semi-integrated payments / a simplified approach to emv & pci

Semi-Integrated Payments / A Simplified Approach to EMV & PCI

AUGUST 28, 2015

1 Welcome

Agenda

Introduction & objective

About Ingenico Group

Traditional payments architecture

Semi-Integrated architecture

Overview of Ingenico Group’s Telium Semi-Integrated solution

Q&A

4

Speaker Introduction

Dr. Robert Martin

VP of Security Solutions

Ingenico Group / North America

Semi-Integrated Payments / A Semi-Integrated Approach to EMV - 8/28/2015

Rhonda Boardman

VP of Strategic Development

Ingenico Group / North America

5

Objective

Ease EMV migration &

reduce certification bottleneck

Improve security by eliminating

sensitive card data from the

POSReduce PCI

scope, saving valuable time, money, and resources

Gain flexibility with the ability

to choose preferred

processor or gateway

Learn what is driving a shift in the traditional payments architecture and

how a secure, semi-integrated approach can help:


6

PollWhat is your primary concern or challenge with EMV migration?

A) Cost of migration

B) Timeline of migration

C) Complexity of integration

D) Other


About

Ingenico

Group2

8

Global footprint / multi-local solutions

$1.8Bin 2015

88sites across

the world

35years of

payment

expertise

global reach

170countries

78nationalities

5.5Kemployees


9

• Security-focused / EMV, NFC, P2PE

• Seamless experience / in-store, out of store and onboard

• Innovative solutions / across industries and use cases

• Trusted partner / unmatched service and support

Ingenico Group U.S. / at a glance


10

Trusted partner / from small merchants

to global brands

Network of

1,000+financial

institutions

Partner with

70%of the Top 30

leading retail

brands

250K+ merchants

connected to our

platforms

Accepting

300+payment methods


3Traditional

Payments

Architecture

12

Evolving U.S. payments market / key drivers

The EMV migration is forcing the U.S. market to reconsider its approach to

payments

EMV and smartcard shipments overtake magstripe card shipments in 2015

The costs of cardholder data security and PCI compliance continue to increase

as attackers get more sophisticated and PCI standards increase in complexity.

0

100

200

300

400

500

2013 2014 2015 2016

Card Shipments (millions)Smart and EMV Card Shipments Mag-stripe Card Shipments

Source: ABI Research


13

An integrated architecture:

The point of sale (POS) controls the terminal

POS builds the payment message and controls the authorization flow

This serves merchants well with innovation in consumer interaction and

payment flow.

Traditional integrated retail environment


14

Challenges with the traditional model

Migrating to EMV involves upgrading much more than just the payment

terminal:

POS/ECR

Back office infrastructure

EMV certification involves all merchant systems in the payment flow.

The same systems are part of the cardholder data environment:

Systems need to be protected against determined criminal attackers

PCI compliance costs throughout the retail locations and back-office


15

Challenges with the traditional model

• Current EMV certification bottleneck as everyone is

rushing to get their solutions certified

• Adding security solutions such as point-to-point

encryption (P2PE) and tokenization have an effect on

many system components

• Criminals have mainly attacked sensitive PCI data on the

POS or within the retailer’s internal systems via malware


16

Keep components that benefit merchants and consumers:

Consumer interaction, signature capture

Flexible payment flows

Reduce or eliminate challenges with:

EMV certification

Cardholder data security

PCI compliance

The ultimate challenge


Semi-

Integrated

Architecture

A seamless way to meet the

challenges of EMV and PCI

4

18

Hardware Semi-Integrated architecture

A Semi-Integrated architecture:

Maintains a connection between the terminal and electronic cash register (ECR)

Provides an independent connection for transactions to go “around” the ECR,

directly to the host

Sensitive payment data does not enter the POS


19

Key benefits of a Semi-Integrated architecture

Simplify EMV Migration

Leverage “pre-certified”

solutions

Minimize upgrades required to POS

& back office systems

Reduce costs of EMV migration

PCI Scope Reduction

Reduce footprint where sensitive

data passes through

Opportunity for PA-DSS removal

Lower cost of PCI compliance

Increase chance of audit success

Improvements to Security

Limit attack surface

Avoid breaches commonly

occurring in the POS

Simplify path to add point-to-point

encryption (P2PE) & tokenization

Avoid EMV Certification Bottleneck

Bypass the backlog of merchants

simultaneously looking for

certifications

Skip the long and expensive process


5Telium

Semi-

Integrated

21

Telium Semi-Integrated (TSI) architecture

Flexible approach enables merchants and partners to deploy TSI solutions using Ingenico Smart Terminals

Processor and gateway agnostic

Cross-platform SDK (iOS, Android, Windows, Linux)

Two product variants to suit unique business needs – TSI Basic & TSI Enterprise

Leverages the certified applications running on Ingenico Group’s Telium2 platform

Compatible with Ingenico Group’s range of countertop terminals, PIN pads, and signature capture multi-lane retail devices


22

TSI / simplifies integrating value-added

services

By maintaining a direct connection to the

host and bypassing retailers’ systems, the

integration of additional services is

simplified because fewer system

components are affected:

P2PE and Tokenization – eliminates the

need to upgrade systems to route new data

formats

Estate Management – software updates can

be managed directly via IngEstate or local

downloading through the ECR


23

TSI / summary of benefits

TSIA semi-integrated architecture

can help by:

Simplifying EMV migration

Reducing PCI scope

Improving security

Avoiding the EMV certification bottleneck


Questions?www.ingenico.us

Thank You

semi-integrated payments / a simplified approach to emv & pci

Retail