mark hartley, emvco board of managers representative march 2011 emvco – advancing chip standards...
TRANSCRIPT
Mark Hartley, EMVCo Board of Managers Representative
March 2011
EMVCo – Advancing Chip Standards for the Global Payments Industry
Copyright © 2011 EMVCo
Agenda
• Introduction to EMVCo
• EMV® Today
• EMV’s Global Reach
• 2011 Priorities• Common Contactless Acceptance Infrastructure• Mobile Payments• New Participation Structure
• Conclusion
2
Copyright © 2011 EMVCo
EMVCo Overview
3
Copyright © 2011 EMVCo
Technical standards body managing and enhancing the EMV Specification to meet the needs of stakeholders.
Introduction to EMVCo
4
Copyright © 2011 EMVCo
EMVCo’s scope and participation have evolved over time in response to emerging payment, technology and industry needs.
5
Scope and Participation
Next?
Next?
JCBJoins
AmericanExpress
Joins
WorkingGroups
Expanded
Contactless & Mobile
Task Forces
ExpandedIndustry
Participation
Board ofAdvisorsEuropay,
MCW &Visa
EMV Spec
Interoperability Management
Contactless& Mobile
Terminal TypeApproval Process
CCD/CPASpecs & CardType Approval
Scope
Participation
Copyright © 2011 EMVCo
EMVCo’s Global Reach
6
Copyright © 2011 EMVCo
Global Deployment
7
Copyright © 2011 EMVCo
EMVCo Structure & Stakeholders – 2011
8
Technical and Operations Focus
Executive CommitteeExecutive Committee
Business Focus
Board of AdvisorsBoard of Advisors
SecretariatsSecretariats
Board of ManagersBoard of Managers
Working GroupsWorking Groups
SecuritySecurity
Card and Terminal
Card and Terminal
Terminal ApprovalTerminal Approval
ContactlessContactless
Card Approval
Card Approval
Security EvaluationSecurity
Evaluation
Inter-operability
Inter-operability
MobilePayments
MobilePayments
Business AssociatesBusiness Associates
SubscribersSubscribers
Technical AssociatesTechnical Associates
Task ForcesTask Forces
Copyright © 2011 EMVCo
EMVCo’s 2011 Priorities
EMVCo continues its work towards a common contactless acceptance infrastructure for payments globally.
9
New EMVCo participation structure encourages broadening of industry engagement.
EMVCo’s cross-industry collaboration advancescontactless mobile payments standardisation.
Copyright © 2011 EMVCo
Contactless Acceptance
10
Copyright © 2011 EMVCo
Contactless Acceptance – Background
11
• As the technology evolved, significant investments were made in deployment of different contactless solutions, which now enjoy a large installed base of cards and terminals.
• To broaden and accelerate the deployment of contactless payment, EMVCo can help further by standardising the existing contactless acceptance infrastructure and streamlining the contactless type approval processes.
• The Entry Point design allows for the accommodation of regional solutions and the gradual migration to a common acceptance kernel.
Copyright © 2011 EMVCo
Contactless Acceptance – Status
• Phased Implementation
See General Bulletin #43 at www.emvco.com for further details.
12
Phase One Focusing on streamlining existing licensing and contactless type approval and building a framework for future development.
Phase Two Building a contactless online-only kernel.
Phase Three Continuing the development with offline market requirements and incorporating new cryptography standards.
Copyright © 2011 EMVCo
Contactless Acceptance – Current Roadmap
13
Phase One: Streamline existing
licensing and approval
Phase Two: Common Online Kernel
Phase Three: Common On/Offline ECC
Kernel
Oct2009
2011 2012 2013+2010Past Accomplishments
Entry Point,
Contactless
Communication
Protocol
Copyright © 2011 EMVCo
Mobile Payments
14
Copyright © 2011 EMVCo
Mobile Payments – Background
• The future growth of contactless mobile payments technology, and its viability as a sustainable, global, mass market payment method, relies on the existence of a standardised technical infrastructure.
• Inter-industry cooperation is essential to avoid a fragmented approach to standardisation and the resulting limitations that this would bring.
• EMVCo is tackling the technical challenges in contactless mobile payments (CMP) and aligning with the traditional charter to deliver payment specifications, testing and type approval processes that ensure security and interoperability between ‘payment instruments’ (whether plastic cards or mobile devices) and terminals.
15
Copyright © 2011 EMVCo 16
MPWG Guiding Principles
• User Choice– End user to have active control over when, where and which payment
‘instrument/credential’ can be used: • Payment brand, financial institution, type (user defined choice and priority)
• Choice and priority changeable by user at any time.
• Issuer flexibility: – Secure element form factor (UICC, embedded, removable memory card etc.)– One or more secure elements.
• Traditional standardisation role:– EMVCo requires an approved secure element to host payment ‘instrument’– Agreement on standardised and interoperable processes to manage payment
‘instrument/ credentials’ on secure elements– Compatibility with existing contactless payments acceptance infrastructure
• EMV Common Contactless Protocol Level 1• PPSE .
Copyright © 2011 EMVCo
EMVCo Contactless Mobile Payments Landscape
• Reviewed the landscape of contactless mobile payments infrastructure standards available in the marketplace and determined best approach to support EMVCo’s role in contactless mobile payments.
• Prioritised and identified those requirements, standards, specifications and processes that:
– Are within domain of other related standards groups (this drove high priority liaison efforts)
– Are in need of development by the MPWG and that would complement its liaison activities
– Provide the contactless mobile payments community with appropriate guidance in developing various parts of the mobile payments infrastructure (from the payment industry perspective).
17
Copyright © 2011 EMVCo
Mobile Payments – Handset Architecture
18
User Interface
Wide Area
Modem
Application Environment
Contactless Module
Antenna
Over-the-Air Personalisation & Provisioning
Payment Application
Management
Contactless Proximity Payments
Copyright © 2011 EMVCo
Mobile Payments – Domains of Activities
19
EMVCo Industry Orgs Payment Systems
Secure ElementsUICC Profiles
-Security Evaluation (new)
GSMA · ETSI GlobalPlatform
Approval (current)
Mobile Devices Handset Requirements GSMA · ETSI
User InterfaceAAUI Specifications & Guidelines
Functional Specifications
Contactless
Protocol
Specifications
-Compatibility Validation to EMV Requirements
NFC Forum Approval (current)
Payment
Applications
PPSE Specification (contained in AAUI ) - Testing (future)
Payment System specific
Payment
Application Mgt.
GSMA and EPC M-Channel
Payment System specific
Personalisation
Provisioning
Existing Specifications as option
GSMA and EPC M-Channel
Payment System specific
Copyright © 2011 EMVCo 20
Status of MPWG Development Efforts (1)
Public Documents Posted on EMVCo Site:
• EMVCo Mobile Payments Architectural Overview document to serve as architectural reference document for the MPWG and describes briefly EMVCo’s and various standards bodies’ roles in the contactless mobile payments ecosystem.
• EMVCo Handset Requirements focusing on payment industry’s specific requirements for NFC mobile payments capable handsets
– Effectively store, enable and manage payment applications – Enable a degree of consistent user experience
– Can be viewed along side the GSMA handset requirements .
Copyright © 2011 EMVCo 21
Status of MPWG Development Efforts (2)
Public Documents Posted on EMVCo Subscribers Site:
• EMVCo Profile for GlobalPlatform UICC Configuration Secure Elements, a payment industry specific profile based on GlobalPlatform’s development efforts.
• EMVCo Application Management Specifications (Application Activation User Interface) documents the necessary components facilitating selection and activation of the user’s choice of financial instrument to be used at the POS.
Copyright © 2011 EMVCo 22
Current MPWG Liaison Status (1)
• GlobalPlatform – Collaboration on Composition Model for Secure Element Security Evaluation:– Development of model by GlobalPlatform in cooperation with EMVCo and GSMA– The composition model addresses security evaluation of secure elements and
secure applications– Traditionally secure element (‘card’) and applications are evaluated together
• Composition model aims to provide method for evaluating SE once, and allowing this evaluation to be used in order to evaluate the multiple applications
– Addresses both Common Criteria and EMVCo evaluation processes.
• GSMA – Collaboration efforts progressing well: – Multiple F2F meetings and many joint calls– Joint discussions on UICC certification and type approval framework with
GlobalPlatform– Actively providing feedback and comments to each other’s document– Creating ‘technical working bridge’ between two industries working on same topic.
• Liaison with other standard bodies – e.g. NFC Forum.
Copyright © 2011 EMVCo
Broadening Industry Engagement
23
Copyright © 2011 EMVCo 24
Industry Engagement Drivers
Standards
• Industry requests for wider participation
• Interest in increased transparency
• Growth of EMV as contact chip standard
• Expectation to expand beyond contact chip
• Commitment to optimal resource management
• Recognise member investment in staff & T&E
EfficienciesCustomer
Investment Optimisation
• Improved business vs. technical input balance
• Efficient interaction with standards bodies
Copyright © 2011 EMVCo
Participation Level Description
Level Qualifications /Requirements High Level Benefit Annual Fees
Members • Commitment to global EMV interoperability • Significant responsibilities in EMV
issuance/acceptance in multiple countries
• Responsible for final specs Capital & resource investment
Board of Advisors
• Business Associates• Technical Associates (up to six seats, beginning
2011)
• Interaction with EMVCo Executive Committee
N/A
Business Associate
• Payment service providers • Committed to EMV deployment and interoperability • Interest in providing input to EMVCo’s strategic
direction
• Seat on Board of Advisors• Company subscriber benefits
$12,500
Technical Associate
• Industry stakeholders • Interest in EMVCo working group activities
• Quarterly workshops with WGs• Vote to elect up to six BoA reps• Company subscriber benefits
$25,000
Subscriber • Company or • Individual
• Access to draft specs, user meetings & communications
$2,500$750
25
Notice: Participation in EMVCo (other than as a member) does not give any equity or voting rights in EMVCo, LLC
Copyright © 2011 EMVCo
EAP Associates Programme Participants^
26
Business Associates (29)
ABN AMRO Bank ANZ APCA* Atos Origin
Bancomat Bank of China Bankers Association Barclays Bank
BoC Credit Card* BPCEBundesverband
deutscher BankenCartes Bancaires*
CIELO Credit Mutuel Discover*EFTPOS Payments
Australia Ltd.
EPC Equens SE EURO 6000, S.A. Interac*
Moneris Solutions* PASA Paymark Limited RBS Worldpay
SERMEPA Sistema 4B SRC Research* Swedbank
UK Cards Association*
Technical Associates (16)
APCA* BoC Credit Card* Cartes Bancaires* Discover*
Hypercom Infineon Technologies Ingenico Inside Secure
Interac* Moneris Solutions *NCR Financial Solutions
Group LimitedSRC Research*
Smart Payment Association
Verifone Walmart UK Cards Assoc.*
^ Participation as of 15 February 2011* Denotes Dual Associates: Registered as Technical and Business Associates
Copyright © 2011 EMVCo
Mark Hartley
EMVCo Board of Managers Representative
March 2011
Thank You!Visit www.emvco.com