

Account

Management

Mobile

Wallet SDK

Mobile Wallet & Token Requestor Gateway

▪ Mobile component is offered as a customizable wallet or as a

full-featured SDK for powering existing App’s

▪ Highest security grade with most advanced mechanisms, and

versatility of APDU’s exchanges (NFC or QR code)

▪ Further integration into international schemes platforms

(MDES, VTS) if required, performing Token Requestor role13

Token Requestor

Gateway (MDES/VTS)

SDK + MDES/VTS

functionalities

CUB3 platformstand-alone solution

Agenda


▪ Product portfolio & Software components• Issuers side:

• Tokenization Components of CUB3 Services Hub (C3SH)

• Mobile Wallet and SDK

• Acquirers side:• mPOS, as additional

• CPP: CUB3 Plug-in Pay

• CPB: CUB3 Payment Button



▪ Takeways

14

CUB3 mPOS

15

▪ CUB3 mPOS enables the counterpart mobile App’ payment transactions (APDU’s exchanges)

▪ The token used in the payment flow could have been generated by any “Issuer-TSP”, or on

behalf of the Issuer by a “C3SH” platform and de-tokenize by same platform before processing

in international ISO8583 network

CUB3 Acquirer

Gateway Acquirer Issuer

Token

PAN Number

CUB3-TSP ISSUER-TSP

TokenToken

PAN Number

Token Generated by

CUB3 TSP

Token Generated by

ISSUER TSP

2 3

4

1

2

3 4

ISO 8583

Merchant

mPOS

Components for Digital-Commerce

▪ CUB3TECH has developed solutions to propose secure, robust and frictionless

transactions for digital-Commerce, leveraging Tokenization

• CUB3 Payment Button (C3PB) is a solution oriented to merchants and acquirers. C3PB can be

easily integrated to the on-line payment webpage leveraging EMV and Tokenization

technologies into card-no-present environments. During the checkout process C3PB will interact

with a mobile app (Issuer´s wallet), to get and transmit dynamic payment data and generating a

full EMV transaction (EMV cryptogram, Tokenized PAN, CVC/CVV, Exp. Date, etc.)

• CUB3 Payment Plug-In (C3PP) targets consumers who want to make e-commerce transactions

in a secure way using the latest mechanisms to secure payment transactions. C3PP auto-fills

payment details in the merchant’s webpage without any manual intervention

16

Mobile Present Transactions!

C3PP Solution Scheme

17

Plug In QR Code

Merchant

Payment

Button

User clicks on

merchant’s webpage to

make a purchase

1

CUB3’s Plug-In Pay

detects an e-commerce

payment

2

CUB3’s Plug-In Pay displays a QR

Code including:

1. Transaction Amount

2. PC’s IP Address, Wi-Fi details

3. Purchase Information

3

4

CUB3 mobile app sends

transaction details to

CUB3 Tokenization

Server

CUB3’s tokenization

server replies with

payment token, CVC/CVV

and expiration date to the

mobile app

76

8

BAU transaction is processed

by the Merchant’s webpage

CUB3 Plug-In Pay autofills

payment details on the

merchant’s webpage

9

10

User captures the QR

code using his/her mobile By Wi-Fi or Bluetooth, CUB3

mobile app detects the user device

establishing connection with

CUBE Plug-In Pay

5

C3PB Solution Scheme

18

QR Code

CUB3

Payment

Button

User clicks on

merchant’s webpage to

make a purchase

1

CUB3’s Payment Button

processes the online

payment

2CPB displays a QR Code including:

1. Transaction Amount

2. PC’s IP Address, Wi-Fi details

3. Purchase Information

3

4

CUB3 mobile app sends

transaction details to

CUBE Tokenization

Server

CUB3’s tokenization

server replies with

payment token, CVC/CVV

and expiration date to the

mobile app

76

8

Online payment is processed as

a regular EMV transactionCUB3 Payment Button

generates the online payment

as a EMV transaction

9

10

User captures the QR

code using his/her mobile By Wi-Fi or Bluetooth, CUB3

mobile app detects the user device

establishing connection with

CPB

5

Agenda



▪ Value propositions to the payment ecosystem participants▪ Offer for close-loop issuers

▪ Offer for mobile payment service aggregators

▪ Offer for server-based payment mobile App’


▪ Takeways

19

Offer for close-loop, domestic Issuers

▪ Many Operations

▪ Domestic payment, payment + ID, payment + loyalty, etc.

▪ Vouchers companies, EBT operators, Gift cards …

▪ Challenges

• Keeping independency of operations management (payment + Value-Add in transactions)

• Seamless and simple integration with minimal impact

• No sharing of data with 3rd-parties and keeping end-customers relationship

▪ Opportunities

• Self-issued alternate PAN

• Leverage open standards and the growing contactless infrastructure (NFC, HCE, EMV and TSP

EMVCo)20

Offer for close-loop Issuers

21

* Presented as external resources, but also available « on-premises »

IssuerPOS

Acquirer

1 2

3

4

Authorization

Mobile App’ (Wallet)

CUB3 Mobile SDK

7

8

9

* CUB3

Services

Hub

6

Token

provisioning

5 10

Offer for Mobile Payment Services Aggregators

▪ Specific Set-ups

▪ Aggregation of payment services with connectors to bank (accounts/cards)

▪ Domestic payment schemes

▪ Challenges

• Keeping independency versus ICS (International Card Schemes)

• Independency of roadmaps of value-added services, tuned to each geography

▪ Opportunities

• Offer mobile proximity payment, leveraging growing contactless infrastructure

• Leverage open standards

• Ready for « Card present transactions » type, in m-commerce

22

Offer for Mobile Payment Services Aggregators

23

Mobile Payment Services Aggregator

* Presented as « on-premises » resources, but also available « CUB3aaS »


Core

ServicesAccounts

Management

Authorization

Server

Issuer

Issuer

Issuer

Mobile Wallet SDK

* CUB3

Services

Hub

Acquirer

POS

In-App Button

MDES

VTS

International Card Schemes

GW

Offer for server-based payment mobile App’

▪ Numerous start-up’s

▪ local / transnational

▪ Embedded in attractive verticals (Lifestyle, communities …)

▪ Challenges

• Need to grow the number of acceptance points (virtual & physical)

• Critical mass / differentiation

▪ Opportunities

1. NFC/QR universal proximity payments immediately (own tokenization management)

2. In-App payments

24

Offer for server-based payment mobile App’

25

* CUB3

Services Hub

Mobile Wallet SDK

Server-based

Payment platform

Mobile App’ (Wallet)E-merchants Brick & mortar

merchants

Enrolled

merchants

Not-yet enrolled

merchants

In-App Button

MDES

VTS

International Card Schemes

GW

With IN-App

button from ICS

With NFC/QR

code-enabled POS

Offer for e-Merchants and Acquirers

▪ Tsunami of fraud in digital-Commerce

▪ All issuers are experiencing steep growth of fraudulent e-Commerce transactions

▪ Acquirers and e-Merchants are looking for frictionless solutions to avoid drop-offs while goingthrough the payment process

▪ Challenges

• Security counter-measures implemented by Issuers (as 3D-Secure) are creating cumbersomeprocedures and results in drop-off’s

• Other solutions could be expensive (e.g. additional devices to deploy or displayable CVV2)

• Mobile devices based alternatives are favored in the marketplace, but not immune to attacks

▪ Opportunities

• Tokenization is offering elegant and secure solution, as the telephone is the central point of theflows, processing one-time and transient tokens (the real PAN never leave secured servers)

26

Offer for e-Merchants and Acquirers

27

e-Merchant


PSP

Acquirer Issuer

« Mobile PresentTransactions! »

* CUB3

Services Hub

PC

Agenda





▪ Takeways

28

Tokenization … Urgency for Issuers

29

Risk management, multiplication of use-cases

Before …

Account Card

Now …

Gartner: Banks need to think in terms of secure credentialsmanagement to accomodate all the payment scenarios

Managed by the same entity Losing control …

Potential still to be leveraged !

30

The physical card is« associated » to the token

1 PAN

=

1 token

1 PAN

=

N tokens

=

N use-cases

VS.

The token is « associated » to a use-case (token domain)

Support various payment products

31

Minimize the risks

Amount control

(cumulative or not) Control of

the channel Control of

the merchant type

Authorization/exclusion

of specific merchantsControl of the

type/origin of transaction

Give autonomy and self-management

32

Master further the risks with tokens management

Give rights to others,

third-parties

Dynamic & self

management of

the tokens

▪ Virtual corporate cards

▪ Pocket money to children

▪ Guarantor to non-bancarized

people

▪ Extension of prepaid accounts

▪ Etc.

▪ The account holder is

associated to the risk

management

▪ He is in the driver seat for

protecting his/her assets

▪ Better fraud management for

issuers with incentives

Agenda





▪ Takeways

33

HCE + Tokenization: Conclusions

▪ Higher profile▪ Own branded wallet (« Top of wallet »)

▪ Manage its own wallet rules

▪ The account/card-holder pays « with his/her financial institution »

▪ Autonomy▪ For its digitalization strategy

▪ For its deployment & offer of use-cases

▪ Evolution▪ Decides about its roadmap of services (use-cases)

▪ Adapts, depending of its clients, its markets and its competition

34

Benefits for the issuers

« HCE Industrialization & deployment fit into a broader

strategic choices issuers face to control their data, business model

and payment infrastructure »

Takeways: C3SH

▪ Connect once, deploy anywhere (unique Issuer API)

▪ Issuer-controlled tokenization with support for 3rd-party tokenization

and alternate PAN’s

▪ Wide and future-proof technology reach

▪ Supports all major international card schemes – Agnostic: CUBE

platform manages tokens from CUBE, Visa, Mastercard …

35

CUBE Services Hub:

CUBE is your « Token Factory » partner !

36

[email protected]

REFERENCES & PARTNERS

HCE READY TOKENIZATION SERVICE Vision & Use-Cases · 2017-06-20 · 9 Acceleration of fraudulent...

Documents

Transcript of HCE READY TOKENIZATION SERVICE Vision & Use-Cases · 2017-06-20 · 9 Acceleration of fraudulent...