View
442
Download
4
Category
Preview:
DESCRIPTION
Creditcall CTO Jeremy Gumbley looks at the problems and solutions how the EMV Migration bottleneck of the vigorous, slow and costly EMV certification processes can be bypassed, the complexity, risk and cost of EMV certification removed, and PCI DSS requirements – including major security concerns – and compliance demands reduced. Diagnosis and discussion is pertinent as all of these topics will play an enormous role in the run up to the October 2015 EMV Migration deadline. For more information, go to www.creditcall.com/ChipDNA Five EMV Migration Pain Points 1. Choose PINpad, develop and perfect driver 2. Update each processor interface for new EMV messages 3. Certify for each PINpad and each processor (M-TIP/ADVT/AEIPS/D-PAS) 4. Adapt or create a Terminal Managament System (TMS) 5. Maintain PCI P2PE certifications
Citation preview
Diagnosing the EMV Migration Pain Points: How to Make the Bitter EMV Migration Pill Easier to Swallow
Jeremy Gumbley, CTO Creditcall North America Cartes America 2014, May 13-15
COMPELLING EVENTS
LOOMING U.S. EMV LIABILITY SHIFT
Booth #1615
www.creditcall.com/ChipDNA
jeremy.gumbley@creditcall.com
Linkedin.com/in/jgumbley
COMPELLING EVENTS …………………………………………………………………………………………………………………………………………………….
EVER EVOLVING PCI DSS
REQUIREMENTS
Booth #1615
www.creditcall.com/ChipDNA
jeremy.gumbley@creditcall.com
Linkedin.com/in/jgumbley
COMPELLING EVENTS …………………………………………………………………………………………………………………………………………………….
THE 5 PAIN POINTS TO EMV MIGRATION
1. PINPAD SUPPORT
FACTORS TO CONSIDER a) Attended or Unattended? → How important is PIN Debit to you? b) What CVMs do you need to support?
Booth #1615
www.creditcall.com/ChipDNA
jeremy.gumbley@creditcall.com
Linkedin.com/in/jgumbley
1. SELECT PINPAD, CREATE RELIABLE AND
ROBUST DRIVER …………………………………………………………………………………………………………………………………………………….
Booth #1615
www.creditcall.com/ChipDNA
jeremy.gumbley@creditcall.com
Linkedin.com/in/jgumbley
1. SELECT PINPAD, CREATE A RELIABLE AND
ROBUST DRIVER …………………………………………………………………………………………………………………………………………………….
HOW ABOUT CONTACTLESS?
2. UPDATE EXISTING PROCESSOR INTERFACES FOR EMV
Booth #1615
www.creditcall.com/ChipDNA
jeremy.gumbley@creditcall.com
Linkedin.com/in/jgumbley
2. UPDATE PROCESSOR INTERFACES TO SUPPORT
EMV MESSAGING ……………………………………………………………………………………………………………………………………………………. GETTING TO GRIPS WITH EMV
• The terminology and the payment flows –
issuer script processing for instance.
• Who owns the code?
• Who maintains the code?
• Is the original developer still around?
Booth #1615
www.creditcall.com/ChipDNA
jeremy.gumbley@creditcall.com
Linkedin.com/in/jgumbley
2. UPDATE PROCESSOR INTERFACES TO SUPPORT
EMV MESSAGING ……………………………………………………………………………………………………………………………………………………. TIME MANAGEMENT • Have you allocated enough time to the project
considering the Processors will probably be inundated with support requests?
• Do the same for every Processor interface
SUPPORT • Will the Processor have enough resource to
support you?
3. A CERTIFICATION FOR EACH PINPAD AND PROCESSOR
Booth #1615
www.creditcall.com/ChipDNA
jeremy.gumbley@creditcall.com
Linkedin.com/in/jgumbley
3. CERTIFY EACH PINPAD WITH EACH PROCESSOR …………………………………………………………………………………………………………………………………………………….
LAYERS OF BRAND CERTIFICATION • Each PINpad and processor combination
requires various layers of brand certification – M-TIP/ADVT/D-PAS
• Rinse and repeat for each Processor you need to support!
• A certification requires costly test cards and testing tools
Booth #1615
www.creditcall.com/ChipDNA
jeremy.gumbley@creditcall.com
Linkedin.com/in/jgumbley
3. CERTIFY EACH PINPAD WITH EACH PROCESSOR …………………………………………………………………………………………………………………………………………………….
BUDGET ENOUGH TIME • In mature markets like the UK it takes 10-16 weeks per certification
• Repeat every time the EMV Level 2 certification expires
• Will the processor have enough time to support
you?
• What will the processor charge you to certify?
• Don’t forget changes in receipting to show some additional EMV fields such as the AID!
• Allow extra time for a first certification for documentation interpretation errors, unforeseen technical issues and test host availability.
4. WHAT ABOUT TERMINAL MANAGEMENT?
Booth #1615
www.creditcall.com/ChipDNA
jeremy.gumbley@creditcall.com
Linkedin.com/in/jgumbley
4. WHAT ABOUT TERMINAL MANAGEMENT? …………………………………………………………………………………………………………………………………………………….
TERMINAL ESTATE MANAGEMENT • Now that you have successfully updated
your application to support EMV, how will you manage all the additional data elements required by EMV?
• How will you update the firmware in your PINpad estate?
5. WHAT ABOUT PCI P2PE?
Booth #1615
www.creditcall.com/ChipDNA
jeremy.gumbley@creditcall.com
Linkedin.com/in/jgumbley
Booth #1615
www.creditcall.com/ChipDNA
jeremy.gumbley@creditcall.com
Linkedin.com/in/jgumbley
5. WHAT ABOUT PCI P2PE? …………………………………………………………………………………………………………………………………………………….
SECURITY • Are you ready for PCI P2PE?
• Domain 5 compliance? (HSMs, changes in process
and procedure, cost of certification)
SUMMARY
Booth #1615
www.creditcall.com/ChipDNA
jeremy.gumbley@creditcall.com
Linkedin.com/in/jgumbley
SUMMARY …………………………………………………………………………………………………………………………………………………….
1
2
3
4
5
SOLUTIONS
Booth #1615
www.creditcall.com/ChipDNA
jeremy.gumbley@creditcall.com
Linkedin.com/in/jgumbley
SOLUTIONS …………………………………………………………………………………………………………………………………………………….
DIY Do it yourself and spend anything from 12 to 24 months building and certifying an in house technology stack. PRE-CERTIFICATION Pre-certified ready build solutions that are plug and play with a variety of PINpads and processors of which there are two types: • Fat technology stack on PINpad
• Shared technology stack between POS and PINpad
“BUILDING BLOCK” APPROACH PINpad drivers have been developed, off the shelf uncertified updated processor interfaces and other functionality building blocks
jeremy.gumbley@creditcall.com
jeremy.gumbley
If you have any questions:
Come and see us at booth #1615
or visit www.creditcall.com/ChipDNA
Jeremy Gumbley
CTO
Recommended