Welcome to Ft. Lauderdale! - Merchant Advisory Group · Welcome to Ft. Lauderdale! General Session...
Transcript of Welcome to Ft. Lauderdale! - Merchant Advisory Group · Welcome to Ft. Lauderdale! General Session...
Meeting Space Internet Code: MAG2014
Welcome to Ft. Lauderdale!
General Session
Mark Horwedel
CEO,
Merchant Advisory Group
7-Eleven
Ahold
Alon Brands, Inc.
AMC Entertainment Inc.
American Airlines
Amtrak
Amway Corp.
Apple Inc.
Avis Budget Group
Barnes & Noble
Bealls Inc.
Best Buy
Boscov’s
Bose
Brinker International
Chevron Products, Inc.
Chick-fil-A
CITGO Petroleum
CVS Caremark
Darden
Delta Airlines
Dillard's, Inc.
Duncan Solutions
Dunkin' Brands, Inc.
Enterprise Holdings, Inc.
FedEx
GAP
Giant Eagle
Guitar Center
The Home Depot
Hughes Network Systems, LLC
Hyatt
InterContinental Hotels Group
Irving Oil Marketing Inc.
The Jones Apparel Group
Kohl’s
The Kroger Company
Kwik Trip, Inc.
Limited Brands
Love's Travel Stops & Country Stores, Inc.
Lowe's
Macy's
Marriott Vacations Worldwide Corp.
Marathon Petroleum
McDonald’s Corporation
Michaels Stores
Microsoft
Murphy Oil USA, Inc.
Office Depot
Phillips 66
Publix Super Market
PVH Corp
QuikTrip Corporation
Racetrac Petroleum, Inc.
Ralph Lauren
Redbox Automated Retail
Rite Aid
Safeway Inc.
Sears
Sheetz, Inc.
Shell Oil Product Company
Southwest Airlines Co.
Staples
Target Stores
Tesoro Refining and Marketing
The TJX Companies
Toys R Us
Universal Orlando
UPS
U.S. Postal Service
Wawa
Wakefern Food Corp.
Walgreens
Wal-Mart
The Walt Disney Company
Wegmans Food Markets, Inc.
The Wendy’s Company
Whole Foods Market Services, Inc.
Yum! Brands
MAG Members
Welcome Guest Merchants
• Amazon
• Ascena Retail
• Bi-Lo Holdings (Winn Dixie)
• Carnival Corporation
• Cox Enterprises
• Kum & Go
• Nordstrom
• Norwegian Cruise Lines
• Royal Caribbean
• Sonic
Elite Brand
Premier Gold
Elite Acquirer Brand
MAG Sponsors
Silver Sponsors
Advocacy
Communication
Conference
Finance
Membership
Newsletter Editorial Board
Website Task Force
Webinar & Education Task Force
MAG Committees
Driving positive change in the payments
industry through collaboration and
advocacy of merchants’ interests.
An improved and equitable
payments ecosystem.
MAG Mission
Vision Statement
Advocacy
Be the voice of merchants in the payments industry.
Knowledge
Enhance the knowledge of our members in the
payments industry.
Membership
Actively engage members in the payments industry.
Dynamic Association
Continuously improve our position as an influential
industry trade association.
MAG Goals
2014 Accomplishments
• 2 Bigger and better Annual Conferences
• 9 Webinars
• 4 Education sessions
• Quarterly Newsletter
• Adding value to the MAG website
• Executive merchant panels at conferences
• Broadened membership participation in committees
• Registered trademark
Tim Tynan
CEO,
Bank of America Merchant Services
Keynote Address
2014 Merchant Advisory Group Keynote Tim Tynan Chief Executive Officer September 17, 2014
Consumer evolution from cash to plastic to digital
13
42% U.S. adults
own a tablet2
1 Business Insider Intelligence “The Future of Payments 2014” and United States Federal Reserve, April 2014 2 Pew Research Center: pewinternet.org/fact-sheets/mobile-technology-fact-sheet/ 3 Deloitte: New Digital Divide: deloitte.com/view/en_US/us/Industries/Retail-Distribution/5e8b875282d15410VgnVCM3000003456f70aRCRD.htm 4 Internet Retailer: internetretailer.com/trends/mobile-commerce/us-retail-m-commerce-sales-via-smartphones-tablets/
U.S. eCommerce and mCommerce Sales4
2014
2015
2016
2017
$57B
$76B
$98B
$114B
$296B
$338B
eComm mComm
$384B
$434B
2013 U.S. Consumer payment volume by payment type and share of total1
40% 42%
7% 11%
Cash Debit + Credit
Check All other
Cards exceed cash for the
first time
Digital technologies influence 36% or $1.1T of in-store retail sales3
58% U.S. adults
own a smartphone2
Shift to digital payments presents tests and opportunities
14
1The Payments Security Task Force press release, August 13, 2014 2 Ponemon Institute: 2014 Cost of Data Breach Study: ibm.com/services/us/en/it-services/security-services/cost-of-data-breach/ 3McAfee 2013 Study: “The Economic Impact of Cybercrime and Cyber Espionage” 4 reportsnreports.com/reports/288019-the-big-data-market-2014-2020-opportunities-challenges-strategies-industry-verticals-and-forecasts.html 5 McKinsey: mckinseyonmarketingandsales.com/loyalty-lost-your-best-customers-are-cheating-on-you
0000 1111 2222 3333
575 million EMV chip
cards issued by EOY 20151
43% U.S. merchants saw
credit/debit fraud in 20133
!
$200 per stolen record
for a U.S. data breach2
OPEN 24x7x365
Global, multi-channel and digitally enabled consumer
engagement
101001001110100101010010110110
$30 billion invested in
Big Data to increase Time To Answer (TTA) speed4
Your best customers still spend
25%-50% of their dollars
with your competition5
Defining business priorities to support merchant growth
15
Sharp client focus
Talent Relationships
Tools
1
Digital solutions
Collaboration Customer experience
Solutions
2 Advocacy
Associations Knowledge
Representation
3
16
© 2014 Banc of America Merchant Services, LLC. All rights reserved. All trademarks, service marks and trade names referenced in this material are the property of and licensed by their respective owners. Merchant Services are provided by Bank of America, N.A. and its representative Banc of America Merchant Services, LLC. Banc of America Merchant Services, LLC is not a bank, does not offer bank deposits, and its services are not guaranteed or insured by the FDIC or any other governmental agency.
Improving Customer Authentication for Remote Payments
September 17, 2014 9:15 – 10:15
18
• Nandan Sheth – Acculynk
• Alasdair Rambaud – CardinalCommerce
• Chris Priebe – Southwest Airlines
• Jamie Henry – Walmart
• Moderator: Dave Lott – FRB-Atlanta, Retail Payments Risk Forum
Panel Members
19
Identity Authentication A Need As Old as Time
20
• Accepted authentication factors:
– Something you know
• ID/Passwords, PINs, KBAs
– Something you have
• Card, phone, token
– Something you are
• Biometrics, gesture, keystroke
• Recent European Payment Service Directive requires robust customer authentication methods for CNP transactions
Authentication Factors
21
New Challenges
Passwords aren't dead, though maybe yours should be Despite all those "death to passwords" chants, some say it's still a solid form of authentication -- when users aren't being stupid about theirs.
-CSO Online, By Taylor Armerding January 09, 2012
22
• According to CyberSource’s 2013 annual fraud report, online fraud in the U.S. and Canada was an estimated $3.5 billion in 2012
– Up from $3.4 Bn in 2011, but down from high of $4.0 Bn in 2008
• Average fraud rate of .9% of online revenue
– Mobile commerce fraud rate overall of 1.4%
– Fraud rate on international orders was 1.6%
Online Fraud Numbers
Card-Not-Present Fraud Shift
0
100
200
300
400
2004 2005 2006 2007 2008 2009 2010 2011 2012
UK France Canada Australia
(local currency)
Sources: Financial Fraud Action UK, The Observatory for Payment Card Security, Canadian Bankers Association, Australian Payments Clearing Association.
23
24
• Nandan Sheth – Acculynk
• Alasdair Rambaud – CardinalCommerce
• Chris Priebe – Southwest Airlines
• Jamie Henry – Walmart
• Moderator: Dave Lott – FRB-Atlanta, Retail Payments Risk Forum
Panel Members
25
PaySecure: Global Gateway for US Merchants
Only provider for Global PIN
Debit
100% Shift of Fraud Liability
MAJOR ONLINE MERCHANTS
HAVE ADOPTED
PAYSECURE FOR THE
FOLLOWING REASONS:
Single Connection
Multiple Markets
New Sources of Revenue
Cost Reduction
Friction-Free
Consumer Experience
Access to billions of
new global customers
Only provider for Global PIN
Debit
26
• Cardinal is the global leader and pioneer for authenticating payments, alternative payments, and secure transactions.
SOLUTION DESIGN
Cardinal Consumer
Authentication Tokenization
Alternative Payments
Mobile
Other Connected Device
BIG DATA
PC
Products
Devices
26
27
• Nandan Sheth – Acculynk
• Alasdair Rambaud – CardinalCommerce
• Chris Priebe – Southwest Airlines
• Jamie Henry – Walmart
• Moderator: Dave Lott – FRB-Atlanta, Retail Payments Risk Forum
Panel Members
28
• User ID / Password
• Knowledge Based Answers
• Transaction Scoring
• Device Fingerprinting
• One Time Passwords – Hardware
• Biometrics
• FI Issued PIN
• Behavioral Scoring
• 3D Secure
• Geo-location Verification
Authentication Methodologies
Authentication Panel Scoring
Alasdair Chris Jamie Nandan Avg.
User ID/Password 5 4 2 3 3.5
KBAs 6 4 3 5 4.5
Transaction Scoring 7 8 4 6 6.3
Device fingerprinting 5 8 3 5 5.3
One Time Passwords 5 4 1 9 4.8
Biometrics 8 8 4 8 7.0
FI Issued PIN 8 8 6 9 7.8
Behavioral Scoring 8 1 5 6 5.0
3D Secure 9 5 2 2 4.5
Geolocation Verification 6 5 4 4 4.8
Upcoming Agenda
10:45 a.m. Digital Security
12:00 p.m. Networking Lunch
1:00 p.m. Keynote: Donald Boeding
Networking Break 10:15 a.m. – 10:45 a.m.
Digital Security: A Framework and Approach to
Manage Security Investments vs. Today’s Risks
Doug Rodewald
Partner, W. Capra Consulting Group
& Terry Mahoney
Partner, W. Capra Consulting Group
The world has changed …
The world has changed …
• Utilized some form
of hacking 81%
• Incorporated malware 69%
Source: 2012 Data Breach Investigations Report A study conducted by the Verizon RISK Team with cooperation from the Australian Federal Police, Dutch National High Tech Crime Unit, Irish Reporting and Information Security Service, Police Central e-Crime Unit, and United States Secret Service. Source: 2008 Data Breach Investigations Report A study conducted by the Verizon RISK Team with cooperation from the Australian Federal Police, Dutch National High Tech Crime Unit, Irish Reporting and Information Security Service, Police Central e-Crime Unit, and United States Secret Service. http://www.verizonenterprise.com/resources/security/databreachreport.pdf
2012: Focused
• Attributed to a
significant error 62%
• Resulted from hacking and intrusions
59%
2008: Opportunistic
+ + +
+ +
+
+ +
The journey is not new
+
0% 10% 20% 30% 40% 50% 60%
CIO/CTO/IT Manager
CSO/CISO/Infosec Manager
Security Administrator
IT Administrator
CEO/COO or Highest Level …
Compliance Officer
Business Unit Director/Manager
Privacy Officer
Other
PCI garnished IT’s attention
Source: SANS 2013 Critical Security Controls Survey: Moving From Awareness to Action Who im your organization is aware of and supportive of adopting Critical Security Controls?
+ + +
+ +
+
+ +
The debate is not new
+ + +
+ +
+
+ +
+ ….
The end game is not known
A multi-faceted approach is required to
protect all parties
the consumer
the merchant
the industry
Where to start …
Source: SANS 2013 Critical Security Controls Survey: Moving From
Awareness to Action
5% 10% 15% 20% 25% 30% 35% 40% 45%
IT/Operational Silos
Personnel Skills Gap
Prioritization of which Controls to …
Lack of Visibility into Risks and Events
Lack of Strategtic or Tactical Planning
Lack of Means to Integrate and …
Lack of Management Support
Unclear or Confusing Requirements
Mergers/Acquisitions/Changing …
Other
… the challenges
Offense informs defense Prioritization Metrics
Continuous monitoring Automation
… the approaches
… the methodology
Step 1. Perform Gap Assessment Step 2. Develop an Implementation Roadmap Step 3. Implement the First Phase of Controls Step 4. Integrate Controls into Operations Step 5. Report and Manage Progress
… the methodology
Phases of the Roadmap
Quick
Wins
Improved
Visibility and
Attribution
Hardened
Configuration
and Improved
Information
Security Hygiene
Advanced
• Adding security requirements will most likely change designs and plans
… the complexity
… the investment decision
Investment = $$$, people and focus
The Panel
Ash Forsyth Manager, Technical Solutions, TNS
Dean Sheaffer SVP Financial Services, Chief Compliance Officer, Boscov’s, Inc.
Doug Rodewald Partner, W. Capra Consulting Group
Networking Lunch
12:00 p.m. – 1:15 p.m.
Upcoming MAG Webinars
October Rethinking CNP
November EMV Update
December Tokenization
Driving Change to Meet Consumer Expectations
Donald Boeding
President of Merchant Services, Vantiv
Driving Change to
Meet Consumer Expectation
51
Who is Vantiv?
40 YEARS
Payment
Processing
Innovation
#1 IN U.S.A
PIN Debit
Acquirer
#3 IN U.S.A.
Merchant
Transaction
Acquirer
52
Who is Vantiv?
TRANSACTIONS
P E R Y E A R
MERCHANT
LOCATIONS
NATIONWIDE
500K EMPLOYEES
NATIONWIDE
2700+ 16.9B
53
Snapshot of the Last Decade in Payments
• More transactions
• More players
• More complexity
• More reliance on end-to-end value-chains
Cash
Era
Card
Era
+1,
2007-2012
Device
Era
In the year 2000
Drivers of the New Commerce,
Payments Landscape
54
Social Loyalty and Advertising
Cloud Mobile
Next Gen POS
Online
Omni-channel commerce
Big data
55
1. Consumer Behavior
• Rapidly evolving preferences for omni-channel engagement and experience
• Need for increased convenience and instant gratification
• Heightened expectations around value, loyalty and rewards, social
recommendations and collaborative buying
Five Real Trends Create Both Opportunity & Risk
Addressing OmniConsumer - Shop Anytime, Anywhere, Anyhow
56
8:15 am Buying Groceries Going to Work
8:45 am Daily Coffee
12:15 pm Window Shop on Break
12:30 pm Rewards at Lunch
3:30 pm Quick Game Break
3:30 pm Uber to Dinner
8:00 pm Pay the Tab
9:00 pm One Click Movie Rental
57
2. Competition
• Stiff competition for wallet share
• Emergence of non-traditional new entrants (e.g. Amazon Fresh, Rue La La,
Birchbox, pop-up shops, subscription shopping services)
• Leveraging technology platforms to meet the needs of affluent, tech savvy
and quality-focused consumers
Five Real Trends Create Both Opportunity & Risk
58
3. Technology Convergence
• POS / online / mobile acceptance
• Beacons and location based services
• Integrated, flexible software platforms
• Software as a Service
Five Real Trends Create Both Opportunity & Risk
Payments
Acceptance Value Added
Services
Core
Services
Core
Payments 3rd Party Value-
Added Services
Developer
Platform
59
Cloud Platform
Customers and Solution Providers
Mobile Online Tablet Terminals
Solving for Technology Convergence
60
4. Regulation & Compliance
• “U2DAAP” – Undesirable, Unfair, Deceptive and Abusive Acts and Practices
• Oversight of Third-party Payment Processors
• Consumer Privacy
Five Real Trends Create Both Opportunity & Risk
61
5. Security & Risk
• Widespread and systematic collection and storage
• Consumer data, credentials and payment instrument details
• Increases target value of many businesses
• Increases their exposure in turn
Five Real Trends Create Both Opportunity & Risk
Keeping Data Assets Safe—A Multi-Pronged Approach
Turnkey proprietary products
Mobile acceptance & mPOS
Mobile acceptance and mPOS system
Value : SMB solution or non-integrated pilot of mobile experiences
Basic acceptance
Full mPOS
Value : Option to outsource consumer payment/ loyalty application, or link to 3rd-party apps
FraudTheft
Physical
Attacks
System
Breach
Account
Data
Compromise
Counterfeit
Cards
Lost/
Stolen
Cards
P2PE /
Tokens
EMV
Chip
EMV
PINPolicy &
Inspection
Driving Payments Strategies that Solve Real Challenges
63
64
Driving enhancements in core payments processing
environments, network connectivity, and security
Scale, Speed, Reliability and Trust
• Exceed core expectations
• Reduce complexity
• Add value with new products and
services
65
Understanding Acceptance Costs
Making sense of what’s driving cost components to uncover
opportunities
• Expand reach – offer consumers
the choices they want
• Reducing fraud with improved
decisioning tactics
• Optimize card brand routing to meet
your strategy
66
Consumer Experience
How do you want your customers to interact with you?
• Create customer acquisition
and engagement
• Enable the omni-commerce
experience
• Reinforce customer
relationships
67
Technology Innovation
Making new things possible
• Support mobile solutions
• Simplify implementation efforts
• Preserve merchant choice
• Move faster
68
Trusted Advisor and Advocate
People make all the difference
• Develop relationships
• Understand what’s important
• Provide strategic guidance
and tactical support
Take Away These Thoughts
Technology has enabled seismic shifts in how consumers shop & pay as well as who you’re competing against for their transaction
Sticking-to-the-knitting. Keeping acceptance costs low.
The payment transaction remains at the core. More strategic than ever.
Integrating global payments acceptance systems without creating additional complexity. Investing too many resources against ever-changing security, fraud and compliance.
Make sure your Trusted Advisor, Trusted Advocate is in the boat rowing with you.
69
Thank You! Questions?
The Future of Transaction.
TODAY.
UnionPay: A Growth Opportunity for
Merchants and Acquirers
Miriam Park
September 17, 2014
UnionPay Overview
Analysis of Chinese Travelers
Value-added to Merchants
China UnionPay
• Established in 2002, headquartered in Shanghai
• Largest bankcard association in the world
• Member of EMV Co.
• 140+ geographic markets accept UnionPay cards
• 30+ markets issue UnionPay cards
• 100% of domestic Chinese familiar with UnionPay
brand (AC Nielsen)
UnionPay International
• Wholly-owned subsidiary of China UnionPay
• UPI oversees the international business of
UnionPay, accelerating entrance and growth in
global markets -- collaborating with members and
merchants
• Manages operating platform that connects
UnionPay international acquirers and issuers -- in
line with global rules and standards
• Creates product standards
• Promotes usage of UnionPay cards globally
through merchants and direct to consumers
• Manages UnionPay International brand in global
markets
Global Acceptance
•China acceptance at 100% POS & 100% ATMs
• 5.5 million merchants, 540,000 ATMs
•U.S. acceptance at +70% POS & +90% ATMs
• Partnerships with Discover, Pulse, NYCE, Elavon
Global Merchant
acceptance
20,000,000
Global ATM
acceptance
1,600,000
Rapid Growth
No. 1 in Global Cards in
circulation at 4.2 billion worldwide
No. 1 in Debit Card volume
No. 2 in Purchase Transaction
Volume processed at $5.1 trillion
Since 2009, UnionPay has achieved an average growth rate of about 50% per
year on transaction volume globally
Source: Nilson Report
Rapid Growth
UnionPay Business in U.S.
Tier I cities
Greater New York
Greater Los Angeles
Las Vegas
Greater San Francisco
Honolulu
Guam and Saipan
Tier II cities:
Greater Washington DC
Chicago
Boston
Houston and Dallas
Seattle
Miami and Orlando
Merchants breakdown 2013
UnionPay volume in the US has grown about 200% over the past three years
UnionPay Overview
Analysis of Chinese Travelers
Value-added to Merchants
Chinese Travelers Going Global
Source: China National Tourism Administration, Global Blue
• Chinese outbound travelers more than doubled since 2008, while overseas expenditure grew
even more aggressively
• The largest outbound travel group, Chinese travelers spent $2,200 in 2013 per international
trip
Outbound Chinese Visitors (Mil) Overseas Expenditure (Bil $)
Chinese Visitors
Source: UnionPay internal research; China National Tourism Administration, 2013
Departure Overseas
Expenditure
2. Macau
5. Taiwan
8. Vietnam
7. USA
1. Hong Kong
4. South Korea
6. Singapore
3. Thailand
9. Malaysia
10. Japan
2. USA
5. Australia
8. Japan
7. Thailand
1. Hong Kong
4. Taiwan
6. South Korea
3. Macau
9. Singapore
10. France
Top 10 countries
Americas 2.5% # of Travelers
8% Expenditure
Europe 3.2% # of Travelers
4.4% Expenditure
Asia 81.2% # of Travelers
49% Expenditure
Oceania 1.1% # of Travelers
4.7% Expenditure
Destination regions for Chinese
overseas travelers
Chinese Visitors to U.S.
Source: US Department of Commerce, UnionPay internal research
• Chinese visitors come to U.S. for leisure and visiting friends and relatives
• Total travel and tourism expenditures were $10 billion in 2013 and will grow to $17.5 billion in
2016
• 64% of Chinese visitors to U.S. choose to pay with cards
Chinese Visitors to U.S. Payment Type of Chinese Visitors
to U.S. (2012)
Asian Visitors
Source: US Department of Commerce
2013 2016
Number of Tourist
(000) Growth rate
Number of Tourist
(000) Growth rate
Japan 3,730 0.90% 3,843 1.0%
Korea 1,360 8.70% 1,604 5.7%
India 859 18.60% 1,164 10.7%
Taiwan 385 32.50% 516 10.3%
Total 6,334 7,127
• An additional 6.3 million tourists visited the U.S. from other Asian countries --
Japan, Korea, India and Taiwan – increasing to 7.1 million in 2016
UnionPay Overview
Analysis of Chinese Travelers
Value-added to Merchants
New Customers
Travelers
• 2 million Chinese will visit the U.S. in 2014
• 85% of Chinese travelers list ‘shopping’ as a primary activity during trip
• Chinese tourists are top spending travelers averaging $9,797 per trip
• Chinese travelers make purchases on behalf of friends and family while
abroad
Students
• China has a large student population studying in the U.S. >270,000
• U.S. is the most popular study-abroad location for Chinese students
Source: New York Times; US Department of Commerce
Fastest
growing
nationality of
foreign
students
Fastest
growing
segment by
number of
travelers and
spend
• Globally, UnionPay now ranked:
No.1 by issued Cards
No.2 by transaction volume
No.3 by number of transactions
Growing Brand Awareness
• Large Asian population in U.S., among which 3.8 million are Chinese
• Outbound Chinese tourists will reach 2 million in 2014
• Chinese students studying in U.S. > 270,000
Chinese population and
tourists
• UnionPay operates merchant marketing campaigns with hotels, travel agencies and its issuers
Attractive cardholder rewards and benefits
Joint Promotion
• 400 global Members
• Strategic cooperation with global merchants
• Partnerships with 30 major travel agencies in China
Strong Partnerships
UnionPay Advantages
Source: U.S. Census Bureau 2012 American Community Survey
UnionPay Card Segments
Mass
Affluent
High net wealth
Emerging Affluent
CONSUMER PRODUCT Credit ~ Debit ~ Prepaid
COMMERCIAL PRODUCT Business ~ Corporate ~ Purchasing
Diamond Credit/Debit
Platinum Credit/Debit
Gold Credit/Debit
Classic Credit/Debit/Prepaid
Purchasing Gold / Classic Debit/Prepaid
Business/Corporate Platinum Credit/Debit
Business/Corporate Diamond Credit/Debit
Merchant Readiness
UnionPay and the Acquirer works with the Merchant to
ensure the merchant customer experience includes the
UnionPay brand
POS
Merchant ensures UnionPay logo is displayed and sales
team is trained and ready
Ecommerce (UPOP)
Acquirer and merchant implements the technical
integration needed to ensure customer authentication for
UnionPay credit and debit cards
Merchant Marketing
2014 Q1 Q2 Q3 Q4
Super Shop Campaign World’s TOP 60
International Airport
Duty Free
World’s TOP 40
Shopping Districts
World’s TOP 20
Travel Destination
Campaign
Where strategically relevant, UnionPay works with acquirers and
merchants to create promotions to drive UnionPay cardholders to
merchant physical locations and ecommerce sites
Merchant Marketing
Campaigns are supported by:
• Issuer statement inserts
and marketing
• Digital display ads
• Social media/PR
• Travel packages tie-ins
Thank You
On behalf of the UnionPay International team,
thank you for the opportunity to tell our story
and work with you to drive new customers and
new sales volume for your business
Using Omni-Channel Strategies to
Create the Right Payment Experience
at the Right Time for Your Customers
Peter Georgopulos
Vice President, Merchant Retail Sales,
ACI Worldwide
The Omni-Channel Payments Challenge
New Tenders & Sales Channels continue to grow: In the Store: Gift Cards, Check, Private Label, ACH
On-Line: PayPal, SecureCode, Amazon
Mobile: Square, Wallets, mPOS
Key services to engage customers, mitigate fraud, and protect cardholder data are not leveraged across channels.
Customers want a simple, consistent shopping experience across multiple touch-points and aren’t getting it.
Payment systems are locked in silos which creates complexity for Merchants and confusion for customers.
That was then … How would you like to pay for that? Cash or Check?
and this is now … How (and where)
would you like to pay for that …. Cash, Check,
Card, PayPal, Wallet , Bitcoin, …?
The Simplest – Taking Cash or Check
Store
Register Consumer
Retail STOREFRONT` CUSTOMER CHECKOUT
CUSTOMER ACCOUNT
MERCHANT ACCOUNT
How would you like to pay for that? Cash or Check?
Taking a Credit Card
BANK CARD PAYMENT SILO
MERCHANT ACCOUNT
CUSTOMER ACCOUNT
Enterprise MERCHANT HQ
Store
Register Consumer
Retail STOREFRONT` CUSTOMER CHECKOUT
How would you like to pay for that? Charge it?
BANK CARD PAYMENT SILO
MERCHANT ACCOUNT
BANK CARD ACCOUNT
Enterprise MERCHANT HQ
Store
Register Consumer
Retail STOREFRONT` CUSTOMER CHECKOUT
How would you like to pay for that? Credit ,
Debit, Gift, Other?
PRIVATE LABEL ACCOUNT
GIFT CARD ACCOUNT
LOYALTY CARD ACCOUNT
Riding the Card Rails Debit, Prepaid, Loyalty, FSA, EBT, ACH ..
Taking Card Payments Online
BANK CARD PAYMENT SILO
MERCHANT ACCOUNT
Enterprise MERCHANT HQ
Store
Register Consumer
Retail STOREFRONT` CUSTOMER CHECKOUT
How would you like to pay for that? Credit, PayPal or Coupon?
CUSTOMER ACCOUNT
ONLINE PURCHASE
Web Server Server
INTERNET PAYMENT SILO
CUSTOMER ACCOUNT
Taking “Smart” Payments
BANK CARD PAYMENT SILO
MERCHANT ACCOUNT
Enterprise MERCHANT HQ
Store
Register Consumer
Retail STOREFRONT` CUSTOMER CHECKOUT
How would you like to pay for that? Smart Card, Smart Phone?
CUSTOMER ACCOUNT
ONLINE PURCHASE
WEB SHOPPING CART SERVER Server
INTERNET PAYMENT SILO
CUSTOMER ACCOUNT
MOBILE PAYMENT SILO
CUSTOMER ACCOUNT
Mobile Transaction
IN-STORE SMART PHONE PURCHASE`
IN-STORE M-POS PURCHASE
IN-STORE SMART CARD PURCHASE
Taking Other Payments
BANK CARD PAYMENT
SILO
MERCHANT ACCOUNT
Enterprise MERCHANT HQ
Store
Register Consumer
Retail STOREFRONT` CUSTOMER CHECKOUT
How would you like to pay for that? CurrentC, Google, Amazon, VISA,
Apple Pay, Bitcoin?
ONLINE PURCHASE
WEB SHOPPING CART SERVER Server
INTERNET PAYMENT SILO
MOBILE PAYMENT SILO Mobile
Transaction
IN-STORE SMART PHONE PURCHASE`
IN-STORE M-POS PURCHASE
IN-STORE SMART CARD PURCHASE
CUSTOMER ACCOUNT
CUSTOMER ACCOUNT
CUSTOMER ACCOUNT
CUSTOMER ACCOUNT
FUTURE PAYMENT SILO
Challenge with Payment Silos
The payment experience can be radically different depending on the channel Customers payment options are limited Creates confusion and abandonment
Merchants do not have a single view of the customer across all channels Multiple databases Multiple third party relationships Multiple Tokens
The payment ecosystem is fragmented and inefficient Lowers the quality of service to customers Increases costs Complicates cardholder data security Complicates Accounting
The Solution: An Enterprise Payments Platform
ENTERPRISE PAYMENTS PLATFORM
MERCHANT ACCOUNT
Enterprise MERCHANT
HEADQUARTERS
Store
Register Consumer CUSTOMER CHECKOUT
ONLINE PURCHASE
WEB SHOPPING CART SERVER Server
Mobile Transaction
IN-STORE SMART PHONE PURCHASE`
IN-STORE M-POS PURCHASE
IN-STORE SMART CARD PURCHASE
CUSTOMER ACCOUNT
Enterprise Payments Platform Model “Switzerland”
POS APPLICATIONS
AUTHORIZERS
MOBILE
PAYMENT TERMINALS
ACQUIRERS
AUTHENTICATION FEATURES
Token Vault
THANK YOU From
Securing CNP - Beyond
Tokenization & P2PE
Itai Sela
CEO, B2 Payments USA
What are we trying to protect ?
Payment transactions across all payment channels
Counterfeit/Skimming – only the true genuine card
should be used
Lost and stolen – only the owner of the card should be
able to use the card
Securing cardholder data will not solve these issues
Why???
Two ways to secure cardholder data:
Keep it a secret – P2PE and Tokenization
Problem - cardholder information
is on the front of the card and
encoded on the magstripe in the clear
De-value data – EMV
Problem – can only be used when the card is present as a
physical security component is needed
How Should We Protect Payments?
Cardholder data is like your phone number – are we
afraid to give that out to someone? Why are we not afraid to
give out our Banking information?
Consumers shouldn’t be impacted –
we need a consistent payment experience across all channels
Security needs to be designed in a different way – we can’t
keep the fraudsters out so we need to make sure they have
nothing to gain by breaking in………
Where Are We Today? PCI (P2PE & Tokenization) and EMV are the de-facto security
methods to protect CNP and card present today
PCI only protects cardholder data which can not give the level of
security we need - hence we are implementing EMV
EMV will cause fraud migration to CNP
EMV was designed to be used in card present but the method of de-
valuing data must be and can be used in CNP
EMV is proven to reduce fraud in card present so why are we looking
for a different method for CNP?
Security Issues With CNP Merchants take the liability on CNP – we need to find a
solution that will shift that liability back to the issuers
CNP is all about merchant based scoring and fraud rules =
statistics and probability – these will never have the assurance
of cryptography (which is what EMV is all about)
Most solutions only impact the merchant and not the issuer
Use of CVV2/CVC2/CSC/CID has lost it’s value as a protection
for CNP as it is used in card present transactions – it is static
and therefore still a problem
Looking Ahead De-value of data and securing transaction data (and not just
cardholder data) is the only way to reduce fraud across all channels
CNP is a problem for both the issuer and the merchant and therefore
both should invest in it
Trying to use many security options doesn’t always help and
definitely keeps the cost high for all participants (i.e. CVV2/CVC2 in
card present transactions, last 4 digits, zip code etc.)
So what can be done to protect CNP?
EMV in CNP
EMV in CNP – Why?
It is supported through all form factors – cards and later mobile
phones
Consistent consumer experience that enhances consumer
confidence – without my card or my phone a transaction can
NOT be conducted
Can be supported today with minimal impact to merchants –
cost will be on the card side – issuers are already replacing all
cards for EMV
Itai Sela – CEO B2 USA 555 Northpoint Center, Suite 400, Alpharetta, GA 30022 [email protected] 1-855-730-9827 x3
Upcoming Agenda
3:15 p.m. Acquirer Roundtable
4:05 p.m. Update on Merchant-Financial
Services Cybersecurity Partnership
4:50 p.m. Closing Remarks
Networking Break
2:45 p.m. – 3:15 p.m.
Acquirer Roundtable
Moderator: Jason Oxman
CEO, ETA
Panelists
John Nicola Head US eCommerce, First Data
Ian Drysdale EVP, Head of Business Development, Elavon
James Ray Head of Multinational Corporation Sales, Chase Paymentech
Bob Baldwin Vice Chairman, Heartland Payment Systems
Jeff Ecker Vice President of Product Integration, TD Merchant Services
Update on Merchant-Financial Services Cybersecurity Partnership
Brian Dodge Executive Vice President, Communications & Strategic Initiatives
Retail Industry Leaders Association
Update on Merchant-Financial Services Cybersecurity Partnership Presenter: Brian Dodge (EVP, Communications & Strategic Initiatives, RILA)
Update on Merchant-Financial Services Cybersecurity Partnership Presenter: Brian Dodge (EVP, Communications & Strategic Initiatives, RILA)
Congressional Hearings - Jan – April
Senate
• Banking
• Commerce
• Homeland Security (2)
• Judiciary (3)
House of Representatives
• Energy & Commerce (2)
• Financial Services
• Homeland Security (2)
RILA Board of Directors Instruction
• Pursue Stronger Payments Security Technology
• Do NOTHING that Undermines Confidence in Credit and Debit Cards
• If Possible, Find Ways to Work with Banks and Networks Rather than Fighting
Assembled Coalition of 19 Member Associations in February 2014
Financial Merchant
American Bankers Association Consumer Bankers Association Electronic Transactions Association Financial Services Forum Financial Services Roundtable Independent Community Bankers of America The Clearing House NACHA
American Hotel and Lodging Association Food Marketing Institute International Council of Shopping Centers International Franchise Association Merchant Advisory Group National Association of Chain Drug Stores National Association of Convenience Stores National Grocers Association National Restaurant Association National Retail Federation Retail Industry Leaders Association
Mission: To work collaboratively across the payments system to enhance security in order to protect customers and their data from cyber threats.
Goals:
• Improve overall security across the payments ecosystem among all key participants
• Bolster consumer confidence in the security of their payment data and the systems used to process payments
Advisory Committee CEOs of 19 Associations
Threat Information
Sharing
Payment Security
(Card Not Pres.)
Cyber Risk Mitigation
Payment Security
(Card Present)
Legislative and
Regulatory
Threat Information Sharing: Advance information sharing of cyber threats and
vulnerabilities within and between the retail and financial services industries to
enhance efforts to identify, thwart and defend against attacks.
• Building Trust
• Phishing, Brute Force Attacks
• Threat Information Sharing Models
• Defining “Actionable” Intelligence
Future focus: metrics on info sharing with government and coordination
with law enforcement agencies
Cybersecurity Risk Mitigation: Facilitate discussions with key stakeholders in the
payments ecosystem to educate broadly on successful practices for
cybersecurity and cyber risk mitigation.
• Vendor Management
• Detecting Vulnerabilities
• Setting priorities for Responding to Incidences
• Measuring Effectiveness
• Communicating with Boards of Directors and Senior Management
Future Focus: Cyber/Risk Analytics and Reporting
Advanced Card Present Security Technology: Identify needs for technological
innovation in the card present payments ecosystem, and promote such
innovation to both enhance and protect the security of the data and to render
stolen data useless to attackers.
Card Not Present and Mobile Security: Identify and collaborate on the
development and implementation of methods to enhance payment security in
the mobile and card-not-present environments.
Advanced Card Present Security Technology (Cont.):
Card Not Present and Mobile Security (Cont.):
• Tokenization Strategies and Proposals
• Strategies to Educate Consumers about Chip Cards.
• Discussed Authentication Challenges in Card Not Present and Mobile Marketplace.
• Survey of Priority Deliverables: render stolen data useless to attackers, provide input into developing standards, phase out the use of the magnetic stripe, customer experience best practices, and promote competition for security innovation in payments technology
Legislative and Regulatory: Identify & support legislation to enhance cybersecurity and
rationalize data breach notification standards.
• Testified before Senate Homeland Security Committee on April 2.
• Reached general consensus on language related to a national breach notification standard.
• Encountered differences on national data security standards, including scope and regulation/enforcement.
Where are we and What is Next?
Thank You
Questions?
Mark Horwedel
CEO,
Merchant Advisory Group