jenny lewis, sr. director - cscu.net meeting/sc17/presentations... · jenny lewis, sr. director –...

Jenny Lewis, Sr. Director – Product DevelopmentTokenization Services

Connie Davis, SVP – Enterprise Digital Strategy

Tokenization – Changing the Payment LandscapeTrends on Mobile Wallets and E-Commerce Tokens

Educating on the Fundamentals of Tokenization

• Issuers Opting to Tokenize their BINs across Debit, Credit & Prepaid starting in 2014• Actual PANs are replaced with tokens during Mobile Wallet Provisioning• If a merchant system is breached, the data captured is less valuable to fraudsters

Digitized Security over Plastic Era

Useless Data (tokens) Sensitive Data (PAN)

Merchant Merchant Network (Visa/MC) Issuer

Token Vaults(PAN/token)

PUBLIC Domain SECURED Domain

US Mobile Wallet Market to exceed $4T by 2021

- Infiniti Research, February 2017

5

Mobile Wallets gain rapid support by IssuersFIS Enables Issuer Participation in 3rd Party Mobile Wallets

FIS Supports ALL Mobile Wallets (Secured Element & HCE)

Credit Debit Prepaid

6

Mobile Wallet Users Are Customers No Credit Union Can Afford to Lose

7Mobile Wallet Users Respond…. What features drove them to the PAYs?

Mobile Wallet “Skeptics”

Time for Issuers to Take Action!

FIS™ Tokenization Services

Learning about Token Provisioning Paths

11

How does it work?

Yellow Path invokes the One Time Passcode service

FIS pulls Mobile Phone / Email Data from Card Management System and Pushes to Visa / MasterCard. Visa / MasterCard Push to the requesting Mobile Wallet

Consumer selects the desired delivery option (text or email)

Visa / MasterCard generate the OTP value and push to FIS for delivery to the end consumer

Consumer enters OTP and Visa / MasterCard Validate / update the token vault

Building Step Up Authentication with One Time Passcode

Now Generally Available!

FIS’s One Time Passcode – “How” it happens

FIS Tokenization Call Center Services

FIS Tokenization Services – Rapid Adoption

FUTURE of emerging payments…

Is “NOW”

“No turning back”

Moving PANs out of Public Doman &

replacing with Tokens for Secure and Safe

Payments “Anywhere” “Anytime”

FIS Data Predicts Rapid Provisioning Increase

The Current Tokenization Landscape…

Total value of digital payments reached $3.66 trillion in 2016

increased 20% over 2015Juniper Research

February 2017

Global EMV Migration drives fraud elsewhere

E-Commerce Growth Trend

Tokens extend beyond the “PAYs…”

Merchant Requested Tokens

“Credential-on-File” Recurring Payments

E-Commerce Digital Wallets

The Increasing Need for eCommerce Tokenization

In 2016, 32% of all internet transactions made through

“Pay with Amazon” were done on a mobile device by more than 33M people….

Payment volume doubled last year

NFC World – February 2017

It’s not just about Mobile Wallets, It’s protection against Card Not Present Fraud

• Card-not-present (CNP) fraud represents a highly profitable practice for cybercriminals• Data breaches occur regularly now. Supplying stolen Card data for fraudulent CNP transactions. • Increasing CNP Fraud is driving eCommerce merchants towards Card On File Tokenization. • New Interchange Classifications such as ‘Cardholder Present’ or ‘Secure Credentials Verified’

incenting eCommerce merchants towards Card On File Tokenization to reduce costs. • Issuers who do delay Tokenizing their BINs restrict merchants from being able to tokenize a

Card On File PAN.

Tokenization is to Card-Not-Present Fraud what EMV was to Card-Present-Fraud

Delaying Tokenization? Issuers Take Note…

E-Commerce/Internet Merchant Accounts - CNP RiskOver 52% of card accounts are setup with online/internet accounts

Account NumberPAN with Tokens

Apple, Samsung,

Android Pay Purchases

AT&T recurring

COF

Netflix recurring

COF

Paypal purchases

COF

City Utility recurring

COF

Automobile recurring

COF

Introduction of Payment Account Reference (PAR) A “Non-Payment” pseudo number that uniquely ties all tokens applied to the primary account number (PAN)

PAR #

Tokenization extends beyond the “PAYs” E-Commerce/“Card-on-File” For Merchant Token Requestors

26

Tokenization in “Card-on-File” Merchant Requests

Hundreds of Merchants embracing e-commerce tokens to replace PANs • Reducing their liability of breach• Mitigating payment disruption

27

Began requesting Tokens for PANs for new consumers withrecurring payment from VISA effective October 1, 2016 Targeting a

phased token replacement of PANs in 2017

VISA targeted April 2017 to begin phasing PayPal PAN’s with tokens in an ACH Migration to Debit Card

Master Card is in early discussions with Paypal, targetingQ4 2017 for providing this wallet/digital checkout

Emerging in 2017 is Tokenization in “Card-on-File” & E-Commerce Merchant Token Requestors

E-Commerce Tokenization aka digital checkouts. VISA Checkout available today without tokenization. The issuer must be enrolled in Tokenisation Services for PANs to be replaced with tokens once VCO begins tokenization. Master Card has MDES for Merchants with Tokenisationrolling out in 2017.

28

E-Commerce Merchant Token Requestors

Internet Of

Things

IoT

29

E-Commerce Tokenization Merchant Requests

E-commerce tokenization reduces the effect of data breaches, CNP fraud, and eliminates the problem of stored card information becoming outdated.

This benefits issuers by:

• Reducing Card Reissuance Costs: If an e-commerce token is compromised, the issuer does not need to reissue the physical card and can push a new token to the e-commerce account.

• Preserving ‘Top-of-Wallet’ Status: A cardholder can continue transacting with the provisioned token even when the underlying card information changes. The cardholder is not prompted to replace their card with an alternative payment method due to expired credentials.

New Options Coming in 2017

31

Suspend Token

De-Activate Token

Lost Phones

FIS Tokenization Services will continue to expand…

Lost Phones – Consumers who have lost their may need Tokens affiliated with a specific wallet suspended or de-activated.

Deactivate Token – Tokens can be de-activated as needed in lieu of completely blocking the PAN.

This could alleviate the need to affect the physical card, and may reduce expense.

Fraud Alerts – in addition to card controls, tokens affiliated with a PAN can be suspended temporarily until the fraud alert is resolved.

Looking Forward…Emerging Use Cases To Solve For

Virtual Card Issuance

APIs for Streamlining Back Office Functions

Mobile Analytics

32

WHO is driving the payment choice emergence? The CONSUMER & MERCHANT

EMV & Tokenization Expanding across Payments…

Is a leader in emerging payment technology ….Working with our external partners at VISA, Master Card, and EMVco/US Payments Forum developing the foundation for the future emerging payment ecosystem.

A Changing Digital Climate

Questions?

Thank You