2
EMV Defined
Near Field Communications (NFC)
Card brand mandates and incentives for EMV
Allegiance’s EMV plans
2
EMVCo’s primary purpose since 1994 is to define a global standard for
credit and debit payment cards based on chip card technology.
― Goal is to ensure that standards for chip card-based payments are
globally interoperable
Data is more secure on a chip-embedded card that utilizes dynamic
authentication, rather than on a static mag-stripe card.
― Unlike a mag-stripe card that can be copied (“skimmed” or “cloned”),
chip technology combats counterfeiting by assigning a dynamic value
for each transaction.
Four main functions:
Card authentication to protect against counterfeit cards
Cardholder verification to protect against lost/stolen cards
Terminal authentication to prevent against “Trojan Horse” hacks
Transaction authorization and authentication using issuer-defined rules
4
Authentication and Authorization
— Online requires the transaction to be sent online for the issuer to authenticate
the card and authorize the transaction – just like mag-stripe transactions
— Offline is done between the chip card and terminal (there are various methods
defined by EMVCo)
Cardholder Verification Methods (CVMs):
— None (usually used for low value transactions)
— Offline PIN (entered and stored PIN are compared offline)
Online PIN (PIN is validated online – like PIN debit)
Signature Verification (requires physical signature comparison)
Visa and MasterCard mandate global interoperability, meaning POS solutions must
be able to support all card and cardholder authentication
— Mexican chip card will prompt for signature
— Canadian chip card will prompt for PIN
5
6
© 2012 VeriFone Systems, Inc.
41.1% of cards 76.7% of terminals
84.4% of cards 94.4% of terminals
20.6% of cards 75.9% of terminals
28.2% of cards 51.4% of terminals
14.5% of cards 68.1% of terminals
The U.S. is been in last place for EMV adoption. . and the
fraudsters know it!
6
7
Fraud on debit and credit cards fell by more than a quarter in 2009
Counterfeit card fraud —skimming and cloning—fell by over half
Fraud on lost and stolen cards is at its lowest level in 10 years
7
Source: The UK Card Association
A smart (chip) card is a device that includes a
secure, embedded integrated circuit chip
(ICC)
The ICC may include a microprocessor and
memory or just a memory chip
― Has the ability to read and write information to the chip
The microprocessor performs functions that validate, store, and
encrypt data
These functions are used to perform financial and other types of
transactions
The chip may be embedded in cards, key fobs, stickers, mobile
phones, etc.
How the chip functions is determined by the EMV and NFC standards
There are two primary types of smart (chip) “cards”:
Contact
— Chip is embedded in a card
— A contact card must be inserted into a smart card
reader
— When the card is inserted, the contact points on the
chip make contact with the card reader
Contactless
— The chip may be embedded in cards, key fobs, stickers,
mobile phones, etc.
— A contactless chip requires only close proximity to a
reader – less than 4 inches
— Both the chip and the reader have an antenna and they
use an RF (radio frequency) signal to communicate
9
NFC (Near Field Communications) is a
radio-based interaction protocol
compatible with existing contactless
payment standards
It uses the same radio frequency as
contactless chip cards, but is a more
interactive and multi-use technology
NFC chips can be embedded in mobile
phones and allow the phones to act as
either a card or a reader
10
NFC-enabled mobile phones will driving
the acceptance of NFC; however, there
are many other players required to push
this technology forward
Interest in NFC soared in 2011 as Google
introduced Google Wallet
Additionally, AT&T, Verizon Wireless, and
T-Mobile formed a joint venture called Isis
with a similar concept that has just
launched a two-city pilot
© 2012 VeriFone Systems, Inc.
11
There are many companies entering this technology space
Each of these companies brings their own interpretation of the
virtual wallet experience
Right now, companies and technologies are jockeying to become
the dominant players; however, NFC has emerged as one of the
technologies poised to promote consumer acceptance of virtual
wallets
© 2012 VeriFone Systems, Inc.
12
B E N E F I T S
C A R D H O L D E R
• Peace of Mind (fraud reduction)
• Never lose sight of their card
• Global interoperability (e.g. European
travelers will be able to use their chip cards
in the U.S. and vice versa)
• Will support payments via mobile devices
utilizing NFC as those solutions take hold
• Fewer fraud-related chargebacks due to
stolen cards/skimming
• Increase in international customer satisfaction
• Helps foster the adoption and integration of
other payment technologies such as
contactless and mobile (via NFC)
M E R C H A N T
13
© 2012 VeriFone Systems, Inc.
2012: TECH Innovation Program (TIP) - PCI validation relief for Level 1 and
Level 2 merchants that adopt dual-interfaced solutions in any year that at
least 75% of the merchant transactions originate from a chip enabled terminal
― Note: must be capable of actually processing EMV cards and NFC
contactless payments; merchants cannot just install “EMV ready”
equipment. . . .so, not really happening!
2013: Acquirer Chip Processing Mandate - Acquirers and processors must
demonstrate the ability to process EMV transactions and NFC contactless
payments
2015: Liability Shift from Issuer to Merchant - Merchants of any size, will
be liable for domestic and cross-border counterfeit fraud committed at the
point of sale if they are not using a compliant EMV & NFC POS solution
(Automated Fuel merchant liability shift in 2017)
15
16
A non-compliant merchant is liable for fraud that
occurs on any chip card used on a magnetic
swipe terminal, with the liability for the
chargeback belonging to the merchant.
A non-compliant issuer is liable for fraud that
occurs on any magnetic stripe card used on a
chip card-enabled terminal, with the liability for
the chargeback belonging to the issuer.
16
EMV is essentially a standard that dictates the interaction between a
smart (chip) “card” and a POS payment technology
The “chip” stores encryption data that is used during the transaction to
prove the card is authentic and prevent cloning of the card
EMV chips can be either contact or contactless and are read & write
capable
NFC (Near Field Communications) is a radio-based interaction
protocol
— NFC-enabled devices are driving interest in acceptance
The Card Brands have announced EMV incentives (carrots and
sticks) that encourage issuers, acquirers/processors and merchants
to adopt EMV
© 2012 VeriFone Systems, Inc.
17
We are working to release applications for Retail and
Restaurant with support for credit, PIN debit, EBT and gift
card in December 2012
The terminals will be EMV capable, meaning that we will be
able to enable EMV remotely through a download once that
functionality is certified on our host and becomes available.
Beta targeted for May/June; typically runs 45 -60 days
Subsequent development to support ECS, DCC and
Lodging is being defined.
Legacy terminals will not be “upgradeable” (can’t add a PIN
pad)
© 2012 VeriFone Systems, Inc.
21
Encompass 4 and ISO 8583 message specifications are being
updated to support the requirements.
― Certification Note: EMV requires true end-to-end
certification: from the device, through the POS payment
app, up to the authorization host and then on to the card
networks.
Elavon NA development utilities like viaConex are being
updated to support the E4 revisions that include the U.S.
EMV/Contactless mandates
We are still defining our roadmaps for software solutions
VirtualMerchant will be enhanced, no delivery date defined
VirtualMerchant Mobile release dependent on
VirtualMerchant updates
No plans to add EMV to viaWarp
© 2012 VeriFone Systems, Inc.
22
23
We are exploring innovative security and mobile solutions, such as
mobile wallets, that will allow Allegiance and our partners to tap into
new revenue and growth initiatives as these technologies take hold in
the industry
We will take a “wait and see” approach to Pay-at-the-Table solutions in
the U.S.
– VeriFone and Ingenico have short range wireless models that are
compatible with our payment application; software components not
yet developed
End-to-end Encryption will be added as part of a secure terminal
solution, it will require a different process to inject the encryption keys
and sign the app, which may also differ based on encryption method
(i.e. VSP or Voltage)
– We are still defining functionality, process and delivery
method/timeline
23
24 © 2012 VeriFone Systems, Inc.
Chargeback liability shifts are just over two years away, now is the time to get ahead of the curve and ensure your payment hardware investment is capable of carrying you into the future.
Technology changes rapidly and Digital Wallet’s are emerging. Are you prepared to accept your customers payments?
Are you doing everything you can to protect both your customer and yourself ? Make sure your POS is capable of taking advantage of the latest security features such as EMV, card encryption & signed applications.
Top Related