The New Landscape Carolinas Credit Unions Council October 10 2014 Leanne Phelps Senior Vice President Card Services State Employees Credit Union Agenda EMV The Technology Tokenization ID: 810988
Download The PPT/PDF document "EMV, Tokenization and Apple Pay" is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.
Slide1
EMV, Tokenization and Apple Pay The New LandscapeCarolina’s Credit Unions Council October 10, 2014
Leanne PhelpsSenior Vice President, Card ServicesState Employees’ Credit Union
Slide2Agenda
EMV: The Technology
Tokenization
Mobile Payments with Apple Pay
Slide3About State Employees’ Credit UnionServing state employees, teachers and their family members in North Carolina1.9 million members
255 branch offices1,100 ATMs
Slide4SECU Card ProgramsDebit Portfolio - Route through Visa DPS to SECU Host1.3 million Visa Check Cards$10.3 billion annual purchase volume
305 million transactionsCredit Portfolio – Processed through First Data Resources300,000 Visa credit cards$1.1 billion open credit lines14.5 million transactions
Slide5Why EMV?Secure chip stores payment informationChip card authentication prevents counterfeitingAdds cardholder verification methodsOffers online or offline authorization
Slide6Form Factors OptionsContact
Chip is embedded in a cardA contact card is inserted into a smart card readerThe contact points on the chip make contact with
the card reader
Contactless
The chip may be embedded in cards, key fobs, stickers, mobile phones, etc. A contactless chip requires close proximity to a reader (“tap and go”)Both the chip and the reader have an antenna and they use an RF (radio frequency) signal to communicate
Slide7Authentication – Static vs. DynamicTransaction / Authorization Differences vs. TodayWhat is on the actual Chip – Application Identifier logicCard / Chip LifecycleVisa Recommendation for personalizationLiability Shift Planning and Implementation timingUnaffiliated networks
Vendor SupportCard / Chip LifecycleEMV – Building the Momentum
The Top 10 Discussions
Slide8Slide9Transaction Flow Comparison
Card Swiped
Merchant Acquirer Processor
FI
I
Terminal Reads & Passes Track & Authorization Data
Issuer Processor or Issuer
validates cryptogram or cryptogram value
, makes and passes Authorization Decision
Issuer makes and passes Authorization Decision
Today – Magnetic Stripe
Issuer Processor
Slide10Tomorrow - EMV
New and Different
Card Inserted
FI
Communication between the chip card and the terminal – in both directions
Terminal to determine, by the Service Code, whether card is magnetic stripe only or chip card
Service code is unique and placed on both the chip and magnetic stripe (begins with a 2 or 6)
Track 2 equivalent on the chip
Merchant Acquirer Processor
Issuer Processor
The Issuer Processor or the FI verifies the request cryptogram and generates a response cryptogram
The
terminal and chip card verify the response cryptogram
Slide11EMV – Building the Momentum
Configuration
Routing
Industry Support
Multi-access
BIN table
Visa
Common
Visa
One application / Two application identifiers (AIDs)
Simplified personalization
Easier card management
Less application code and potentially less expensive chip
Supports domestic and international usage
EMV compliant
Fully supported by Visa
Uses existing network routing infrastructure
Offers issuer flexibility through BIN file management
Enables merchants and POS acquirers to manage routing selection on a transaction by transaction basis
Solution endorsed by EMV Migration Forum (EMF)
Maestro
Star
NYCE
Pulse
Accel
Nets
CU 24
Shazam
AFFN
CO-O
P
All of the major unaffiliated debit networks support the Visa U.S. Common Debit
AID
Slide12Transaction Authorization
Card Authentication
Issuer Cardholder Verification Method (CVM) List
Always
onlineNo offline authorization by chip Always online
No offline data authentication
1
Visa Credit
Signature
No CVM
Online PIN (for
ATM only)
Visa Debit
Signature
Online PIN (POS
and ATM)
No
CVM
U.S. Common Debit AID
Online PIN (POS and ATM)
No CVM
Best practices should reduce complexity, cost and time-to-market
Card
Personalization
B
est
P
ractices
Slide13Adding a contact chip to a mag stripe card impacts the card ordering / issuing process from both a timing and monetary perspective.A key stakeholder is the provider of card processing services . . . What type of chip can they support and can they support you?
Certification of the chips by the associations is taking between 90 days and six months.Based upon chip type and market availability of the chips, the turn times for card manufacturing should not vary much from mag stripe cards – perhaps adds two weeks. However, bear in mind that there is a growing global demand for chips (China, South America), which could impact chip availability.
Card Personalization Considerations
Slide14Points to RememberAdding a chip to a mag stripe card will increase costs – costs can be impacted by the type and size of chip.
You can assume to add about a dollar to the present costs for manufacturing custom cards.Personalization Vendors are exploring ways to lower the costs of chip cards for small financial institutions, including the use of generic design plastics (hot-stamped with the credit union’s logo) and print-on-demand using edge to edge imaging equipment.
The
fees for personalizing the chips are incremental, and subject again to the type and number of applications being loaded onto the chip. Credit unions should expect these fees to be in the $0.25 to $0.40 per card range.
Financial institutions should also ask their processor about possible fees associated with an EMV program (new BINs, key management, EMV transaction fees).
Slide15Key EMV dates from Card Brands15
© 2012 VeriFone Systems, Inc.
Slide16Support of Debit Networks
NetworkCommon AID Licensing Support
Status
Maestro
Visa U.S. Common Debit AIDCertified/Ready to SupportPulseVisa U.S. Common Debit AID
January 2015 Certification
NYCE
Visa U.S. Common Debit AID
January 2015 Certification
STAR
Visa U.S. Common Debit AID
February 2015 Certification
CO-OP
Visa U.S. Common Debit AID
April 2015 Certification
ACCEL
/
AllPoint
Visa U.S. Common Debit AID
Specifications Under Review
CU24
Visa U.S. Common Debit AID
Pending Specifications
Slide17Liability Shift
After Liability Shift:
Liability shifts to the acquirer if
counterfeit fraud occurs on a contact chip capable card and the merchant is not contact chip capableDoes not cover
contactless
,
card-not-present
transactions, or lost/stolen fraud
Covers
domestic
and
cross-border transactions
Counterfeit Fraud Liability Shifts
Rewards investment
in EMV
POS: October 1, 2015
AFD & ATM:
October 1, 2017
Transaction
Examples
Counterfeit
Liability
Chip-on-chip
transactions
Issuer holds the limited exposure
that still exists
Mag-stripe
cards at
chip
t
erminals
Issuer holds liability
Contact chip at
mag-stripe
t
erminals
Acquirer
holds
liability
Slide18Key Vendors – Information & Requirements
Host – Software Vendor
Networks & Gateways
Enhancement Control Support
Segmentation of base
POS entry mode – new data same field
PINs – Host vs. Stripe
Certification and Timing
Processor must code and certify with each network
Certification and Timing
Plastic Card Vendors
*VOL has the most updated listing of certified vendors
*VOL has the common AID personalization specifications Debit & Credit
Must be Visa/MasterCard Certified
Card Art
Standard Chip & CVM’s
Timing and Availability
Key management
Instant Issuance Vendors
Timing
and A
vailability
Test plastic will be required for certification
Planning - 6 WeeksVendor Readiness and Timelines
Budget – ROIIssuance Strategy – Full or Segmentation – At Reissue Internal Education Plan
Cardholder Education
Marketing Strategy
PINs – Customer Selected – Host vs. Stripe Considerations and Project (if applicable)Credit FirstDebit – Date Coordination with Networks
Planning
Requirements
Build
Certification
Launch
Key Considerations
Slide20Tokenization – what is it??
October 2013/March 2014
October 2014
April 2014 / June 2014
Industry standard
Card Brand enabled
P
ay
Payment tokens further enhance security of digital payments and simplify purchase experience when shopping on mobile, computers or other smart devices and help reduce fraudulent activity….
Tokenization is the process of replacing the
original payment credentials (PAN)
with a unique “alternate
identifier” which may be used in its stead to initiate payment activity.
2015+
More to come…
Slide21Global and
interoperable
Compatible with existing network routing
Compatible
with existing payment
technologies
(web
, NFC, POS standards)
Supports future payment technologies
Improved security
Regulatory compliant
Multiple Payment Tokens can be attached to a single PAN
Core concepts
A
Payment Token
is a
“alternate
identifier” that can be used in place of
a Personal Account Number (PAN) to
initiate a payment
transaction
Enables new
channels
Interoperable
Global
Supports new participation
Secure
Minimizes
ecosystem
impact
Payment Tokens
Industry standard
and service
Slide22Interoperable with BIN based account numbers / PANs –
PAN
/ Account Number Validation Rules, Security, Structure and Regulatory Obligations Remain
Enforced
Distinct and identifiable in system – merchant, consumer device(s) and issuerAble to support authentication by different entities and types (Issuer, Wallet, Merchant, etc)
Payment
Tokens - Token Attributes
# # # # # # # # # # # # # # # #
BIN - Identifies FI
FI BIN Range –
Various Use
Identifies Cardholder
# # # # # # # # # # # # # # # #
New Token Structure
Identifies FI
Identifies Cardholder by PAN AND by Device AND by Merchant
Existing PAN / Account Number Structure
Tokens
add
value to
the processing
environment
while improving visibility and
protecting cardholder
information
Slide23The Big Announcement! iPhone 6 – 4.7” display iPhone 6 Plus – 5.5” display NFC!!! Apple Watch – with NFC!!!
iOS 8 And…….
Slide24Apple Pay BasicsLatest addition to the mobile wallet landscape leveraging NFC By Invitation-Only Security and Privacy at the core of Apple Pay
Utilizes traditional payment rails preserving interchange Requires tokenization
Slide25Apple Pay: What we know
Scope and TimingApple’s Motivation and Value PropositionPayment AccountsCompleting
Transactions
Data and Security
In-Store PaymentsStreamlined online paymentsAvailable on iPhone 6, 6 Plus, and Apple Watch in 2015US Only in October 2014Replace physical walletPayments will be faster, more secure, and privateApple’s has 46% of market5 -10% terminals are NFC enabled
Add from
iTune
account or take a picture of card
Stored as a token on secure element of device
Use via Passbook app
In-store:
contactless NFC terminals with Touch ID authentication
In-App: integrated via the Apple Pay API with Touch ID authentication
Data stays with merchant and financial
institution
Merchant processes token, not card #
Slide26Announced Participants
Networks
Banks / Issuers
Merchants
In store
In App
Slide27Apple Pay and Payment
Tokens
Slide28Why Does Apple Matter?Widespread consumer acceptance and usage10 million devices sold in first 3 days! 800+ million iTunes accounts already on fileLeverages existing payments ecosystem and preserves interchange
Improves payment security = reduces potential fraudTokenizationSecure Element (Device number associated with token)Touch ID authenticates device and card owner
Slide29Still to Come….. 2015 and beyond
Slide30What is your payments roadmap?Ensure your members can access their CU accounts from any channel they choose! Start with implementing EMVEnroll your card programs in tokenization
Get ready for the next generation of payments through mobile!
Slide31Questions???Leanne PhelpsState Employees’ Credit Union
leanne.phelps@ncsecu.org919-839-5134