Meeting Space Internet Code: MAG2014

Welcome to Ft. Lauderdale!

General Session

Mark Horwedel

CEO,

Merchant Advisory Group

7-Eleven

Ahold

Alon Brands, Inc.

AMC Entertainment Inc.

American Airlines

Amtrak

Amway Corp.

Apple Inc.

Avis Budget Group

Barnes & Noble

Bealls Inc.

Best Buy

Boscov’s

Bose

Brinker International

Chevron Products, Inc.

Chick-fil-A

CITGO Petroleum

CVS Caremark

Darden

Delta Airlines

Dillard's, Inc.

Duncan Solutions

Dunkin' Brands, Inc.

Enterprise Holdings, Inc.

FedEx

GAP

Giant Eagle

Guitar Center

The Home Depot

Hughes Network Systems, LLC

Hyatt

InterContinental Hotels Group

Irving Oil Marketing Inc.

The Jones Apparel Group

Kohl’s

The Kroger Company

Kwik Trip, Inc.

Limited Brands

Love's Travel Stops & Country Stores, Inc.

Lowe's

Macy's

Marriott Vacations Worldwide Corp.

Marathon Petroleum

McDonald’s Corporation

Michaels Stores

Microsoft

Murphy Oil USA, Inc.

Office Depot

Phillips 66

Publix Super Market

PVH Corp

QuikTrip Corporation

Racetrac Petroleum, Inc.

Ralph Lauren

Redbox Automated Retail

Rite Aid

Safeway Inc.

Sears

Sheetz, Inc.

Shell Oil Product Company

Southwest Airlines Co.

Staples

Target Stores

Tesoro Refining and Marketing

The TJX Companies

Toys R Us

Universal Orlando

UPS

U.S. Postal Service

Wawa

Wakefern Food Corp.

Walgreens

Wal-Mart

The Walt Disney Company

Wegmans Food Markets, Inc.

The Wendy’s Company

Whole Foods Market Services, Inc.

Yum! Brands

MAG Members

Welcome Guest Merchants

• Amazon

• Ascena Retail

• Bi-Lo Holdings (Winn Dixie)

• Carnival Corporation

• Cox Enterprises

• Kum & Go

• Nordstrom

• Norwegian Cruise Lines

• Royal Caribbean

• Sonic

Elite Brand

Premier Gold

Elite Acquirer Brand

MAG Sponsors

Silver Sponsors

Advocacy

Communication

Conference

Finance

Membership

Newsletter Editorial Board

Website Task Force

Webinar & Education Task Force

MAG Committees

Driving positive change in the payments

industry through collaboration and

advocacy of merchants’ interests.

An improved and equitable

payments ecosystem.

MAG Mission

Vision Statement

Advocacy

Be the voice of merchants in the payments industry.

Knowledge

Enhance the knowledge of our members in the

payments industry.

Membership

Actively engage members in the payments industry.

Dynamic Association

Continuously improve our position as an influential

industry trade association.

MAG Goals

2014 Accomplishments

• 2 Bigger and better Annual Conferences

• 9 Webinars

• 4 Education sessions

• Quarterly Newsletter

• Adding value to the MAG website

• Executive merchant panels at conferences

• Broadened membership participation in committees

• Registered trademark

Tim Tynan

CEO,

Bank of America Merchant Services

Keynote Address

2014 Merchant Advisory Group Keynote Tim Tynan Chief Executive Officer September 17, 2014

Consumer evolution from cash to plastic to digital

13

42% U.S. adults

own a tablet2

1 Business Insider Intelligence “The Future of Payments 2014” and United States Federal Reserve, April 2014 2 Pew Research Center: pewinternet.org/fact-sheets/mobile-technology-fact-sheet/ 3 Deloitte: New Digital Divide: deloitte.com/view/en_US/us/Industries/Retail-Distribution/5e8b875282d15410VgnVCM3000003456f70aRCRD.htm 4 Internet Retailer: internetretailer.com/trends/mobile-commerce/us-retail-m-commerce-sales-via-smartphones-tablets/

U.S. eCommerce and mCommerce Sales4

2014

2015

2016

2017

$57B

$76B

$98B

$114B

$296B

$338B

eComm mComm

$384B

$434B

2013 U.S. Consumer payment volume by payment type and share of total1

40% 42%

7% 11%

Cash Debit + Credit

Check All other

Cards exceed cash for the

first time

Digital technologies influence 36% or $1.1T of in-store retail sales3

58% U.S. adults

own a smartphone2

Shift to digital payments presents tests and opportunities

14

1The Payments Security Task Force press release, August 13, 2014 2 Ponemon Institute: 2014 Cost of Data Breach Study: ibm.com/services/us/en/it-services/security-services/cost-of-data-breach/ 3McAfee 2013 Study: “The Economic Impact of Cybercrime and Cyber Espionage” 4 reportsnreports.com/reports/288019-the-big-data-market-2014-2020-opportunities-challenges-strategies-industry-verticals-and-forecasts.html 5 McKinsey: mckinseyonmarketingandsales.com/loyalty-lost-your-best-customers-are-cheating-on-you

0000 1111 2222 3333

575 million EMV chip

cards issued by EOY 20151

43% U.S. merchants saw

credit/debit fraud in 20133

!

$200 per stolen record

for a U.S. data breach2

OPEN 24x7x365

Global, multi-channel and digitally enabled consumer

engagement

101001001110100101010010110110

$30 billion invested in

Big Data to increase Time To Answer (TTA) speed4

Your best customers still spend

25%-50% of their dollars

with your competition5

Defining business priorities to support merchant growth

15

Sharp client focus

Talent Relationships

Tools

1

Digital solutions

Collaboration Customer experience

Solutions

2 Advocacy

Associations Knowledge

Representation

3

16

© 2014 Banc of America Merchant Services, LLC. All rights reserved. All trademarks, service marks and trade names referenced in this material are the property of and licensed by their respective owners. Merchant Services are provided by Bank of America, N.A. and its representative Banc of America Merchant Services, LLC. Banc of America Merchant Services, LLC is not a bank, does not offer bank deposits, and its services are not guaranteed or insured by the FDIC or any other governmental agency.

Improving Customer Authentication for Remote Payments

September 17, 2014 9:15 – 10:15

18

• Nandan Sheth – Acculynk

• Alasdair Rambaud – CardinalCommerce

• Chris Priebe – Southwest Airlines

• Jamie Henry – Walmart

• Moderator: Dave Lott – FRB-Atlanta, Retail Payments Risk Forum

Panel Members

19

Identity Authentication A Need As Old as Time

20

• Accepted authentication factors:

– Something you know

• ID/Passwords, PINs, KBAs

– Something you have

• Card, phone, token

– Something you are

• Biometrics, gesture, keystroke

• Recent European Payment Service Directive requires robust customer authentication methods for CNP transactions

Authentication Factors

21

New Challenges

Passwords aren't dead, though maybe yours should be Despite all those "death to passwords" chants, some say it's still a solid form of authentication -- when users aren't being stupid about theirs.

-CSO Online, By Taylor Armerding January 09, 2012

22

• According to CyberSource’s 2013 annual fraud report, online fraud in the U.S. and Canada was an estimated $3.5 billion in 2012

– Up from $3.4 Bn in 2011, but down from high of $4.0 Bn in 2008

• Average fraud rate of .9% of online revenue

– Mobile commerce fraud rate overall of 1.4%

– Fraud rate on international orders was 1.6%

Online Fraud Numbers

Card-Not-Present Fraud Shift

0

100

200

300

400

2004 2005 2006 2007 2008 2009 2010 2011 2012

UK France Canada Australia

(local currency)

Sources: Financial Fraud Action UK, The Observatory for Payment Card Security, Canadian Bankers Association, Australian Payments Clearing Association.

23

24

• Nandan Sheth – Acculynk

• Alasdair Rambaud – CardinalCommerce

• Chris Priebe – Southwest Airlines

• Jamie Henry – Walmart

• Moderator: Dave Lott – FRB-Atlanta, Retail Payments Risk Forum

Panel Members

25

PaySecure: Global Gateway for US Merchants

Only provider for Global PIN

Debit

100% Shift of Fraud Liability

MAJOR ONLINE MERCHANTS

HAVE ADOPTED

PAYSECURE FOR THE

FOLLOWING REASONS:

Single Connection

Multiple Markets

New Sources of Revenue

Cost Reduction

Friction-Free

Consumer Experience

Access to billions of

new global customers

Only provider for Global PIN

Debit

26

• Cardinal is the global leader and pioneer for authenticating payments, alternative payments, and secure transactions.

SOLUTION DESIGN

Cardinal Consumer

Authentication Tokenization

Alternative Payments

Mobile

Other Connected Device

BIG DATA

PC

Products

Devices

26

27

• Nandan Sheth – Acculynk

• Alasdair Rambaud – CardinalCommerce

• Chris Priebe – Southwest Airlines

• Jamie Henry – Walmart

• Moderator: Dave Lott – FRB-Atlanta, Retail Payments Risk Forum

Panel Members

28

• User ID / Password

• Knowledge Based Answers

• Transaction Scoring

• Device Fingerprinting

• One Time Passwords – Hardware

• Biometrics

• FI Issued PIN

• Behavioral Scoring

• 3D Secure

• Geo-location Verification

Authentication Methodologies

Authentication Panel Scoring

Alasdair Chris Jamie Nandan Avg.

User ID/Password 5 4 2 3 3.5

KBAs 6 4 3 5 4.5

Transaction Scoring 7 8 4 6 6.3

Device fingerprinting 5 8 3 5 5.3

One Time Passwords 5 4 1 9 4.8

Biometrics 8 8 4 8 7.0

FI Issued PIN 8 8 6 9 7.8

Behavioral Scoring 8 1 5 6 5.0

3D Secure 9 5 2 2 4.5

Geolocation Verification 6 5 4 4 4.8

Upcoming Agenda

10:45 a.m. Digital Security

12:00 p.m. Networking Lunch

1:00 p.m. Keynote: Donald Boeding

Networking Break 10:15 a.m. – 10:45 a.m.

Digital Security: A Framework and Approach to

Manage Security Investments vs. Today’s Risks

Doug Rodewald

Partner, W. Capra Consulting Group

& Terry Mahoney

Partner, W. Capra Consulting Group

The world has changed …

The world has changed …

• Utilized some form

of hacking 81%

• Incorporated malware 69%

Source: 2012 Data Breach Investigations Report A study conducted by the Verizon RISK Team with cooperation from the Australian Federal Police, Dutch National High Tech Crime Unit, Irish Reporting and Information Security Service, Police Central e-Crime Unit, and United States Secret Service. Source: 2008 Data Breach Investigations Report A study conducted by the Verizon RISK Team with cooperation from the Australian Federal Police, Dutch National High Tech Crime Unit, Irish Reporting and Information Security Service, Police Central e-Crime Unit, and United States Secret Service. http://www.verizonenterprise.com/resources/security/databreachreport.pdf

2012: Focused

• Attributed to a

significant error 62%

• Resulted from hacking and intrusions

59%

2008: Opportunistic

+ + +

+ +

+

+ +

The journey is not new

+

0% 10% 20% 30% 40% 50% 60%

CIO/CTO/IT Manager

CSO/CISO/Infosec Manager

Security Administrator

IT Administrator

CEO/COO or Highest Level …

Compliance Officer

Business Unit Director/Manager

Privacy Officer

Other

PCI garnished IT’s attention

Source: SANS 2013 Critical Security Controls Survey: Moving From Awareness to Action Who im your organization is aware of and supportive of adopting Critical Security Controls?

+ + +

+ +

+

+ +

The debate is not new

+ + +

+ +

+

+ +

+ ….

The end game is not known

A multi-faceted approach is required to

protect all parties

the consumer

the merchant

the industry

Where to start …

Source: SANS 2013 Critical Security Controls Survey: Moving From

Awareness to Action

5% 10% 15% 20% 25% 30% 35% 40% 45%

IT/Operational Silos

Personnel Skills Gap

Prioritization of which Controls to …

Lack of Visibility into Risks and Events

Lack of Strategtic or Tactical Planning

Lack of Means to Integrate and …

Lack of Management Support

Unclear or Confusing Requirements

Mergers/Acquisitions/Changing …

Other

… the challenges

Offense informs defense Prioritization Metrics

Continuous monitoring Automation

… the approaches

… the methodology

Step 1. Perform Gap Assessment Step 2. Develop an Implementation Roadmap Step 3. Implement the First Phase of Controls Step 4. Integrate Controls into Operations Step 5. Report and Manage Progress

… the methodology

Phases of the Roadmap

Quick

Wins

Improved

Visibility and

Attribution

Hardened

Configuration

and Improved

Information

Security Hygiene

Advanced

• Adding security requirements will most likely change designs and plans

… the complexity

… the investment decision

Investment = $$$, people and focus

The Panel

Ash Forsyth Manager, Technical Solutions, TNS

Dean Sheaffer SVP Financial Services, Chief Compliance Officer, Boscov’s, Inc.

Doug Rodewald Partner, W. Capra Consulting Group

Networking Lunch

12:00 p.m. – 1:15 p.m.

Upcoming MAG Webinars

October Rethinking CNP

November EMV Update

December Tokenization

Driving Change to Meet Consumer Expectations

Donald Boeding

President of Merchant Services, Vantiv

Driving Change to

Meet Consumer Expectation

51

Who is Vantiv?

40 YEARS

Payment

Processing

Innovation

#1 IN U.S.A

PIN Debit

Acquirer

#3 IN U.S.A.

Merchant

Transaction

Acquirer

52

Who is Vantiv?

TRANSACTIONS

P E R Y E A R

MERCHANT

LOCATIONS

NATIONWIDE

500K EMPLOYEES

NATIONWIDE

2700+ 16.9B

53

Snapshot of the Last Decade in Payments

• More transactions

• More players

• More complexity

• More reliance on end-to-end value-chains

Cash

Era

Card

Era

+1,

2007-2012

Device

Era

In the year 2000

Drivers of the New Commerce,

Payments Landscape

54

Social Loyalty and Advertising

Cloud Mobile

Next Gen POS

Online

Omni-channel commerce

Big data

55

1. Consumer Behavior

• Rapidly evolving preferences for omni-channel engagement and experience

• Need for increased convenience and instant gratification

• Heightened expectations around value, loyalty and rewards, social

recommendations and collaborative buying

Five Real Trends Create Both Opportunity & Risk

Addressing OmniConsumer - Shop Anytime, Anywhere, Anyhow

56

8:15 am Buying Groceries Going to Work

8:45 am Daily Coffee

12:15 pm Window Shop on Break

12:30 pm Rewards at Lunch

3:30 pm Quick Game Break

3:30 pm Uber to Dinner

8:00 pm Pay the Tab

9:00 pm One Click Movie Rental

57

2. Competition

• Stiff competition for wallet share

• Emergence of non-traditional new entrants (e.g. Amazon Fresh, Rue La La,

Birchbox, pop-up shops, subscription shopping services)

• Leveraging technology platforms to meet the needs of affluent, tech savvy

and quality-focused consumers

Five Real Trends Create Both Opportunity & Risk

58

3. Technology Convergence

• POS / online / mobile acceptance

• Beacons and location based services

• Integrated, flexible software platforms

• Software as a Service

Five Real Trends Create Both Opportunity & Risk

Payments

Acceptance Value Added

Services

Core

Services

Core

Payments 3rd Party Value-

Added Services

Developer

Platform

59

Cloud Platform

Customers and Solution Providers

Mobile Online Tablet Terminals

Solving for Technology Convergence

60

4. Regulation & Compliance

• “U2DAAP” – Undesirable, Unfair, Deceptive and Abusive Acts and Practices

• Oversight of Third-party Payment Processors

• Consumer Privacy

Five Real Trends Create Both Opportunity & Risk

61

5. Security & Risk

• Widespread and systematic collection and storage

• Consumer data, credentials and payment instrument details

• Increases target value of many businesses

• Increases their exposure in turn

Five Real Trends Create Both Opportunity & Risk

Keeping Data Assets Safe—A Multi-Pronged Approach

Turnkey proprietary products

Mobile acceptance & mPOS

Mobile acceptance and mPOS system

Value : SMB solution or non-integrated pilot of mobile experiences

Basic acceptance

Full mPOS

Value : Option to outsource consumer payment/ loyalty application, or link to 3rd-party apps

FraudTheft

Physical

Attacks

System

Breach

Account

Data

Compromise

Counterfeit

Cards

Lost/

Stolen

Cards

P2PE /

Tokens

EMV

Chip

EMV

PINPolicy &

Inspection

Driving Payments Strategies that Solve Real Challenges

63

64

Driving enhancements in core payments processing

environments, network connectivity, and security

Scale, Speed, Reliability and Trust

• Exceed core expectations

• Reduce complexity

• Add value with new products and

services

65

Understanding Acceptance Costs

Making sense of what’s driving cost components to uncover

opportunities

• Expand reach – offer consumers

the choices they want

• Reducing fraud with improved

decisioning tactics

• Optimize card brand routing to meet

your strategy

66

Consumer Experience

How do you want your customers to interact with you?

• Create customer acquisition

and engagement

• Enable the omni-commerce

experience

• Reinforce customer

relationships

67

Technology Innovation

Making new things possible

• Support mobile solutions

• Simplify implementation efforts

• Preserve merchant choice

• Move faster

68

Trusted Advisor and Advocate

People make all the difference

• Develop relationships

• Understand what’s important

• Provide strategic guidance

and tactical support

Take Away These Thoughts

Technology has enabled seismic shifts in how consumers shop & pay as well as who you’re competing against for their transaction

Sticking-to-the-knitting. Keeping acceptance costs low.

The payment transaction remains at the core. More strategic than ever.

Integrating global payments acceptance systems without creating additional complexity. Investing too many resources against ever-changing security, fraud and compliance.

Make sure your Trusted Advisor, Trusted Advocate is in the boat rowing with you.

69

Thank You! Questions?

The Future of Transaction.

TODAY.

UnionPay: A Growth Opportunity for

Merchants and Acquirers

Miriam Park

September 17, 2014

UnionPay Overview

Analysis of Chinese Travelers

Value-added to Merchants

China UnionPay

• Established in 2002, headquartered in Shanghai

• Largest bankcard association in the world

• Member of EMV Co.

• 140+ geographic markets accept UnionPay cards

• 30+ markets issue UnionPay cards

• 100% of domestic Chinese familiar with UnionPay

brand (AC Nielsen)

UnionPay International

• Wholly-owned subsidiary of China UnionPay

• UPI oversees the international business of

UnionPay, accelerating entrance and growth in

global markets -- collaborating with members and

merchants

• Manages operating platform that connects

UnionPay international acquirers and issuers -- in

line with global rules and standards

• Creates product standards

• Promotes usage of UnionPay cards globally

through merchants and direct to consumers

• Manages UnionPay International brand in global

markets

Global Acceptance

•China acceptance at 100% POS & 100% ATMs

• 5.5 million merchants, 540,000 ATMs

•U.S. acceptance at +70% POS & +90% ATMs

• Partnerships with Discover, Pulse, NYCE, Elavon

Global Merchant

acceptance

20,000,000

Global ATM

acceptance

1,600,000

Rapid Growth

No. 1 in Global Cards in

circulation at 4.2 billion worldwide

No. 1 in Debit Card volume

No. 2 in Purchase Transaction

Volume processed at $5.1 trillion

Since 2009, UnionPay has achieved an average growth rate of about 50% per

year on transaction volume globally

Source: Nilson Report

Rapid Growth

UnionPay Business in U.S.

Tier I cities

Greater New York

Greater Los Angeles

Las Vegas

Greater San Francisco

Honolulu

Guam and Saipan

Tier II cities:

Greater Washington DC

Chicago

Boston

Houston and Dallas

Seattle

Miami and Orlando

Merchants breakdown 2013

UnionPay volume in the US has grown about 200% over the past three years

UnionPay Overview

Analysis of Chinese Travelers

Value-added to Merchants

Chinese Travelers Going Global

Source: China National Tourism Administration, Global Blue

• Chinese outbound travelers more than doubled since 2008, while overseas expenditure grew

even more aggressively

• The largest outbound travel group, Chinese travelers spent $2,200 in 2013 per international

trip

Outbound Chinese Visitors (Mil) Overseas Expenditure (Bil $)

Chinese Visitors

Source: UnionPay internal research; China National Tourism Administration, 2013

Departure Overseas

Expenditure

2. Macau

5. Taiwan

8. Vietnam

7. USA

1. Hong Kong

4. South Korea

6. Singapore

3. Thailand

9. Malaysia

10. Japan

2. USA

5. Australia

8. Japan

7. Thailand

1. Hong Kong

4. Taiwan

6. South Korea

3. Macau

9. Singapore

10. France

Top 10 countries

Americas 2.5% # of Travelers

8% Expenditure

Europe 3.2% # of Travelers

4.4% Expenditure

Asia 81.2% # of Travelers

49% Expenditure

Oceania 1.1% # of Travelers

4.7% Expenditure

Destination regions for Chinese

overseas travelers

Chinese Visitors to U.S.

Source: US Department of Commerce, UnionPay internal research

• Chinese visitors come to U.S. for leisure and visiting friends and relatives

• Total travel and tourism expenditures were $10 billion in 2013 and will grow to $17.5 billion in

2016

• 64% of Chinese visitors to U.S. choose to pay with cards

Chinese Visitors to U.S. Payment Type of Chinese Visitors

to U.S. (2012)

Asian Visitors

Source: US Department of Commerce

2013 2016

Number of Tourist

（000） Growth rate

Number of Tourist

（000） Growth rate

Japan 3,730 0.90% 3,843 1.0%

Korea 1,360 8.70% 1,604 5.7%

India 859 18.60% 1,164 10.7%

Taiwan 385 32.50% 516 10.3%

Total 6,334 7,127

• An additional 6.3 million tourists visited the U.S. from other Asian countries --

Japan, Korea, India and Taiwan – increasing to 7.1 million in 2016

UnionPay Overview

Analysis of Chinese Travelers

Value-added to Merchants

New Customers

Travelers

• 2 million Chinese will visit the U.S. in 2014

• 85% of Chinese travelers list ‘shopping’ as a primary activity during trip

• Chinese tourists are top spending travelers averaging $9,797 per trip

• Chinese travelers make purchases on behalf of friends and family while

abroad

Students

• China has a large student population studying in the U.S. >270,000

• U.S. is the most popular study-abroad location for Chinese students

Source: New York Times; US Department of Commerce

Fastest

growing

nationality of

foreign

students

Fastest

growing

segment by

number of

travelers and

spend

• Globally, UnionPay now ranked:

No.1 by issued Cards

No.2 by transaction volume

No.3 by number of transactions

Growing Brand Awareness

• Large Asian population in U.S., among which 3.8 million are Chinese

• Outbound Chinese tourists will reach 2 million in 2014

• Chinese students studying in U.S. > 270,000

Chinese population and

tourists

• UnionPay operates merchant marketing campaigns with hotels, travel agencies and its issuers

Attractive cardholder rewards and benefits

Joint Promotion

• 400 global Members

• Strategic cooperation with global merchants

• Partnerships with 30 major travel agencies in China

Strong Partnerships

UnionPay Advantages

Source: U.S. Census Bureau 2012 American Community Survey

UnionPay Card Segments

Mass

Affluent

High net wealth

Emerging Affluent

CONSUMER PRODUCT Credit ~ Debit ~ Prepaid

COMMERCIAL PRODUCT Business ~ Corporate ~ Purchasing

Diamond Credit/Debit

Platinum Credit/Debit

Gold Credit/Debit

Classic Credit/Debit/Prepaid

Purchasing Gold / Classic Debit/Prepaid

Business/Corporate Platinum Credit/Debit

Business/Corporate Diamond Credit/Debit

Merchant Readiness

UnionPay and the Acquirer works with the Merchant to

ensure the merchant customer experience includes the

UnionPay brand

POS

Merchant ensures UnionPay logo is displayed and sales

team is trained and ready

Ecommerce (UPOP)

Acquirer and merchant implements the technical

integration needed to ensure customer authentication for

UnionPay credit and debit cards

Merchant Marketing

2014 Q1 Q2 Q3 Q4

Super Shop Campaign World’s TOP 60

International Airport

Duty Free

World’s TOP 40

Shopping Districts

World’s TOP 20

Travel Destination

Campaign

Where strategically relevant, UnionPay works with acquirers and

merchants to create promotions to drive UnionPay cardholders to

merchant physical locations and ecommerce sites

Merchant Marketing

Campaigns are supported by:

• Issuer statement inserts

and marketing

• Digital display ads

• Social media/PR

• Travel packages tie-ins

Thank You

On behalf of the UnionPay International team,

thank you for the opportunity to tell our story

and work with you to drive new customers and

new sales volume for your business

Using Omni-Channel Strategies to

Create the Right Payment Experience

at the Right Time for Your Customers

Peter Georgopulos

Vice President, Merchant Retail Sales,

ACI Worldwide

The Omni-Channel Payments Challenge

New Tenders & Sales Channels continue to grow: In the Store: Gift Cards, Check, Private Label, ACH

On-Line: PayPal, SecureCode, Amazon

Mobile: Square, Wallets, mPOS

Key services to engage customers, mitigate fraud, and protect cardholder data are not leveraged across channels.

Customers want a simple, consistent shopping experience across multiple touch-points and aren’t getting it.

Payment systems are locked in silos which creates complexity for Merchants and confusion for customers.

That was then … How would you like to pay for that? Cash or Check?

and this is now … How (and where)

would you like to pay for that …. Cash, Check,

Card, PayPal, Wallet , Bitcoin, …?

The Simplest – Taking Cash or Check

Store

Register Consumer

Retail STOREFRONT` CUSTOMER CHECKOUT

CUSTOMER ACCOUNT

MERCHANT ACCOUNT

How would you like to pay for that? Cash or Check?

Taking a Credit Card

BANK CARD PAYMENT SILO

MERCHANT ACCOUNT

CUSTOMER ACCOUNT

Enterprise MERCHANT HQ

Store

Register Consumer

Retail STOREFRONT` CUSTOMER CHECKOUT

How would you like to pay for that? Charge it?

BANK CARD PAYMENT SILO

MERCHANT ACCOUNT

BANK CARD ACCOUNT

Enterprise MERCHANT HQ

Store

Register Consumer

Retail STOREFRONT` CUSTOMER CHECKOUT

How would you like to pay for that? Credit ,

Debit, Gift, Other?

PRIVATE LABEL ACCOUNT

GIFT CARD ACCOUNT

LOYALTY CARD ACCOUNT

Riding the Card Rails Debit, Prepaid, Loyalty, FSA, EBT, ACH ..

Taking Card Payments Online

BANK CARD PAYMENT SILO

MERCHANT ACCOUNT

Enterprise MERCHANT HQ

Store

Register Consumer

Retail STOREFRONT` CUSTOMER CHECKOUT

How would you like to pay for that? Credit, PayPal or Coupon?

CUSTOMER ACCOUNT

ONLINE PURCHASE

Web Server Server

INTERNET PAYMENT SILO

CUSTOMER ACCOUNT

Taking “Smart” Payments

BANK CARD PAYMENT SILO

MERCHANT ACCOUNT

Enterprise MERCHANT HQ

Store

Register Consumer

Retail STOREFRONT` CUSTOMER CHECKOUT

How would you like to pay for that? Smart Card, Smart Phone?

CUSTOMER ACCOUNT

ONLINE PURCHASE

WEB SHOPPING CART SERVER Server

INTERNET PAYMENT SILO

CUSTOMER ACCOUNT

MOBILE PAYMENT SILO

CUSTOMER ACCOUNT

Mobile Transaction

IN-STORE SMART PHONE PURCHASE`

IN-STORE M-POS PURCHASE

IN-STORE SMART CARD PURCHASE

Taking Other Payments

BANK CARD PAYMENT

SILO

MERCHANT ACCOUNT

Enterprise MERCHANT HQ

Store

Register Consumer

Retail STOREFRONT` CUSTOMER CHECKOUT

How would you like to pay for that? CurrentC, Google, Amazon, VISA,

Apple Pay, Bitcoin?

ONLINE PURCHASE

WEB SHOPPING CART SERVER Server

INTERNET PAYMENT SILO

MOBILE PAYMENT SILO Mobile

Transaction

IN-STORE SMART PHONE PURCHASE`

IN-STORE M-POS PURCHASE

IN-STORE SMART CARD PURCHASE

CUSTOMER ACCOUNT

CUSTOMER ACCOUNT

CUSTOMER ACCOUNT

CUSTOMER ACCOUNT

FUTURE PAYMENT SILO

Challenge with Payment Silos

The payment experience can be radically different depending on the channel Customers payment options are limited Creates confusion and abandonment

Merchants do not have a single view of the customer across all channels Multiple databases Multiple third party relationships Multiple Tokens

The payment ecosystem is fragmented and inefficient Lowers the quality of service to customers Increases costs Complicates cardholder data security Complicates Accounting

The Solution: An Enterprise Payments Platform

ENTERPRISE PAYMENTS PLATFORM

MERCHANT ACCOUNT

Enterprise MERCHANT

HEADQUARTERS

Store

Register Consumer CUSTOMER CHECKOUT

ONLINE PURCHASE

WEB SHOPPING CART SERVER Server

Mobile Transaction

IN-STORE SMART PHONE PURCHASE`

IN-STORE M-POS PURCHASE

IN-STORE SMART CARD PURCHASE

CUSTOMER ACCOUNT

Enterprise Payments Platform Model “Switzerland”

POS APPLICATIONS

AUTHORIZERS

MOBILE

PAYMENT TERMINALS

ACQUIRERS

AUTHENTICATION FEATURES

Token Vault

THANK YOU From

Pete Georgopulos

VP US Merchant Sales

peter.georgopulos@aciworldwide.com

Securing CNP - Beyond

Tokenization & P2PE

Itai Sela

CEO, B2 Payments USA

What are we trying to protect ?

Payment transactions across all payment channels

Counterfeit/Skimming – only the true genuine card

should be used

Lost and stolen – only the owner of the card should be

able to use the card

Securing cardholder data will not solve these issues

Why???

Two ways to secure cardholder data:

Keep it a secret – P2PE and Tokenization

Problem - cardholder information

is on the front of the card and

encoded on the magstripe in the clear

De-value data – EMV

Problem – can only be used when the card is present as a

physical security component is needed

How Should We Protect Payments?

Cardholder data is like your phone number – are we

afraid to give that out to someone? Why are we not afraid to

give out our Banking information?

Consumers shouldn’t be impacted –

we need a consistent payment experience across all channels

Security needs to be designed in a different way – we can’t

keep the fraudsters out so we need to make sure they have

nothing to gain by breaking in………

Where Are We Today? PCI (P2PE & Tokenization) and EMV are the de-facto security

methods to protect CNP and card present today

PCI only protects cardholder data which can not give the level of

security we need - hence we are implementing EMV

EMV will cause fraud migration to CNP

EMV was designed to be used in card present but the method of de-

valuing data must be and can be used in CNP

EMV is proven to reduce fraud in card present so why are we looking

for a different method for CNP?

Security Issues With CNP Merchants take the liability on CNP – we need to find a

solution that will shift that liability back to the issuers

CNP is all about merchant based scoring and fraud rules =

statistics and probability – these will never have the assurance

of cryptography (which is what EMV is all about)

Most solutions only impact the merchant and not the issuer

Use of CVV2/CVC2/CSC/CID has lost it’s value as a protection

for CNP as it is used in card present transactions – it is static

and therefore still a problem

Looking Ahead De-value of data and securing transaction data (and not just

cardholder data) is the only way to reduce fraud across all channels

CNP is a problem for both the issuer and the merchant and therefore

both should invest in it

Trying to use many security options doesn’t always help and

definitely keeps the cost high for all participants (i.e. CVV2/CVC2 in

card present transactions, last 4 digits, zip code etc.)

So what can be done to protect CNP?

EMV in CNP

EMV in CNP – Why?

It is supported through all form factors – cards and later mobile

phones

Consistent consumer experience that enhances consumer

confidence – without my card or my phone a transaction can

NOT be conducted

Can be supported today with minimal impact to merchants –

cost will be on the card side – issuers are already replacing all

cards for EMV

Itai Sela – CEO B2 USA 555 Northpoint Center, Suite 400, Alpharetta, GA 30022 Itai.sela@b2ps.com 1-855-730-9827 x3

Upcoming Agenda

3:15 p.m. Acquirer Roundtable

4:05 p.m. Update on Merchant-Financial

Services Cybersecurity Partnership

4:50 p.m. Closing Remarks

Networking Break

2:45 p.m. – 3:15 p.m.

Acquirer Roundtable

Moderator: Jason Oxman

CEO, ETA

Panelists

John Nicola Head US eCommerce, First Data

Ian Drysdale EVP, Head of Business Development, Elavon

James Ray Head of Multinational Corporation Sales, Chase Paymentech

Bob Baldwin Vice Chairman, Heartland Payment Systems

Jeff Ecker Vice President of Product Integration, TD Merchant Services

Update on Merchant-Financial Services Cybersecurity Partnership

Brian Dodge Executive Vice President, Communications & Strategic Initiatives

Retail Industry Leaders Association

Update on Merchant-Financial Services Cybersecurity Partnership Presenter: Brian Dodge (EVP, Communications & Strategic Initiatives, RILA)

Update on Merchant-Financial Services Cybersecurity Partnership Presenter: Brian Dodge (EVP, Communications & Strategic Initiatives, RILA)

Congressional Hearings - Jan – April

Senate

• Banking

• Commerce

• Homeland Security (2)

• Judiciary (3)

House of Representatives

• Energy & Commerce (2)

• Financial Services

• Homeland Security (2)

RILA Board of Directors Instruction

• Pursue Stronger Payments Security Technology

• Do NOTHING that Undermines Confidence in Credit and Debit Cards

• If Possible, Find Ways to Work with Banks and Networks Rather than Fighting

Assembled Coalition of 19 Member Associations in February 2014

Financial Merchant

American Bankers Association Consumer Bankers Association Electronic Transactions Association Financial Services Forum Financial Services Roundtable Independent Community Bankers of America The Clearing House NACHA

American Hotel and Lodging Association Food Marketing Institute International Council of Shopping Centers International Franchise Association Merchant Advisory Group National Association of Chain Drug Stores National Association of Convenience Stores National Grocers Association National Restaurant Association National Retail Federation Retail Industry Leaders Association

Mission: To work collaboratively across the payments system to enhance security in order to protect customers and their data from cyber threats.

Goals:

• Improve overall security across the payments ecosystem among all key participants

• Bolster consumer confidence in the security of their payment data and the systems used to process payments

Advisory Committee CEOs of 19 Associations

Threat Information

Sharing

Payment Security

(Card Not Pres.)

Cyber Risk Mitigation

Payment Security

(Card Present)

Legislative and

Regulatory

Threat Information Sharing: Advance information sharing of cyber threats and

vulnerabilities within and between the retail and financial services industries to

enhance efforts to identify, thwart and defend against attacks.

• Building Trust

• Phishing, Brute Force Attacks

• Threat Information Sharing Models

• Defining “Actionable” Intelligence

Future focus: metrics on info sharing with government and coordination

with law enforcement agencies

Cybersecurity Risk Mitigation: Facilitate discussions with key stakeholders in the

payments ecosystem to educate broadly on successful practices for

cybersecurity and cyber risk mitigation.

• Vendor Management

• Detecting Vulnerabilities

• Setting priorities for Responding to Incidences

• Measuring Effectiveness

• Communicating with Boards of Directors and Senior Management

Future Focus: Cyber/Risk Analytics and Reporting

Advanced Card Present Security Technology: Identify needs for technological

innovation in the card present payments ecosystem, and promote such

innovation to both enhance and protect the security of the data and to render

stolen data useless to attackers.

Card Not Present and Mobile Security: Identify and collaborate on the

development and implementation of methods to enhance payment security in

the mobile and card-not-present environments.

Advanced Card Present Security Technology (Cont.):

Card Not Present and Mobile Security (Cont.):

• Tokenization Strategies and Proposals

• Strategies to Educate Consumers about Chip Cards.

• Discussed Authentication Challenges in Card Not Present and Mobile Marketplace.

• Survey of Priority Deliverables: render stolen data useless to attackers, provide input into developing standards, phase out the use of the magnetic stripe, customer experience best practices, and promote competition for security innovation in payments technology

Legislative and Regulatory: Identify & support legislation to enhance cybersecurity and

rationalize data breach notification standards.

• Testified before Senate Homeland Security Committee on April 2.

• Reached general consensus on language related to a national breach notification standard.

• Encountered differences on national data security standards, including scope and regulation/enforcement.

Where are we and What is Next?

Thank You

Questions?

Mark Horwedel

CEO,

Merchant Advisory Group