the payment device – an exploration into new technologies and methodologies
DESCRIPTION
The Payment Device – An Exploration Into New Technologies and Methodologies. Chris Lomax Head of Marketing - EMEA. Agenda. Focus on Security Contactless Solutions Internet Communications SEPA Next Generation Consumer Devices. Focus on Security. Sources of Point of Card Fraud. - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: The Payment Device – An Exploration Into New Technologies and Methodologies](https://reader035.vdocuments.us/reader035/viewer/2022062304/56813271550346895d990b66/html5/thumbnails/1.jpg)
The Payment Device – An Exploration Into New
Technologies and Methodologies
Chris LomaxHead of Marketing - EMEA
![Page 2: The Payment Device – An Exploration Into New Technologies and Methodologies](https://reader035.vdocuments.us/reader035/viewer/2022062304/56813271550346895d990b66/html5/thumbnails/2.jpg)
2
- Focus on Security- Contactless Solutions- Internet Communications- SEPA- Next Generation Consumer Devices
Agenda
![Page 3: The Payment Device – An Exploration Into New Technologies and Methodologies](https://reader035.vdocuments.us/reader035/viewer/2022062304/56813271550346895d990b66/html5/thumbnails/3.jpg)
3
Focus on Security
Sources of Point of Card Fraud
Card Fraud
Transaction logs and database hacks
Device and line tapping
Data Communications
![Page 4: The Payment Device – An Exploration Into New Technologies and Methodologies](https://reader035.vdocuments.us/reader035/viewer/2022062304/56813271550346895d990b66/html5/thumbnails/4.jpg)
4
Card Fraud
Protecting Customers• In 2005 UK Card Fraud, excluding Card Not Present reduced
by 28% (£98M). Chip and PIN / EMV• In 2005 UK Card Fraud, Card Not Present increased by 21%
(£33M)• US - “Credit card fraud (28%) was the most common form of
reported identity theft….” - 2004 Federal Trade Commission
![Page 5: The Payment Device – An Exploration Into New Technologies and Methodologies](https://reader035.vdocuments.us/reader035/viewer/2022062304/56813271550346895d990b66/html5/thumbnails/5.jpg)
5
Transaction Logs or Database Hack
ePOS software can contain mag-stripe data.
"01/01/05 18:26:04",">> ATV1Q0<CR>""01/01/05 18:26:04","<< <CR><LF>OK<CR><LF>""01/01/05 18:26:05",">> ATE0V1<CR>""01/01/05 18:26:05","<< <CR><LF>OK<CR><LF>""01/01/05 18:26:52",">> <STX>D4.99999599999999991100119911QR840840314193262007055999Y103954@D5473500000000014=05121019999888877776<FS><FS><FS>100<FS><FS><FS>Phantom Auto Parts Huntsville AL<FS><FS><FS>000<ETX>N <CR><LF>Content- Type: x-VISA-II/x-auth<CR><LF>""01/01/05 18:26:53",">> Connected ssl.pgs.wcom.net 443""01/01/05 18:26:54","<< <STX>E4.A001199115103900VITAL8051705182654APPROVAL 862445 0513722502322 0000123456789 <FS> <FS>000<ETX>;"
![Page 6: The Payment Device – An Exploration Into New Technologies and Methodologies](https://reader035.vdocuments.us/reader035/viewer/2022062304/56813271550346895d990b66/html5/thumbnails/6.jpg)
6
Tapping
Wireless device transmitting data
over a range of 200m
Surface mount assembly, with removable storage media
A device is inserted into a payment device orattached to the line and card information is collected and either later retrieved or immediately transmitted
![Page 7: The Payment Device – An Exploration Into New Technologies and Methodologies](https://reader035.vdocuments.us/reader035/viewer/2022062304/56813271550346895d990b66/html5/thumbnails/7.jpg)
7
Street Prices
Contributed by AmbironTrustWave 2005
![Page 8: The Payment Device – An Exploration Into New Technologies and Methodologies](https://reader035.vdocuments.us/reader035/viewer/2022062304/56813271550346895d990b66/html5/thumbnails/8.jpg)
8
Proactive Industry Stance
PCI – Payment Card Industry Standards
• Physical Security of Pin Accepting devices – PCI PED
• Data Center Security – PCI DSS
• Internet and Wireless Communication Standards
![Page 9: The Payment Device – An Exploration Into New Technologies and Methodologies](https://reader035.vdocuments.us/reader035/viewer/2022062304/56813271550346895d990b66/html5/thumbnails/9.jpg)
9
PED Certification Timeline
VISA-PED approval of all newly deployed POS PED devices
1 January 2004
PCI PED process required for ALL
new devices
1 October 2004
Completion date for old VISA PED process
certifications
December 2004Next Scheduled Review Process
2006
All installed PEDs must be Visa PED or
PCI Approved
July 2010
2004 20062005
Approved devices list found at www.visa.com/PIN
![Page 10: The Payment Device – An Exploration Into New Technologies and Methodologies](https://reader035.vdocuments.us/reader035/viewer/2022062304/56813271550346895d990b66/html5/thumbnails/10.jpg)
10
PCI Data Security Standard
All merchants Must Comply
![Page 11: The Payment Device – An Exploration Into New Technologies and Methodologies](https://reader035.vdocuments.us/reader035/viewer/2022062304/56813271550346895d990b66/html5/thumbnails/11.jpg)
11
MasterCard IP-Enabled POS Security
Security standards for IP-Enabled POS devices - Encryption of transaction data between POS device and acquire
Vendors and acquirers required to provide compliant solutions
MasterCard introducing Internet Protocol POS Terminal Compliance Testing Program
Acquirer responsible for obtaining MasterCard approved solution
MasterCard Reference documents:• Internet/IP-Enabled POS Terminals, Security Guidelines – Oct 05• Internet/IP-Enabled POS Terminals, SSL/TLS Implementation
Guidelines – Oct 05
![Page 12: The Payment Device – An Exploration Into New Technologies and Methodologies](https://reader035.vdocuments.us/reader035/viewer/2022062304/56813271550346895d990b66/html5/thumbnails/12.jpg)
12
Timelines
1st April 06 Acquirers ensure new wireless and IP-enabled terminals
are submitted for evaluation and approval
1st Sept 06 All newly deployed wireless and IP-enabled terminals
support encryption and comply with mandate
3rd Jan 07 Acquirers must upgrade all non-compliant wireless and IP-
enabled terminals
![Page 13: The Payment Device – An Exploration Into New Technologies and Methodologies](https://reader035.vdocuments.us/reader035/viewer/2022062304/56813271550346895d990b66/html5/thumbnails/13.jpg)
13
Security Leadership
VeriFone has lead representation on industry security forums defining and driving many security features and innovation
Powerful products engineered specifically to meetthe most demanding security requirements:
Terminal hardware
Software architecture
Communications security
![Page 14: The Payment Device – An Exploration Into New Technologies and Methodologies](https://reader035.vdocuments.us/reader035/viewer/2022062304/56813271550346895d990b66/html5/thumbnails/14.jpg)
14
VeriFone Security Model
POS Terminal Hardware
Application separation assured by secure memory management unit
EMV Level 1 Certified hardware
High security for PIN entry with DES, 3DES, RSA and AES• PED certifications: Infogard, TNO and T-Systems
Tamper evident mechanisms
Tamper proof mechanisms
Security PED fence / mesh
![Page 15: The Payment Device – An Exploration Into New Technologies and Methodologies](https://reader035.vdocuments.us/reader035/viewer/2022062304/56813271550346895d990b66/html5/thumbnails/15.jpg)
15
Application separation by multi-application OS – Verix V EMV Level 2 certified VeriShield digital certification for files and applications TLS 1.0 and SSL 3.0 (RSA, MD5, SHA-1, 3DES, RC4)
• Full client and server side mutual authentication - addresses WiFi and GPRS security weaknesses
Client digital certificate authentication (SSL VPN)
VeriFone Security Model
POS Terminal Software
![Page 16: The Payment Device – An Exploration Into New Technologies and Methodologies](https://reader035.vdocuments.us/reader035/viewer/2022062304/56813271550346895d990b66/html5/thumbnails/16.jpg)
16
Future Threat – AntiVirus
The threat from software viruses is no longer confined to the PC market
The IP-enabled terminal market is growing at a rapid pace
Although no immediate risks are evident utilising cost effective, secure and efficient Internet communications may have future risks
Hackers are always working to be malicious or to steal
Before viruses existed for personal computers no one had virus protection
![Page 17: The Payment Device – An Exploration Into New Technologies and Methodologies](https://reader035.vdocuments.us/reader035/viewer/2022062304/56813271550346895d990b66/html5/thumbnails/17.jpg)
17
Preventative Measures
Industry’s first anti-virus security for POS terminals Aims at minimising business impact from potential
future unknown risks Leverages on the McAfee malware detection
engine for embedded systems
![Page 18: The Payment Device – An Exploration Into New Technologies and Methodologies](https://reader035.vdocuments.us/reader035/viewer/2022062304/56813271550346895d990b66/html5/thumbnails/18.jpg)
18
- Focus on Security- Contactless Solutions- Internet Communications- SEPA- Next Generation Consumer Devices
Agenda
![Page 19: The Payment Device – An Exploration Into New Technologies and Methodologies](https://reader035.vdocuments.us/reader035/viewer/2022062304/56813271550346895d990b66/html5/thumbnails/19.jpg)
19
Contactless Technology in Payments
Transponders (sub $1.00 COGS)• Low Bandwidth, no read/write• Automated Toll collection systems• Mobile Speed Pass
Contactless Chip Cards ($2-$3)• 1356 MHz ISO 14443 A & B
– more security and complex applications– MIFARE, MasterCard, Amex
• FeliCa (14443 C non-ISO)– Proprietary Sony protocol popular in ASPAC– Not fully accepted as international standard (with controls)
![Page 20: The Payment Device – An Exploration Into New Technologies and Methodologies](https://reader035.vdocuments.us/reader035/viewer/2022062304/56813271550346895d990b66/html5/thumbnails/20.jpg)
20
Near Field Communication (NFC)
Next stage technology migration for contactless Developed and endorsed by all key constituents (Phillips, Sony, Nokia,
MasterCard…) Key to enabling personal devices to become payment devices Merchants still need ISO 14443 readers (today’s can be SW upgraded)
![Page 21: The Payment Device – An Exploration Into New Technologies and Methodologies](https://reader035.vdocuments.us/reader035/viewer/2022062304/56813271550346895d990b66/html5/thumbnails/21.jpg)
21
Merchant Value Proposition
![Page 22: The Payment Device – An Exploration Into New Technologies and Methodologies](https://reader035.vdocuments.us/reader035/viewer/2022062304/56813271550346895d990b66/html5/thumbnails/22.jpg)
22
VeriFone’s Market Commitment
Roadmap to leverage emerging opportunities
Multi-Lane, Consumer facing
Unattended Environments
Integrated with Handover Devices
Peripheral to Countertop Devices
![Page 23: The Payment Device – An Exploration Into New Technologies and Methodologies](https://reader035.vdocuments.us/reader035/viewer/2022062304/56813271550346895d990b66/html5/thumbnails/23.jpg)
23
- Focus on Security- Contactless Solutions- Internet Communications- SEPA- Next Generation Consumer Devices
Agenda
![Page 24: The Payment Device – An Exploration Into New Technologies and Methodologies](https://reader035.vdocuments.us/reader035/viewer/2022062304/56813271550346895d990b66/html5/thumbnails/24.jpg)
24
IP has changed how business is conducted
• E-Commerce
• Entertainment/Movies/Music
• Telecom industry
• Payment industry
Via IP & IP technologies, it is now possible to have ACCESS to services that were not previously accessible
We are no longer bound to “traditional” transaction networks
We can leverage the “Internet” to provide services to customers around the globe
Internet and the IP Revolution
![Page 25: The Payment Device – An Exploration Into New Technologies and Methodologies](https://reader035.vdocuments.us/reader035/viewer/2022062304/56813271550346895d990b66/html5/thumbnails/25.jpg)
25
The IP Value Proposition
Faster, Better, Cheaper
Long term infrastructure cost reduction through multiple advanced communications options
More secure transactions
Improved merchant retention viabest use of new technologies
Potential for multiple new businessmodels
Rapid time to market
Verifone is well positioned in this space
![Page 26: The Payment Device – An Exploration Into New Technologies and Methodologies](https://reader035.vdocuments.us/reader035/viewer/2022062304/56813271550346895d990b66/html5/thumbnails/26.jpg)
26
IP Based Payment In Action
And the list goes on and on….
![Page 27: The Payment Device – An Exploration Into New Technologies and Methodologies](https://reader035.vdocuments.us/reader035/viewer/2022062304/56813271550346895d990b66/html5/thumbnails/27.jpg)
27
Wireless Industry Technologies
4G
Bandwidth
WI-FIWIMAX
3G - EDGE/WCDMA/CDMA2000 1x EV
2.5G - GPRS/CDMA2000 1X
2G - GSM/CDMA/TDMA
Bluetooth
100
10
1
0.1
0.01
(Mb/s)
Mobility0.01 0.1 1 10 100(Km)
Metropolitan Area Network
(MAN)
Personal Area Network (PAN)
Local Area Network (LAN)
Wide Area Network (WAN)
![Page 28: The Payment Device – An Exploration Into New Technologies and Methodologies](https://reader035.vdocuments.us/reader035/viewer/2022062304/56813271550346895d990b66/html5/thumbnails/28.jpg)
28
Internet revolution - mass adoption of Broadband• Low cost IP connectivity• Always-on high speed transactions• Eliminate need for dedicated dial-up lines and low speed private networks
Wireless connectivity - IP everywhere• Mobile payments – WiFi and GPRS• No fixed cabling – dynamic stores layout
Standardised platforms• Multi-application support
– Credit– Debit– Pre-Authorised / Pre-Paid Debit– Loyalty– Gift Card– Mobile top-up– etc
Enablers And Facilitators
![Page 29: The Payment Device – An Exploration Into New Technologies and Methodologies](https://reader035.vdocuments.us/reader035/viewer/2022062304/56813271550346895d990b66/html5/thumbnails/29.jpg)
29
IP Enabled - Value Added Services
Complementary to terminal based payment applications Web hosted applications Reduce time to market for new applications No limit to number of applications at point of sale Software development costs are reduced No terminal migration issues
Internet meets POS browser based services
![Page 30: The Payment Device – An Exploration Into New Technologies and Methodologies](https://reader035.vdocuments.us/reader035/viewer/2022062304/56813271550346895d990b66/html5/thumbnails/30.jpg)
30
IP Enabled - Value Added Services
Business Logic
Database
Web Server
Terminal running thin-
client browser
IP network
Application Hosting Service
![Page 31: The Payment Device – An Exploration Into New Technologies and Methodologies](https://reader035.vdocuments.us/reader035/viewer/2022062304/56813271550346895d990b66/html5/thumbnails/31.jpg)
31
Enhanced Communication Leadership
The first modular design with multiple communications options
The first Ethernet solution
The first CDMA solution
The first Wi-Fi solution
The first Micro-Browser solution
The first SSL based security solution
And we keep raising the bar…
![Page 32: The Payment Device – An Exploration Into New Technologies and Methodologies](https://reader035.vdocuments.us/reader035/viewer/2022062304/56813271550346895d990b66/html5/thumbnails/32.jpg)
32
- Focus on Security- Contactless Solutions- Internet Communications- SEPA- Next Generation Consumer Devices
Agenda
![Page 33: The Payment Device – An Exploration Into New Technologies and Methodologies](https://reader035.vdocuments.us/reader035/viewer/2022062304/56813271550346895d990b66/html5/thumbnails/33.jpg)
33
SEPA and Payment Terminals
Single European Payments Area (SEPA) The objective of SEPA is for a single market payments area
• Open, competitive market• Coherent legislation and regulation• Preventing fraud• Standardisation
It covers retail payment instruments:• Cash (the €uro notes and coins are already in circulation)• Direct debits and bank giros• ATM cash transactions• Credit and debit cards
SEPA standards are to be implemented• Starting in 2008 through to 2010 SS PAPA
![Page 34: The Payment Device – An Exploration Into New Technologies and Methodologies](https://reader035.vdocuments.us/reader035/viewer/2022062304/56813271550346895d990b66/html5/thumbnails/34.jpg)
34
SEPA Card Framework (SCF)
The Framework is aimed at building an environment in which there are no technical, legal or commercial barriers to stand in the way of cardholders, banks and merchants choosing and using SCF compliant payment and ATM access card products
Approved Framework published 8 March 2006 as version 2
SS PAPA
![Page 35: The Payment Device – An Exploration Into New Technologies and Methodologies](https://reader035.vdocuments.us/reader035/viewer/2022062304/56813271550346895d990b66/html5/thumbnails/35.jpg)
35
Implications for Terminal Solutions
Single security standard• Endorse the use of PCI PED• Or one standard approval across all SEPA region• Elimination of multiple national standards – GIE CB, UK CC, ZKA, C-TAP,
SAKO-I….. Standardised cardholder interface process
• The keying / transaction sequence to be standardised• Display language based on card issuer ISO code
European Payments Council (EPC) to provide SEPA Governance EPC membership to be open to vendors (associate members)
• Standards Working Groups
Out of Scope• Standard host interface message
– All data elements already in most national / proprietary formats– Forcing this will delay implementation– Encourage gradual migration to a standard interface
• No TMS, or File Transfer standards needed
![Page 36: The Payment Device – An Exploration Into New Technologies and Methodologies](https://reader035.vdocuments.us/reader035/viewer/2022062304/56813271550346895d990b66/html5/thumbnails/36.jpg)
36
- Focus on Security- Contactless Solutions- Internet Communications- SEPA- Next Generation Consumer Devices
Agenda
![Page 37: The Payment Device – An Exploration Into New Technologies and Methodologies](https://reader035.vdocuments.us/reader035/viewer/2022062304/56813271550346895d990b66/html5/thumbnails/37.jpg)
37
Today’s PIN pad has evolved to tomorrow’s “client-facing terminal”
Enhanced communications allowsindividualized messaging to each client
Content Driven
Grab attention with animations or video with Screen Savers, Videos, Banners, Pop-ups and multi-media content and commercial images to uplift your brand
Evolution of the PIN Pad
![Page 38: The Payment Device – An Exploration Into New Technologies and Methodologies](https://reader035.vdocuments.us/reader035/viewer/2022062304/56813271550346895d990b66/html5/thumbnails/38.jpg)
38
What content?
Content Evolution
![Page 39: The Payment Device – An Exploration Into New Technologies and Methodologies](https://reader035.vdocuments.us/reader035/viewer/2022062304/56813271550346895d990b66/html5/thumbnails/39.jpg)
39
Move away from the limitations of static images and leverage the same attention-getting dynamic messaging you used on television, plasma displays, digital signage, the Web and in print right where the consumer is • Reinforce Brand image using
– Special Promotions – Screen Saver– Customised product
Revenue Generation Potential Communicate with the
consumer without slowing transactions using video and animations
Present your message brilliantly
![Page 40: The Payment Device – An Exploration Into New Technologies and Methodologies](https://reader035.vdocuments.us/reader035/viewer/2022062304/56813271550346895d990b66/html5/thumbnails/40.jpg)
40
VeriFone - Track Record of Innovation
Innovative payment transaction solutions Value added services at the point of sale Superior insight into customer needs
VeriFone Wins Frost & Sullivan 2005 Product Line Strategy Leadership Award
Frost & Sullivan, founded in 1961, is recognized as a global marketing research and solution leader, with offices located worldwide.
![Page 41: The Payment Device – An Exploration Into New Technologies and Methodologies](https://reader035.vdocuments.us/reader035/viewer/2022062304/56813271550346895d990b66/html5/thumbnails/41.jpg)
41
Questions