Download - EMV for Merchants
EMV HISTORYHistory
• The EMV acronym originally referred to the
founding organizations from 1994 – Europay,
MasterCard and Visa. Today the EMV trademark
is owned by all of the equity owners of EMVCo:
MasterCard, Visa, JCB, American Express, China
UnionPay and Discover.
Today
• Within the payments industry, “EMV” has often
been used to refer to the original EMV Contact &
EMV Contactless Specifications. When used in
this manner, EMV refers to payment chip cards
that contain an embedded microprocessor, a
type of small computer that provides strong
security features and other capabilities not
possible with traditional magnetic stripe cards.
W. Capra Consulting Group 3
WHAT IS EMV?
EMV – Technical standards for cards and terminals that also impact end-to-end payment process.
EMV uses an embedded microchip in the card to
authenticate both the card (Card Authentication Method)
and the cardholder (Cardholder Verification Method)
W. Capra Consulting Group 4
W. Capra Consulting Group
International standard defining interoperability
of secure transactions
• Introduces dynamic data specific to the
transaction
• Devalues transaction data, reducing the risk of
counterfeit fraud
World-wide adoption, including U.S. neighbors
Canada and Mexico
• Affecting U.S. multi-national retailers
Enabler of future payment types
• Contactless, Mobile
Chip & PIN ≠ EMV
5
WHAT IS EMV?
W. Capra Consulting Group
Chip on card uses cryptography to provide
security
Utilizes 2 forms of cryptography
• Digital signatures – ensures data is authentic
• Encryption – ensures PIN data is kept confidential
Digital signature devalues the data
• Even if data is intercepted, signature cannot be
replicated
Encryption is only used to protect the PIN
• EMV does not encrypt all transaction data
6
WHAT IS EMV?
GLOBAL FRAUD TREND
Counterfeit Fraud
Volume(Visa only)
Europe(Liability Shift
in 2005)
Asia Pacific(Liability Shift
in 2006)
U.S.(Liability Shift
in 2015)
- 56%
- 52%
+ 307%
2011
2004
U.S.
$…
ROW
$5.9
B
U.S.
$5.1T
ROW
$16.
5T
U.S. and
Rest of
World Sales
Volume
2012
U.S. and Rest
of World
Fraud
Volume
2012
W. Capra Consulting Group 10
Source: Vantiv, and Bureau of the Fiscal Service; http://fms.treas.gov/cas/EMV_Merchant_101.pdf
WHAT’S DIFFERENT WITH EMV?
W. Capra Consulting Group 12
Current U.S. Standard
• Confidential data
stored on magnetic
stripe
• Authentication is via
PIN or signature
• Susceptible to
skimming
• No data is “written”
to magnetic stripe
Current Global
Standard
• EMV terminals read,
write data during
transaction
• Multiple methods for
authentication
• Dynamic authorization
MARKET DRIVERS FOR EMV
Counterfeit, Lost and Stolen Fraud Losses
• Currently, Issuers are liable for counterfeit fraud-related losses
• When EMV cards are issued, liability for counterfeit fraud will shift to merchant if the merchant is not EMV enabled
• When used with a PIN, also protects against lost and stolen fraud. Most card brands assign fraud liability based on the least secure party to the transaction
W. Capra Consulting Group 13
Global Interoperability of Chip Cards and
Payment Devices
• Worldwide standard used by all countries
• Support for international commerce
Contactless and Mobile Payment Schemes
• Demand for new and trending form factors
› NFC (Near-Field Communications)
› BLE (Bluetooth Low Energy)
W. Capra Consulting Group 14
MARKET DRIVERS FOR EMV
MYTHS: EMV AND DATA BREACHES
Myth: EMV would have prevented the recent high-profile breaches
• Although EMV would have lessened the aftermath of the recent breaches, it would not have prevented them from happening
• Even with EMV in place, a portion of the card-related data can still be unencrypted, or transmitted, in plain text
• The benefits of the EMV standard would only have kicked in after the breach occurred, by preventing the reproduction of cards from the stolen data
Myth: EMV is powerless related to the growing CNP fraud and should be skipped as we move towards an e-commerce consumer environment
• EMV does not have much impact on CNP fraud, but in-store purchases on cards is expected to reach $7.1 trillion in 2017
• Skipping over EMV will leave cards vulnerable and drive fraud to that payment channel, much as criminals are targeting the U.S. because it is the only major country without EMV
Source: https://www.bai.org/bankingstrategies/print.aspx?id=9242b7f7-b2ec-46a8-bf9e-686f2668a00f
W. Capra Consulting Group 15
Myth: EMV isn’t worth the time and cost associated with the technology implementation and consumer education efforts
• Security solutions have to be viewed as worth the investment in order to stop fraudsters and protect customers
• For example, Target experienced significant stock price decreases and lower sales as a result of its December 2013 breach
• For some companies, the damage to the brand’s reputation could be worse than the financial costs of a security issue.
• With the introduction of EMV cards in the UK, fraud losses from counterfeit cards fell more than 63% between 2004 and 2010
• Card fraud resulting from lost or stolen cards dropped more than 61%.
W. Capra Consulting Group 16
MYTHS: EMV AND DATA BREACHES
WHO IS PARTICIPATING IN THE CHANGE?
W. Capra Consulting Group 17
Payment Brands & Debit
Networks
• Brands have affirmed
October 2015 fraud
liability shift
• Debit EMV framework in
place
• Brands have cross
licensed each other’s
Common Debit
Applications
• Visa and MC also
working together on
Encryption, tokenization
and other security topics
Acquirers
• Investments already
made in their back
end; ready to support
EMV Apr 2013
• Still need to develop
POS specs and
complete front end
changes
• Constrained on
resources for
merchant testing &
certification
Issuers
• Chip card issuance has
begun
• Card manufacturers
seeing significant
increase in orders from
issuing banks
• Customers can request
cards now; most issuers
will replace as cards
expire
• 5000+ issuers and 1 billion
cards; migration is
accelerating but will take
time
Merchants
• Several large
merchants have had
active projects for
over one year
• More interest and
activity due to recent
breaches
• Average time from
start to certification is
18 months, assuming
acquirer, tech
vendors are ready
and no testing
bottlenecksW. Capra Consulting Group 18
WHO IS PARTICIPATING IN THE CHANGE?
WOULD YOU LIKE TO LEARN MORE ABOUT HOW EMV WILL IMPACT
YOU?
W. Capra Consulting Group 19
W. Capra Consulting Group
221 N LaSalle St #1325
Chicago, IL 60601
(312) 873 -3300
www.wcapra.com
W. CAPRA SERVICES
W. Capra Consulting Group
Retail
Technology
Provide project
leadership, retail
technology
expertise,
architecture
guidance,
deployment
management,
process
improvement
and operational
strategies
through a full
lifecycle
methodology
Payments
Provide
merchants the
best
opportunity to
construct a
right sized
payment offer
that meets the
retailer’s
business
objectives while
minimizing total
cost
Data
Security
Provide
merchants
retail specific
security best
practices to
ensure
consumer data
and credit card
data is
protected
without
impacting your
day to day
business
Back Office
Provide
operational
guidance
around retail
inventory and
workforce
management
to insure
inventory
margins and
labor cost are
in line with
established
goals.
20
W. CAPRA EMV EXPERIENCE
W. Capra Consulting Group
Engagement Verticals
Advisory Currently engagedGrocery, Petro C-Store,
Pharmacy & QSR
Education Currently engaged Petro C-Store & QSR
Strategy Currently engagedGeneral Retail, Petro C-Store,
QSR, and Private Label Issuer
Planning Currently engagedGeneral Retail, Petro C-Store &
QSR
Delivery Currently engagedGeneral Retail, Petro C-Store
and QSR
Leadership
EMF: W. Capra has multiple resources attend and
participate in the EMF
MAG: W. Capra consistently provides educational
content and sessions
to the MAG and its members
NACS: W. Capra has multiple resources attend and participate in theworking committees
W. Capra has recently been, or is currently, engaged
in all phases of EMV delivery in the U.S.
21