confidential – for discussion & general information purposes only emv to card not present...
TRANSCRIPT
Confidential – For Discussion & General Information Purposes Only
EMV to Card Not Present Fraud
Gavin Levin, CTPeReceivables Consultant
Client/Prospect Name 2
What is EMV?
Why will this impact Card Not Present fraud
Leveraging technology to strengthen security
Q&A
Agenda
Client/Prospect Name 3
EMV is a global payment system that entails putting a microprocessor chip into debit and credit cards, making them less vulnerable to fraud for in-person transactions. Because EMV uses better data security, this standard is being adopted in the United States. In addition, most debit and credit cards will be reissued with EMV chips by October 2015. EMV terminals are already in use all over the world and growing more and more popular everywhere.
What is Europay MasterCard Visa?
Client/Prospect Name 4
EMV Card
Client/Prospect Name 5
EMV chip card transactions improve security against fraud compared to magnetic stripe card transactions that rely on the holder's signature and visual inspection of the card to check for features such as hologram. The use of a PIN and cryptographic algorithms such as Triple-DES, RSA and SHA provide authentication of the card to the processing terminal and the card issuer's host system. Each transaction uses a unique one time code.
How does EMV work?
Client/Prospect Name 6
If a merchant is still using the old system, they can still run a transaction with a swipe and a signature. But, they will be liable for any fraudulent transactions if the customer has a chip card. And the same goes the other way – if the merchant has a new terminal, but the bank hasn’t issued a chip and PIN card to the customer, the bank would be liable.
EMV compliance
Client/Prospect Name 7
Western Europe 99.9%Canada 84.7%Asia Pacific 71.4%USA .03%As reported by all major card brands for 2014575,000,000 cards in the USA will need to be
reissued in 201598% of US cards issued will be chip enabled
by 2017
EMV adaptability world wide
Client/Prospect Name 8
Online 45%Lost or Stolen 14.4%Counterfeit 37%Other 4%
Percentage of fraud based card activity in 2014-US
Client/Prospect Name 9
Down 56% in the UKDown 38% in AustraliaDown 49% in Canada
Lost or stolen activity remained neutral
What Impact will EMV have on Counterfeit and Lost or Stolen activity?
Client/Prospect Name 10
Up 79% in the UK
Up 100% in Canada
Up 100% in Australia
Expected increase in the US of 200% from 2.9B to 6.4 B
OK….what about CNP fraud?
Client/Prospect Name 11
3D Secure
Tokenization
IVR’s and redirects
Decision tools
Leveraging technology to strengthen security
Client/Prospect Name 12
Verified by Visa
MasterCard Secure Code
American Express Safekey
3D Secure-what is it?
Client/Prospect Name 13
Merchant’s register with the elected card brands. Their customers register with their card issuer. The customer then sets up their account with a password. Upon check out, the customer is prompted for a password.
Lots of merchants don’t like this because their customers leave the site when prompted for this extra step.
If they use, liability shifts back to the card issuer.
The Card Associations are making this more dynamic and user friendly.
How does it work?
Client/Prospect Name 14
Tokenization is the process in which the credit card information is stored on a remote server upon capture. A token is then sent back to the merchant and stored on their system thus reducing risk. For subsequent transactions, the token is sent to the processor instead of the card number.
What about tokenization?
Client/Prospect Name 15
Redirects-Hosted Page
Pop ups and Iframe
Silent Order Post
IVR
OK, what about collecting the card information on my system? How do I avoid that!
Client/Prospect Name 16
Decision tools is a multiple touch point fraud tool that allows the merchant to make a programmatic or manual decision on weather to allow the transaction to go through.
31% of all merchants considered this to be their best choice compared to 19% on tokenization.
Decision Tools-What is that?
Client/Prospect Name 17
True IP geo locationNegative listPositive listMorphingBotnet checksVelocity checks3rd party call outs(lexis nexus and such)Custom rulesNon IT interface
Attributes of Decision Tools
Questions?
Thank You!