HCE READY TOKENIZATION SERVICE Vision & Use-Cases · 2017-06-20 · 9 Acceleration of fraudulent...
Transcript of HCE READY TOKENIZATION SERVICE Vision & Use-Cases · 2017-06-20 · 9 Acceleration of fraudulent...
Vision & Use-Cases
April 2017
HCE READY
TOKENIZATION SERVICE
Agenda
▪ Megatrends in payment marketplace
▪ Product portfolio & Software components
▪ Value propositions to the payment ecosystem participants
▪ Tokenization opening new horizons
▪ Takeways
2
Megatrends for banks & retailers
▪ Mobile at the heart of digital interactions
▪ Demanding & self-driven consumers
▪ Speed of OTT’s and FinTech’s
▪ Payment regulation
3
Digital & Mobile Payment : Not a technology choice any more !
Digital cards on all devices
4
Consumer devices, Internet of Things
CARD MANAGEMENT SYSTEM
TOKEN MANAGEMENT SYSTEM
Digital Payment & HCE Technology
▪ All major international card schemes have issued HCE specifications
▪ EMVCo issued a global framework
5
Where do we stand?
▪ Slowdown of Banks-led HCE projects due to OEM-Pay’s arrival
▪ Many HCE projects are still in pilot or experiment mode
▪ HCE technology also selected by OEMs / OTTs for their wallets
But …
Digital Payment & HCE Technology
▪ Go-to-market: mBanking or mWallet ?
▪ Consistent and fluid User Experience▪ for enrolment
▪ for authentication in payment flows
▪ Support multiple payment brands
▪ Domestic Payment solution
▪ Security & functional certification
6
What is coming next?
Need for industrialization & massification
Issuers need to be visible on all channels
OEM’s WalletsTokenization & Management
Wearable Wallets
MNO’s Wallets
Banks’ Wallets
Retailers’ Wallets
Aggregators’ Wallets
Token Requestorsfor services - aggregators wallets
CUB3 Services Hub
Facilitate on-boarding and provide tokenization to Requestors
CUB3 Services HUB• Lifecycle management
• Tokenization management
• Transaction management
• Mobile platform
Server-based
Mobile App’
Innovative
FinTech’s
mPOS
Acquirers
Domestic
Networks
Transaction
Processors
Digital Commerce at stake
▪ Current countermeasures have failed partially
• Strong SSL authentication,
• PCI conformity (not storing sensitive data, PAN, CVV2, expiration date),
• Monitoring and scoring,
• Layering security, encryption End-to-End, 3D-Secure, etc.
▪ Standardized
• EMVCo tokenization was designed to use current ISO/IEC 8583 message formats that
support interoperability with the existing payments infrastructure. It is intended to fight
against fraud in current CNP channels (such as online transactions)
9
Acceleration of fraudulent activities
« Mobile PresentTransactions! »
Agenda
▪ Megatrends in payment marketplace
▪ Product portfolio & Software components• Issuers side:
• Tokenization Components of CUB3 Services Hub (C3SH)
• Mobile Wallet (SDK) and Token Requestor Gateway
• Acquirers side:• mPOS, as additional
• CPP: CUB3 Plug-in Pay
• CPB: CUB3 Payment Button
▪ Value propositions to the payment ecosystem participants
▪ Tokenization opening new horizons
▪ Takeways
10
Token Service Provider
Cloud based Payment Architecture
11
Issuers
Digitalized
card
CUB3 Mobile SDKMerchant
Lifecycle
Account
Management
Tokenization
Management
Transaction
Management
Mobile
Application
Platform
Switch Acquirers
CUB3 Services Hub
Acquirer Network
Tokenization Components of C3SH
▪ Interaction with the POS through NFC
controller and HCE module
▪ Analyzing the APDUs and generating
the cryptography requested by the POS
▪ De-tokenization
▪ Cryptograms validations
▪ Pin Validation
▪ Fraud Management
▪ Log transaction
▪ Issuers API authorizations
▪ Enrollment process
▪ Provisioning process
▪ Replenishment process
▪ Life cycle Management
- Suspend tokens
- Resume tokens
- Disposal tokens
▪ Issuers Lifecycle API
▪ Issuers ID&V API
Mobilen
Platform
▪ Mobile wallet authentication
▪ Communication security
▪ Access control
▪ Token requestor gateway
Transaction
Management
Tokenization
Management
▪ Token Generation
▪ LUK/SUK generation
▪ Remote Notifications
▪ Life cycle management
▪ Token Vault
▪ HSM interface
Lifecycle
Account
Management
Mobile
Wallet SDK
Mobile Wallet & Token Requestor Gateway
▪ Mobile component is offered as a customizable wallet or as a
full-featured SDK for powering existing App’s
▪ Highest security grade with most advanced mechanisms, and
versatility of APDU’s exchanges (NFC or QR code)
▪ Further integration into international schemes platforms
(MDES, VTS) if required, performing Token Requestor role13
Token Requestor
Gateway (MDES/VTS)
SDK + MDES/VTS
functionalities
CUB3 platformstand-alone solution
Agenda
▪ Megatrends in payment marketplace
▪ Product portfolio & Software components• Issuers side:
• Tokenization Components of CUB3 Services Hub (C3SH)
• Mobile Wallet and SDK
• Acquirers side:• mPOS, as additional
• CPP: CUB3 Plug-in Pay
• CPB: CUB3 Payment Button
▪ Value propositions to the payment ecosystem participants
▪ Tokenization opening new horizons
▪ Takeways
14
CUB3 mPOS
15
▪ CUB3 mPOS enables the counterpart mobile App’ payment transactions (APDU’s exchanges)
▪ The token used in the payment flow could have been generated by any “Issuer-TSP”, or on
behalf of the Issuer by a “C3SH” platform and de-tokenize by same platform before processing
in international ISO8583 network
CUB3 Acquirer
Gateway Acquirer Issuer
Token
PAN Number
CUB3-TSP ISSUER-TSP
TokenToken
PAN Number
Token Generated by
CUB3 TSP
Token Generated by
ISSUER TSP
2 3
4
1
2
3 4
ISO 8583
Merchant
mPOS
Components for Digital-Commerce
▪ CUB3TECH has developed solutions to propose secure, robust and frictionless
transactions for digital-Commerce, leveraging Tokenization
• CUB3 Payment Button (C3PB) is a solution oriented to merchants and acquirers. C3PB can be
easily integrated to the on-line payment webpage leveraging EMV and Tokenization
technologies into card-no-present environments. During the checkout process C3PB will interact
with a mobile app (Issuer´s wallet), to get and transmit dynamic payment data and generating a
full EMV transaction (EMV cryptogram, Tokenized PAN, CVC/CVV, Exp. Date, etc.)
• CUB3 Payment Plug-In (C3PP) targets consumers who want to make e-commerce transactions
in a secure way using the latest mechanisms to secure payment transactions. C3PP auto-fills
payment details in the merchant’s webpage without any manual intervention
16
Mobile Present Transactions!
C3PP Solution Scheme
17
Plug In QR Code
Merchant
Payment
Button
User clicks on
merchant’s webpage to
make a purchase
1
CUB3’s Plug-In Pay
detects an e-commerce
payment
2
CUB3’s Plug-In Pay displays a QR
Code including:
1. Transaction Amount
2. PC’s IP Address, Wi-Fi details
3. Purchase Information
3
4
CUB3 mobile app sends
transaction details to
CUB3 Tokenization
Server
CUB3’s tokenization
server replies with
payment token, CVC/CVV
and expiration date to the
mobile app
76
8
BAU transaction is processed
by the Merchant’s webpage
CUB3 Plug-In Pay autofills
payment details on the
merchant’s webpage
9
10
User captures the QR
code using his/her mobile By Wi-Fi or Bluetooth, CUB3
mobile app detects the user device
establishing connection with
CUBE Plug-In Pay
5
C3PB Solution Scheme
18
QR Code
CUB3
Payment
Button
User clicks on
merchant’s webpage to
make a purchase
1
CUB3’s Payment Button
processes the online
payment
2CPB displays a QR Code including:
1. Transaction Amount
2. PC’s IP Address, Wi-Fi details
3. Purchase Information
3
4
CUB3 mobile app sends
transaction details to
CUBE Tokenization
Server
CUB3’s tokenization
server replies with
payment token, CVC/CVV
and expiration date to the
mobile app
76
8
Online payment is processed as
a regular EMV transactionCUB3 Payment Button
generates the online payment
as a EMV transaction
9
10
User captures the QR
code using his/her mobile By Wi-Fi or Bluetooth, CUB3
mobile app detects the user device
establishing connection with
CPB
5
Agenda
▪ Megatrends in payment marketplace
▪ Product portfolio & Software components
▪ Value propositions to the payment ecosystem participants▪ Offer for close-loop issuers
▪ Offer for mobile payment service aggregators
▪ Offer for server-based payment mobile App’
▪ Tokenization opening new horizons
▪ Takeways
19
Offer for close-loop, domestic Issuers
▪ Many Operations
▪ Domestic payment, payment + ID, payment + loyalty, etc.
▪ Vouchers companies, EBT operators, Gift cards …
▪ Challenges
• Keeping independency of operations management (payment + Value-Add in transactions)
• Seamless and simple integration with minimal impact
• No sharing of data with 3rd-parties and keeping end-customers relationship
▪ Opportunities
• Self-issued alternate PAN
• Leverage open standards and the growing contactless infrastructure (NFC, HCE, EMV and TSP
EMVCo)20
Offer for close-loop Issuers
21
* Presented as external resources, but also available « on-premises »
IssuerPOS
Acquirer
1 2
3
4
Authorization
Mobile App’ (Wallet)
CUB3 Mobile SDK
7
8
9
* CUB3
Services
Hub
6
Token
provisioning
5 10
Offer for Mobile Payment Services Aggregators
▪ Specific Set-ups
▪ Aggregation of payment services with connectors to bank (accounts/cards)
▪ Domestic payment schemes
▪ Challenges
• Keeping independency versus ICS (International Card Schemes)
• Independency of roadmaps of value-added services, tuned to each geography
▪ Opportunities
• Offer mobile proximity payment, leveraging growing contactless infrastructure
• Leverage open standards
• Ready for « Card present transactions » type, in m-commerce
22
Offer for Mobile Payment Services Aggregators
23
Mobile Payment Services Aggregator
* Presented as « on-premises » resources, but also available « CUB3aaS »
Mobile App’ (Wallet)
Core
ServicesAccounts
Management
Authorization
Server
Issuer
Issuer
Issuer
Mobile Wallet SDK
* CUB3
Services
Hub
Acquirer
POS
In-App Button
MDES
VTS
International Card Schemes
GW
Offer for server-based payment mobile App’
▪ Numerous start-up’s
▪ local / transnational
▪ Embedded in attractive verticals (Lifestyle, communities …)
▪ Challenges
• Need to grow the number of acceptance points (virtual & physical)
• Critical mass / differentiation
▪ Opportunities
1. NFC/QR universal proximity payments immediately (own tokenization management)
2. In-App payments
24
Offer for server-based payment mobile App’
25
* CUB3
Services Hub
Mobile Wallet SDK
Server-based
Payment platform
Mobile App’ (Wallet)E-merchants Brick & mortar
merchants
Enrolled
merchants
Not-yet enrolled
merchants
In-App Button
MDES
VTS
International Card Schemes
GW
With IN-App
button from ICS
With NFC/QR
code-enabled POS
Offer for e-Merchants and Acquirers
▪ Tsunami of fraud in digital-Commerce
▪ All issuers are experiencing steep growth of fraudulent e-Commerce transactions
▪ Acquirers and e-Merchants are looking for frictionless solutions to avoid drop-offs while goingthrough the payment process
▪ Challenges
• Security counter-measures implemented by Issuers (as 3D-Secure) are creating cumbersomeprocedures and results in drop-off’s
• Other solutions could be expensive (e.g. additional devices to deploy or displayable CVV2)
• Mobile devices based alternatives are favored in the marketplace, but not immune to attacks
▪ Opportunities
• Tokenization is offering elegant and secure solution, as the telephone is the central point of theflows, processing one-time and transient tokens (the real PAN never leave secured servers)
26
Offer for e-Merchants and Acquirers
27
e-Merchant
Mobile App’ (Wallet)
PSP
Acquirer Issuer
« Mobile PresentTransactions! »
* CUB3
Services Hub
PC
Agenda
▪ Megatrends in payment marketplace
▪ Product portfolio & Software components
▪ Value propositions to the payment ecosystem participants
▪ Tokenization opening new horizons
▪ Takeways
28
Tokenization … Urgency for Issuers
29
Risk management, multiplication of use-cases
Before …
Account Card
Now …
Gartner: Banks need to think in terms of secure credentialsmanagement to accomodate all the payment scenarios
Managed by the same entity Losing control …
Potential still to be leveraged !
30
The physical card is« associated » to the token
1 PAN
=
1 token
1 PAN
=
N tokens
=
N use-cases
VS.
The token is « associated » to a use-case (token domain)
Support various payment products
31
Minimize the risks
Amount control
(cumulative or not) Control of
the channel Control of
the merchant type
Authorization/exclusion
of specific merchantsControl of the
type/origin of transaction
Give autonomy and self-management
32
Master further the risks with tokens management
Give rights to others,
third-parties
Dynamic & self
management of
the tokens
▪ Virtual corporate cards
▪ Pocket money to children
▪ Guarantor to non-bancarized
people
▪ Extension of prepaid accounts
▪ Etc.
▪ The account holder is
associated to the risk
management
▪ He is in the driver seat for
protecting his/her assets
▪ Better fraud management for
issuers with incentives
Agenda
▪ Megatrends in payment marketplace
▪ Product portfolio & Software components
▪ Value propositions to the payment ecosystem participants
▪ Tokenization opening new horizons
▪ Takeways
33
HCE + Tokenization: Conclusions
▪ Higher profile▪ Own branded wallet (« Top of wallet »)
▪ Manage its own wallet rules
▪ The account/card-holder pays « with his/her financial institution »
▪ Autonomy▪ For its digitalization strategy
▪ For its deployment & offer of use-cases
▪ Evolution▪ Decides about its roadmap of services (use-cases)
▪ Adapts, depending of its clients, its markets and its competition
34
Benefits for the issuers
« HCE Industrialization & deployment fit into a broader
strategic choices issuers face to control their data, business model
and payment infrastructure »
Takeways: C3SH
▪ Connect once, deploy anywhere (unique Issuer API)
▪ Issuer-controlled tokenization with support for 3rd-party tokenization
and alternate PAN’s
▪ Wide and future-proof technology reach
▪ Supports all major international card schemes – Agnostic: CUBE
platform manages tokens from CUBE, Visa, Mastercard …
35
CUBE Services Hub:
CUBE is your « Token Factory » partner !