pcats annual conference - conexxus€¦ · saved $.73b 2012 • durbin “1” was flawed, but good...
TRANSCRIPT
Enabling Connections…Finding Solutions…Researching Technology
The Future of Payments PCATS Annual Conference
Gray Taylor Executive Director PCATS [email protected]
Terence Spies Chief Technology Officer Voltage Security [email protected]
The Future of Payments PCATS Annual Conference
Snapshots…
• Est. $550B industry sales • Continued Privatization
– Prepaid will eat cash sales – ACH will feed off debit
• Cost “holiday” from Durbin 3
Source: Nilson Report, NACS
Industry Card Costs to 2017
$12.3
$10
$11
$12
$13
$14
$15
$16
$17
$18
$19
$20
2012 2013 2014 2015 2016 2017
Billi
ons C
ard
Cost
P.A.
No Durbin Durbin Durbin Recast
Sources: Nilson Report, NACS CPP
$5.6B
$8.2B
Saved $.73B 2012
• Durbin “1” was flawed, but good • Durbin done right is essential! • Routing will be accretive (TBD)
Takeaways: • We have a lot of work to do with the Fed in 2014 • How might we fully leverage routing?
Payments in Flux – The Perfect Storm Big Theme
1. Digitization of payments 2. Redefining retail banking 3. Consumerization 4. Alternative currency 5. Authentication 6. Many to many, “Cloud” 7. Paucity of standards/regs
Risk/Opportunity 1. Digital = “for profit” 2. Consumer attitudes on payments 3. BYOD defining society & payments 4. Will drive mobile adoption 5. Analog to digital ID, new “trust” 6. Traditional net structure destroyed 7. “Wild West” scenario
Market dominants are at significant risk – so are we…
Funding
Check
Credit
ACH/Transfer
Debit
• Ubiquity is essential • Settlement essential • Trust is essential • Security essential • Funding clashes with method
Funding Systems Method
Systems
MagStripe
Check
Coupon
New methods?
• Ubiquity is essential • USER EXPERIENCE!! • Standards essential • Security essential • Authentication is essential • HIGHLY DYNAMIC - Mobile
Payments Ecosystem – Business & Consumer
Currency $
DDA
Prepaid
Credit Line
• Can be consumer or business • Does not have to be a “bank” • Not too dynamic – BitCoin? • Trust is essential • Highly regulated
Interchange is Hosed (long live interchange)
• Level playing field gone – Cards will seek to
maximize revenue in (small) niches
– MC Codes mean nothing – Cards have released
banks to do bilaterals – Cost complexity ↑
• Routing needs volume
Size matters
Estimated Card Sales - 20121 Wal-Mart $131.48 2 Costco $56.83 3 Shell $46.60 4 Target $43.18 5 Chevron $40.49 6 The Home Depot $39.61 7 Kroger $36.87 8 Walgreen $32.51 9 CVS Caremark $31.84
10 Amazon.com $30.97 11 Lowe's $29.62 12 ExxonMobil $28.42 13 CITGO $28.42 14 Phillips $26.25 15 BP $24.85 16 Apple Stores / iTunes $21.60 17 Best Buy $20.65 18 McDonald's $17.80 19 Macy's $16.57 42 7-Eleven $4.28
The Underbanked
• Many consumers… – Can’t qualify or afford DDAs – Don’t want DDA – Pay predatory fees
• Often more than $600/year
– Demographic: Bubba/Bubette
• Underbanked are… – Adopting general purpose
prepaid cards as alternative – Customers of non-FI entities – Not prime targets for
decoupled
9
Underbanked Services Fit Retail • Underbanked…
– Seek SPENDING solutions – Need to load/unload card
• Convenience important
– Shop Omni-channel
• Retailers… – Need financial “quality”
to offer – Need systems to support – Have to load and unload – Be convenient
10
Why Walmart Wants to be Your Bank • Cost: Cash customer moving to
unregulated prepaid • Contact: Consumer touch point • Profits: Issuing is profitable
– 1 million Bluebird cards (AMEX) – 1.4 MasterCard payroll cards – Largest seller of Visa GPR cards – Repeat store visits for reloads – Path to other financial services – New:
• AMEX Serve • In-chain money transfer
11
US Mobile “Regulatory” Landscape
Broadcast
Payment
Security/Privacy
Federal Trade Commission Department of Commerce States / Attorneys General
Consumer Financial Protection Bureau
Federal Reserve System Treasury (incl. FinCen, IRS)
Office of Comptroller of Currency Department of Agriculture (EBT/SNAP) Federal Deposit Insurance Corporation
National Credit Union Association Consumer Financial Protection Bureau
Department of Justice
Card Brands EMV PCI
SmartCard
Card Brands EMV
Mobile Operators
ANSI X9 -> ISO NIST W3C
ANSI X9 -> ISO NACHA
Federal Communications Commission Food & Drug Administration
IEEE Bluetooth
NFC
Use
Federal Communications Commission Nat’l Highway Traffic Safety Admin.
State DOT
Regulators Private Regulators Standards
Mobile Security Best Practices - BITS
In reality…
DATA SECURITY IN THE NEW AGE Terence Spies
Introduction
• Security is simultaneously becoming: – More crucial to understand – More complex – Generally more terrifying
Cryptography
• Data security is driving short term changes – Protection of legacy payment architecture
• Data security is driving long term changes – Future payment architectures
• Cryptography is the backbone of this shift
1978 1960 2013
Why do breaches happen?
• One fundamental flaw of payment (and other identification schemes): Symmetry – To make a payment, I need a PAN – To verify a payment, the Bank needs a PAN
Symmetry allows attackers to imitate payers by
stealing information from verifiers.
The Classic Model
Payer Payee Bank PAN PAN
Attacker
Absent authentication or privacy, attacker simply recycles PANs
Physical Symmetry…
Make insecurity a business model?
Compensating for symmetry
• As long as systems are symmetric, we need to restrict verification.
• Most common example: PINs
X84%#$1vE
Compensating for symmetry
• Restricting PANs is not so easy…. – Payment systems have evolved to use clear PANs – Fraud detection, receipt printing, loyalty,
recurrence, refunding, etc.
• Two strategies – Encrypt the PAN (Tokenization) – Add an authenticator (EMV)
EMV Authentication
PAN + AC PAN + AC
POS Terminal Intermediate Systems Trusted Host
Card Key + Transaction details => cryptogram
Encryption and Tokenization
Encrypted PAN
Encrypted PAN
Token
POS Terminal
Intermediate Systems
Trusted Host
Encrypted PAN No 1:1 correspondence with PAN Token 1:1 surrogate value for PAN
Securing Storage
Credit Card 934-72-2356
Tax ID
Regular AES
FPE / Token 7412 3423 3526 0000
8juYE%Uks&dDFa2345^WFLERG
298-24-2356
7412 3456 7890 0000
Ija&3k24kQarotugDF2390^32
Format preservation in tokenization and encryption processes enables existing processes to work with minimal changes and access to keys.
Standards Efforts
• Encryption – X9.119 part 1 (and PCATS efforts) – X9.124 (Format Preserving Encryption)
• Tokenization – X9.119 part 2 – EMVCo spec for “payments tokens” – PCI efforts
PAN Storage
Storage Deindentification Key: Protect Inbound Deprotect inbound
Partially deprotect
Keep In Mind…
• Tokenization can create uncomfortably close relationships!
• Once a token is established, undoing the mapping is difficult.
Is there an alternative to symmetry?
The Public-Key Model
Remit: $5 From: 5678-90241 To: 4234-23123
Remit: $5 From: 5678-90241 To: 4234-23123
Signature: 5FA439CD2144…
Remit: $5 From: 5678-90241 To: 4234-23123
Signature: 5FA439CD2144…
Sign
Verify
The Public-Key Model
Remit: $5 From: 5678-90241 To: 4234-23123
Remit: $5 From: 5678-90241 To: 4234-23123
Signature: 5FA439CD2144…
Remit: $500 From: 5678-90241 To: 4234-23123
Signature: 5FA439CD2144…
Sign
Verify
Breaking Symmetry
• Nothing to steal at the verifier! • No hard requirement for transaction privacy • Transactions do not reveal secrets
Downsides?
– Computationally harder – Messages are somewhat larger (~100s of bytes) – Disrupts existing business models….
Public Key in the Real World
• Website authentication • SWIFT transaction signing • P2P Encryption key management
• Enables transition to much more convenient
mobile wallet scenarios
Two Models
• Symmetric – Transaction completed by verification of a secret – Inherently centralized (one secret holder)
• Public Key – Transaction completed by signature verification – No more secrets, but central verifier – Some trusted party maintains the ledger
Can we take this one step farther?
What is a ledger?
A verified history of transactions, from which we can derive balances …..
Centralized ledgers
• Account balances, credit, etc. all extend from trusted ledgers maintained by banks and other FIs
• The security function of a bank is to allow only authorized modifications (credits and debits) from that ledger.
• That function is done with walls, guards, IT controls, and business rules.
But…
Remit: $500 From: 5678-90241 To: 4234-23123
Signature: 5FA439CD2144…
Verify
Public key signatures defend themselves…we don’t need guards or firewalls if we believe the signing keys are safe…
Ledger = A group of transactions
Remit: $500 From: 5678-90241 To: 4234-23123
Signature: 5FA439CD2144…
Remit: $145.66 From: 5551-2001 To: 4234-23123
Signature: 6411339FE41…
Remit: $213.45 From: 5678-90241 To: 1234-23434
Signature: 98324A344588…
Remit: $100.11 From: 5611-11234 To: 4599-23244
Signature: 67812FA432435..
….this record could be public!
If only….
there was some way to keep bad transactions (double spending, cancels) out of the record of signed transactions!
Uh oh…
Bitcoin?
• The bitcoin paper offers a way to build “distributed consensus” on a public ledger, also called a “blockchain.” – Miners compete to get rewards for validating
transactions.
• Outside of opinions about bitcoin as a currency, this points to the ability to build all kinds of decentralized payment vehicles.
How Do I Pay With BTC?
• Users have wallets which contain signing keys • A transaction consists of a signed message:
Remit: 5.0 BTC From: 5678-90241 To: 4234-23123
Signature: 5FA439CD2144…
Sender Key ID
Recipient Key ID
This is all pretty conventional…
Where does it go?
• In previous systems, it would go to a trusted authority (DigiCash, etc.)
• In bitcoin, we send it to everyone • Transactions sent to all nodes
– “Miners” compete to validate transactions – New validated transactions become a block
• Like a page in the ledger
– Finding a valid block awards new BTC
Sample blocks & transaction
Competition
• Basis: Competiting consensus instead of centrality
• How much competition?
Modern Mining
Does This Make Any Sense?
• Maybe not.. • But the idea of distributed consensus is
driving hundreds of applications – Voting – Internet name binding – Contracts – Payments?
Conclusions
• The somewhat vintage design of the payment system makes security a challenge
• Payment Security will evolve in phases: – Now: P2PE and Tokenization – Near-future: EMV and Tokenization – Future: Public key? Cryptocurrencies?
PAYMENTS ARE TECHNOLOGY… TECHNOLOGY IS POLICY
Terence Spies
• PCATS/NACS advocate government endorsement… – Government adoption of payment standards, NOT EMVCo
or PCI – Payments as a matter of national security
• Open dialogue between stakeholders
– Payment platforms a matter of economic health • “Frictionless” economy through digitization
• Improve relationships with regulators/agencies – Drive for open and comprehensive “wallet” – Federal reserve (Durbin revisions, payment platforms) – Organize stakeholders: DoD, DHS, State Department, States
Spheres of Advocacy
• Congress • Homeland Security, Energy and Commerce, Financial Svcs
• Regulators • Federal Reserve Board(s)
– Kansas City FRB: Payment Card Fraud Costs – Philadelphia FRB: Payment Card Security – Boston/Atlanta FRB: Mobile Payments – Minneapolis FRB: EMV Standardization
• Agencies • Federal Trade Commission • Treasury • Department of Homeland Security • NIST • Law enforcement & intelligence (FBI, NSA, CIA)
• Standards groups
NEW Playing Fields: • Financial Services Roundtable • The Clearing House • NACHA • ABA
Rational Policy: A Roadmap
• Our system is broken, and we are at risk: – Payments are critical to our national security – Authentication of account is meaningless – There are no “clean” computing environments
• We need a stakeholder-driven strategy: – Accredited standards developed in transparency – Less focus on business models, more on what’s right – America to lead the world to next generation
payments – Secure transactions in the “dirtiest” of environments – Protect privacy through secure authentication
Thank you – Questions?