Download - EMV as a stepping stone to Mobile Payment
EMV as a stepping stone to Mobile Payment 2012 Payments Summit February 8-10, 2012 Salt Lake City, Utah
Page 2
Agenda
Overview
Contactless Specifications and Standards
Secure Devices
EMV card or mobile handset
Issuance
EMV compliant payment credentials delivery
Consideration to make
Embracing EMV and Mobile Payment at the same time
Page 3
Payment Specifications
AEIPS ExpressPay
Discover Zip
M/Chip PayPass
VSDC payWave
Page 4
Standards Beyond Payment
Used in payment cards, USIM, ePassports, mobile and authentication devices Defines standard set of API for a Secure Chip operating system Working in close collaboration with EMVCo
NEW Trusted Multi-Ownership The key factor of convergence
www.globalplatform.org The Standard of Managing Applications on Secure Chip Technology
Page 5
Financial Institution
Establish Business Relationship with suppliers
Define cost structure
Agree on SLA
Delivery to Cardholder Personalization EMV Data
Generation
Procurement of Cards or Space on Mobile Device Key
Management Procurement
Card Design
Select EMV Card Platform
EMV Applications
Payment Brand/EMV approved
Manufacturing SLA
Card Manufacturing
Wallet Visual Appearance
GlobalPlatform Secure Element
EMV Applications
Payment Brand/EMV approved
OTA Platform SLA
OTA Platform
Mobile Network Operator / SE owner
Secure Shipment
Consider using the same Operating System on Card and Mobile
TSM Vault
Page 6
Initialize the chip
Load Security Domain with issuer key
Card secured in transit
Financial Institution
EMV Application Keys Remain in control
by the issuer at all times
Platform Keys Transport/ Personalization Keys
Key Management
Card Manufacturing
Receive request to establish Virtual Card
Create Security Domain
Allow Issuer to take ownership by loading its SD key
OTA Platform
Mobile Network Operator / SE owner
Chip Transport Key
Streamlined Key Management activities GlobalPlatform compliance - Standardized Security Management
Key Vault TSM
Delivery to Cardholder Personalization EMV Data
Generation Delivery to Cardholder Personalization EMV Data
Generation Procurement Key Management
Page 7
Derive Unique Application Keys
Generate Additional EMV Data per Payment Application requirement
Contact Contactless
Generate Offline DA certificate data (optional)
Format Data for Secure Personalization
Financial Institution
EMV Configuration Profile
Application and Platform Keys
EMV Data Generation
Data Gen Service Provider
Derive Unique Application Keys
Generate Additional EMV Data per Payment Application requirement
Contactless Generate Offline DA certificate data (optional)
Generate Mobile specific data (optional)
Format Data for Secure Personalization using ECPS
Simplify Data Generation use the same EMV Data Format for card and mobile
Key Vault
Delivery to Cardholder Personalization EMV Data
Generation Delivery to Cardholder Personalization Key
Management Procurement EMV Data Generation
Page 8
Certified personalization Site
Only issuer owned chip can decrypt perso data
Financial Institution
Personalization
Personalization Service Provider
Certified OTA Credential Download
Only issuer owned SE can decrypt perso data
OTA Platforms
Mobile Network Operator / SE owner
Leverage EMV standards EMV CPS EMV Card Personalization Specifications
Encrypted Personalization
Data
TSM
Delivery to Cardholder Personalization EMV Data
Generation Delivery to Cardholder
EMV Data Generation
Key Management Procurement Personalization
Page 9
Delivered via mail/courier
Online or phone activation
Post Issuance Management Issuer Scripting through POS and ATM
Financial Institution
Activation Authorization Transaction Processing
Post Issuance Management
Delivery to Cardholder
Instantly available
Activation through mobile wallet
Post Issuance Management OTA at any time
Delivery to Cardholder Personalization EMV Data
Generation Personalization EMV Data Generation
Key Management Procurement Delivery to
Cardholder
Page 10
Card and Mobile Issuance
NFC Service Manager
NFC Enabler(s) SE Management
Financial Institution
TSM Service
Secure Element Issuer Cardholder Service Bureau
EMVData Prep Card Issuance
Page 11
EMV Cards and Mobile Payment - not that different Understanding EMV and contactless Payment
Similarities and differences - card and mobile Standardization
Leverage investment in EMV card issuance
EMV Key Management and Data Generation Personalization Services and Trusted Service Manager Issuing EMV cards and delivering payment credentials Over the Air
Thank you
Nick Pisarev Director, Product Management - Banking Mobile Security Giesecke & Devrient Direct: 1-703-480-2338 Mobile: 1-571-535-0521