chip cards - utah's credit unions · emv chip cards 1. card type: • contact (chip) •...
TRANSCRIPT
EMV Chip Cards
Agenda
• What is EMV
• Chip vs Mag Stripe
• Benefits of EMV
• Timeframes & Liability Shift
• Costs
• Things to consider
• Questions
2
What is EMV
EMV was named for the developers Europay, MasterCard and Visa.
• Embedded microprocessor chip that encrypts transaction data.
• Dynamic chip that changes verification values for each transaction.
This is static on the magstripe.
• A set of specifications developed to define requirements to ensure
interoperability between chip-based Credit, Debit and Prepaid cards
and POS and ATM terminals.
3
EMV Chip Cards
1. Card Type:
• Contact (chip)
• contactless (tap or wave),
• Dual interface (both contact and contactless)
2. Card Authentication Method (CAM)
Protects against counterfeit cards. EMV supports two methods
• Online authentication takes place between the chip and issuer host using dynamic
cryptogram
• Offline authentication takes place between chip and terminal using static data
3. Cardholder Verification Method (CVM)
Authenticates the cardholder. EMV supports four methods
• Online PIN- The PIN is stored at the issuer’s processor, it is encrypted in POS terminal
and sent to issuer’s processor to verify
• Offline PIN- The PIN is stored in the chip and is sent from the POS terminal back to the
card to validate
• Signature-Cardholders signature on the receipt is compared to signature on the card
• No CVM-No verification method is used. Typically low value transactions at unattended
terminals
4. Authorization
Transaction authorization
• Online-Transaction information is sent to issuer processor along with a transaction
specific cryptogram and issuer processor authorizes or declines
• Offline-Card and terminal communicate and use issuer defined risk parameter
4
Swipe vs Chip- How are they different?
Magnetic Stripe
• Cards are swiped and read at POS
terminal
• Authentication takes place between POS
terminal & merchant acquirer
• Verification takes place through PIN or
signature
• Authorization comes from processor or
host processor
EMV Chip
• Cards are Dipped (Contact) or waved
(Contactless) or swiped if terminal is not
chip enabled
• Authentication can be offline or online
enabled by computer chip in the card
• Issuer can choose verification methods
offline or online PIN, signature, no CVM
• Authorization comes from processor or
host processor
5
What are the benefits of EMV?
• Increase security
• Liability shift
• Reduction in Card Present fraud, resulting from counterfeit
transactions.
• Provides interoperability with the global payments infrastructure –
consumers with EMV chip payment cards can use their card on any
EMV-compatible payment terminal anywhere inside or outside the U.S.
6
What are the timeframes?
October 1, 2015
U.S. liability shift becomes effective for all card associations. The
participant that does not support chip transactions will be held
financially liable for any card present counterfeit fraud losses.
Automated fuel dispensers (AFD) receive a two year grace period
before the liability shift becomes effective for all card associations.
(October 1, 2017)
October 1, 2016
MasterCard ATM owners and operators will be financially liable for
fraud that takes place at a non-EMV enabled ATM, if the card is EMV-
capable
October 1, 2017
VISA ATM owners and operators will be financially liable for fraud
that takes place at a non-EMV enabled ATM if the card is EMV-
capable.
7
What are the timeframes?
Credit
The TBS credit platform is chip capable today.
VISA recommends implementation closer to the Liability shift which is October 1,
2015.
The implementation process can be as little as 6 months or up to 8 months
depending on standard vs custom programs.
Debit
Today the debit networks are working together toward a solution to the Durbin
Amendment. Until the details and technical requirements to support EMV and the
U.S. common AIDs (Application Identifier) is resolved, debit EMV does not have an
implementation date yet.
8
What does all this mean?
There is no mandate that says your credit union must use chip enabled cards;
however, there is a liability shift that will take place starting October 1, 2015
The liability shift is on card present counterfeit fraud transactions.
A non enabled merchant will be liable for fraud that occurs on a chip card
used on a terminal that is not chip enabled.
Magnetic stripes will continue to be on all cards for merchants & issuers
to use if one or the other is not chip enabled.
Card Present fraud will decrease as EMV is implemented.
Card Not Present (CNP) fraud will likely increase
9
Fraud After Adoption
10
Global Adoption
11
Things to consider…
Goals
Increase Acceptance Worldwide
Prepare for the Liability Shift
An Emerging Technology Leader
Costs
Implementation Fees
Set Up Fees
Monthly Recurring Fees
Roll Out
Plastic
Education
12
13
14
15
16
Merchant and Card Issuer Readiness
17
EMV in USA: Assessment of Merchant and Card Issuer Readiness
Merchant and Card Issuer Readiness
18
• U.S. to reach global parity in EMV by 2018
• Industry ready to convert 1.2 Billion EMV
Payment Cards and 8 Million POS terminals for
EMV transition.
• By the end of 2015, it is forecasted that 166
million EMV credit cards will be in circulation in the
U.S. (29% of the total), and 105 million EMV debit
and prepaid cards (17% of the total).
The U.S. migration to secure chip-based
EMV payments requires new activities
and collaboration
19
Multiple Form Factors, Multiple
Communications Links
20
21
Visa, MasterCard Agree on Common AID for
EMV Debit Routing
EMV Migration Forum: Use Single Code for Debit Transactions
BY DAVID HEUN
JUL 1, 2013 4:15pm ET
Visa and MasterCard have agreed to share their common application identifier technology, enabling EMV-chip based debit transactions to originate from a single application while allowing merchants a choice of networks for routing. The agreement is a major step toward resolving a longstanding dispute within the payments industry over how to adapt EMV payment technology to U.S. regulation.
The licensing agreement between the two major card brands provides for "a multi-access common AID that all others can adopt" and supports the single-code recommendation of the EMV Migration Forum, says Stephanie Ericksen, Visa's head of authentication product integration. The agreement comes less than a week after the Secure Remote Payments Council, representing independent debit networks, announced what it considered a major concession in agreeing to allow Visa and MasterCard applications on their debit cards after earlier committing to Discover's common AID.
The debate over EMV debit routing has raged for more than a year as debit networks preparing
for EMV smart cards in the U.S. deal with Durbin amendment requirements that call for at least
two network options. The U.S. is the only country with multiple debit networks and federal
mandates for routing.
"We are pleased to be able to offer a cost-effective option for acquirers and issuers for
merchant routing choice through a single common AID," says Carolyn Balfany, MasterCard's
senior vice president and group head of U.S. product delivery.
22
Visa’s Counterfeit Liability Shift Policies
23
Visa’s Counterfeit Liability Shift Policies
VISA BULLETIN 9 August 2011
Visa intends to institute a liability shift in the U.S. for domestic and cross-border counterfeit
transactions effective 1 October 2015. Visa’s global POS counterfeit liability shift policies are designed
to encourage EMV chip card issuance and acceptance in participating geographical regions,
effectively creating a more secure environment for transactions within and between each participating
Visa region. Note: The liability shift encourages chip transactions because any chip-on-chip
transaction (i.e., a chip card read by a chip terminal) provides dynamic authentication data, which
helps to better protect all parties. With this type of liability shift, the party that is the cause of a chip-on-
chip transaction not occurring (i.e., either the issuer or the merchant’s acquirer) will be financially liable
for any resulting card-present counterfeit fraud losses. When a transaction occurs using chip
technology, any liability for counterfeit fraud, though unlikely, would follow current Visa Operating
Regulations. The policy assigns liability for counterfeit fraud to the party that has not made the
investment in EMV chip cards (issuers) or terminals (merchants’ acquirers). The policy encourages
wider deployment of EMV cards and terminals. EMV chip implementation is accelerating globally.
Today, excluding the U.S., 44 percent of all cards are EMV chip cards, and 74 percent of all terminals
are EMV chip-capable, with 62 percent of cross-border trans
October, 2015 – Fraud Liability Shift. MasterCard liability hierarchy takes effect. The party that has
made investment in the most secure EMV options is protected from financial liability for card-present
fraud losses for both counterfeit and lost, stolen and non-receipt fraud on this date.
October, 2015 – Account Data Compromise Relief: On this date, if at least 95% of MasterCard
transactions originate from EMV-compliant POS terminals, the merchant is relieved of 100% of
account data compromise penalties.
Specification Bulletins EMVCo technology
24
Publicati
on Date
Versi
on
Description Download
Septemb
er 2014
1st
Editi
on
SB-148: Clarification on Terminal
Support of Multiple Application
Version Numbers per AID (Spec
Change)
Download
Septemb
er 2014
1st
Editi
on
SB-147: Clarification on the Format
of Exponent Data Elements (Spec
Change)
Download
Septemb
er 2014
1st
Editi
on
SB-146: Entry Point Final
Combination Selection (Spec
Change)
Download
Septemb
er 2014
1st
Editi
on
SB-145: Clarification on the Format
of ICC Public Key Exponent (Spec
Change)
Download
August
2014
1st
Editi
on
SB-142: User Interaction
Parameters for Installation of
Contactless Mobile Payment
Applications (Spec Change)
Download
August
2014
2nd
Editi
on
SB-119: Clarifies Group Member
CREL & FCI contactless
characteristic declarations, clarifies
length of Base AID (Spec Change)
Download
Worldwide EMV Card and Terminal
Deployment
25
The statistics below show worldwide EMV deployment figures as of Q4 2013.
The figures represent the latest statistics from American Express, Discover,
JCB, MasterCard, UnionPay, and Visa, as reported by their member financial
institutions globally.
26
27
Thank You
29