Confidential – For Discussion & General Information Purposes Only

EMV to Card Not Present Fraud

Gavin Levin, CTPeReceivables Consultant

Client/Prospect Name 2

What is EMV?

Why will this impact Card Not Present fraud

Leveraging technology to strengthen security

Q&A

Agenda

Client/Prospect Name 3

EMV is a global payment system that entails putting a microprocessor chip into debit and credit cards, making them less vulnerable to fraud for in-person transactions. Because EMV uses better data security, this standard is being adopted in the United States. In addition, most debit and credit cards will be reissued with EMV chips by October 2015. EMV terminals are already in use all over the world and growing more and more popular everywhere.

What is Europay MasterCard Visa?

Client/Prospect Name 4

EMV Card

Client/Prospect Name 5

EMV chip card transactions improve security against fraud compared to magnetic stripe card transactions that rely on the holder's signature and visual inspection of the card to check for features such as hologram. The use of a PIN and cryptographic algorithms such as Triple-DES, RSA and SHA provide authentication of the card to the processing terminal and the card issuer's host system. Each transaction uses a unique one time code.

How does EMV work?

Client/Prospect Name 6

If a merchant is still using the old system, they can still run a transaction with a swipe and a signature. But, they will be liable for any fraudulent transactions if the customer has a chip card. And the same goes the other way – if the merchant has a new terminal, but the bank hasn’t issued a chip and PIN card to the customer, the bank would be liable.

EMV compliance

Client/Prospect Name 7

Western Europe 99.9%Canada 84.7%Asia Pacific 71.4%USA .03%As reported by all major card brands for 2014575,000,000 cards in the USA will need to be

reissued in 201598% of US cards issued will be chip enabled

by 2017

EMV adaptability world wide

Client/Prospect Name 8

Online 45%Lost or Stolen 14.4%Counterfeit 37%Other 4%

Percentage of fraud based card activity in 2014-US

Client/Prospect Name 9

Down 56% in the UKDown 38% in AustraliaDown 49% in Canada

Lost or stolen activity remained neutral

What Impact will EMV have on Counterfeit and Lost or Stolen activity?

Client/Prospect Name 10

Up 79% in the UK

Up 100% in Canada

Up 100% in Australia

Expected increase in the US of 200% from 2.9B to 6.4 B

OK….what about CNP fraud?

Client/Prospect Name 11

3D Secure

Tokenization

IVR’s and redirects

Decision tools

Leveraging technology to strengthen security

Client/Prospect Name 12

Verified by Visa

MasterCard Secure Code

American Express Safekey

3D Secure-what is it?

Client/Prospect Name 13

Merchant’s register with the elected card brands. Their customers register with their card issuer. The customer then sets up their account with a password. Upon check out, the customer is prompted for a password.

Lots of merchants don’t like this because their customers leave the site when prompted for this extra step.

If they use, liability shifts back to the card issuer.

The Card Associations are making this more dynamic and user friendly.

How does it work?

Client/Prospect Name 14

Tokenization is the process in which the credit card information is stored on a remote server upon capture. A token is then sent back to the merchant and stored on their system thus reducing risk. For subsequent transactions, the token is sent to the processor instead of the card number.

What about tokenization?

Client/Prospect Name 15

Redirects-Hosted Page

Pop ups and Iframe

Silent Order Post

IVR

OK, what about collecting the card information on my system? How do I avoid that!

Client/Prospect Name 16

Decision tools is a multiple touch point fraud tool that allows the merchant to make a programmatic or manual decision on weather to allow the transaction to go through.

31% of all merchants considered this to be their best choice compared to 19% on tokenization.

Decision Tools-What is that?

Client/Prospect Name 17

True IP geo locationNegative listPositive listMorphingBotnet checksVelocity checks3rd party call outs(lexis nexus and such)Custom rulesNon IT interface

Attributes of Decision Tools

Questions?

Thank You!