Upload
hoangthu
View
223
Download
4
Embed Size (px)
Citation preview
Understanding the Impact of
EMV Migration in the U.S.
Sharon Pazlar
Director, Product Management
Output Solutions at Fiserv
February 21, 2013
E M V U . S . M i g r a t i o n
2 0 1 5
© 2013 Fiserv, Inc. or its affiliates.
E M V U . S . M i g r a t i o n
2 0 1 5
Quick Facts
Year founded: 1984
Headquarters: Brookfield, Wisconsin
Locations: 158 worldwide
Employees: Approximately 20,000
Clients: Approximately 16,000
Revenue: $4.3 billion in 2011
Who We Are
Leading global provider of
information management and
electronic commerce systems
Who We Serve:
Banks, credit unions and
thrifts, billers, mortgage
lenders and leasing
companies, brokerage and
investment firms, healthcare
organizations, insurance
companies, utilities, retail,
govt. and more.
2
© 2013 Fiserv, Inc. or its affiliates.
E M V U . S . M i g r a t i o n
2 0 1 5
Agenda
3
• What is EMV
• Understanding EMV
• Global View of EMV
• Why EMV Adoption in the U.S. Makes Sense
• Card Association’s Announcements/Roadmaps
• EMV Implementation Options
• EMV Challenges Facing the U.S.
• Determining Your Approach
• How to Get Started
• Fiserv Readiness and Timelines
© 2013 Fiserv, Inc. or its affiliates.
E M V U . S . M i g r a t i o n
2 0 1 5
EMV Also Referred As
5
Chip & Pin
Smart Card
Chip Card
© 2013 Fiserv, Inc. or its affiliates.
E M V U . S . M i g r a t i o n
2 0 1 5
What is EMV?
6
• EMV is a global standard for credit and debit payment
cards based on chip card technology.
• EMV = Europay, MasterCard and Visa – first version
released in1996.
• EMV chip-based payment cards contain an embedded
microprocessor that contains the information needed to
use the card for payment, and is protected by various
security features.
E M V U . S . M i g r a t i o n
2 0 1 5
© 2013 Fiserv, Inc. or its affiliates.
E M V U . S . M i g r a t i o n
2 0 1 5
Why is EMV so Secure?
7
EMV improves the
security of a payment
transaction by adding
functionality in three
key areas:
1. Card Authentication -
Protecting against
counterfeit cards and skimming 2. Cardholder
Verification - Authenticating the cardholder and protecting
against lost and stolen cards
3. Transaction Authorization - Using issuer-defined rules to authorize transactions
© 2013 Fiserv, Inc. or its affiliates.
E M V U . S . M i g r a t i o n
2 0 1 5 1.55 billion EMV cards issued globally
21.9 million POS terminals accepting EMV cards
Where Has EMV Been Adopted?
8
Copyright © 2011 EMVCo, LLC. All rights reserved.
© 2013 Fiserv, Inc. or its affiliates.
E M V U . S . M i g r a t i o n
2 0 1 5
EMV Fraud Reduction Examples
9
Domestic fraud losses on U.K.-issued cards has been reduced by
34% Fraud losses from
counterfeit cards are down
63%
Lost and stolen card fraud is now at its lowest level since
the industry began collecting fraud data in 1991*
* Source: Retail Payments Risk Forum Working Paper, Federal Reserve Bank of Atlanta, January, 2012
© 2013 Fiserv, Inc. or its affiliates.
E M V U . S . M i g r a t i o n
2 0 1 5
U.S. Becomes an Easy Target Without EMV
10
© 2013 Fiserv, Inc. or its affiliates.
E M V U . S . M i g r a t i o n
2 0 1 5
Fraud is Rising in U.S.
11
Discover Financial Services disclosed in its annual report
that its fraud losses in fiscal 2012 totaled $93 million —
70% higher than they were two years earlier, even
after adjusting for rising transaction volumes.
Capital One Financial reported a 20% increase in volume-adjusted fraud losses, between 2010 and 2011.
It has yet to release fraud data for 2012.
© 2013 Fiserv, Inc. or its affiliates.
Fraud costs the U.S. card payments
industry an estimated $8.6 billion
every year. – Aite Group
12
© 2013 Fiserv, Inc. or its affiliates.
E M V U . S . M i g r a t i o n
2 0 1 5
Lost Revenue
13
Incompatibility for International Travelers
Card issuers lost out on
nearly
$4 billion in
charge volume including
$78.7 million in interchange fees
because of problems
cardholders had with
their cards while
traveling internationally
Source: Aite Group, The Broken Promise of Anytime, Anywhere Card Payments, October 26, 2009
© 2013 Fiserv, Inc. or its affiliates.
E M V U . S . M i g r a t i o n
2 0 1 5
Why Now for EMV Migration in the U.S.
14
U.S. Before
• Historically low levels of fraud in the U.S. due to ~100% online authorizations
• U.S. reluctant to change payment infrastructure
• Mobile phone payments virtually non-existent
U.S. Now
• U.S. has been increasingly vulnerable to fraudsters, driving up losses
• Deployment of contact and contactless terminals
• Growing demand for NFC mobile payments, which leverages EMV’s secure infrastructure
© 2013 Fiserv, Inc. or its affiliates.
E M V U . S . M i g r a t i o n
2 0 1 5
EMV Adoption in the U.S. –
Why it Makes Sense
15
Improved security
Better experience for international
travelers
Worldwide interoperability
Positioning the industry for
other forms of payment -
NFC
© 2013 Fiserv, Inc. or its affiliates.
E M V U . S . M i g r a t i o n
2 0 1 5
NFC vs. EMV
16
• Some people want to take a “wait and see” approach to
EMV.
• Some believe U.S. may “leapfrog” EMV chip technology
and move right into Near Field Communication mobile
payment.
• Mobile NFC payments are not an alternative to EMV chip
cards, but are enabled by it.
• Installing contactless readers while
upgrading to EMV compliant terminals
will increase tap-and-pay transactions.
• There will always be consumers who
prefer plastic cards.
© 2013 Fiserv, Inc. or its affiliates.
E M V U . S . M i g r a t i o n
2 0 1 5
Card Association Announcements
Liability Shift Dates
17
Visa MC Discover AmEx
P.O.S. Oct, 2015 Oct, 2015 Oct, 2015 Oct, 2015
Pay at
Pump/Gas Oct, 2017 Oct, 2017 Oct, 2017 Oct, 2017
ATM April, 2015 Oct, 2016 N/A N/A
© 2013 Fiserv, Inc. or its affiliates.
E M V U . S . M i g r a t i o n
2 0 1 5
What does Liability Shift mean?
18
Is the
Payment
Card EMV-
Compliant?
Is the POS
EMV-
Compliant? Merchant Liable
for any Fraud
Card Issuer Liable
for any Fraud
Shared Liability –
Normal Rules Apply
© 2013 Fiserv, Inc. or its affiliates.
E M V U . S . M i g r a t i o n
2 0 1 5
EMV Migration in the U.S. is Underway
19
• Large banks and credit unions issuing to international
travelers and upon card re-issue
• Large retailers deploying EMV ready POS terminals
60% of all
POS terminals are
projected to be
EMV equipped in
2015. Source: Javelin Strategy and Research, Oct. 2012
© 2013 Fiserv, Inc. or its affiliates.
E M V U . S . M i g r a t i o n
2 0 1 5
EMV Implementation Options
21
Card Interface
Card Authentication
Transaction Authorization
Cardholder Verification
1
2
3
4
A. Contact
B. Contactless
C. Dual Interface
A. Online
B. Offline
A. Online
B. Offline
A. Chip/PIN
B. Chip/Signature
© 2013 Fiserv, Inc. or its affiliates.
E M V U . S . M i g r a t i o n
2 0 1 5
Contact, Contactless, or Dual
22
EMV cards can be contact, contactless, or dual processing
© 2013 Fiserv, Inc. or its affiliates.
E M V U . S . M i g r a t i o n
2 0 1 5
Dual Operability in the U.S.
23
• All U.S issued EMV cards will have magnetic stripe
and/or dual interface
• Contact chip and magnetic stripe
• Contact chip and contactless chip and magnetic stripe
© 2013 Fiserv, Inc. or its affiliates.
E M V U . S . M i g r a t i o n
2 0 1 5
Online and Offline
24
Online authorization
Transaction information is sent
to the issuer, along with a
transaction-specific
cryptogram. Issuer either
authorizes or declines.
Offline authorization
The card and terminal
communicate and use payment
brand and issuer-defined risk
parameters to determine
authorization.
Offline is used when there is no
online connectivity, or to
optimize speed and
convenience of the transaction
(transit, ticketing).
OR
© 2013 Fiserv, Inc. or its affiliates.
―In the United States, in our 100% online
environment, there is no business case
or requirement for offline PIN transaction
support.‖ George Peabody,
Mercator Advisory
Group analyst
25
© 2013 Fiserv, Inc. or its affiliates.
E M V U . S . M i g r a t i o n
2 0 1 5
SDA – Static Data
Authentication
Static data embedded in the card at the time
of issuance
No cryptography
Less expensive
DDA – Dynamic Data
Authentication
Generates a fresh digital
certificate for each transaction
Includes cryptography
Enables the PIN to be
verified offline
More features, More money
CDA – Combined DDA with
Application Cryptogram
Same as DDA only faster
Often required for offline
contactless transactions
(transit)
Three Levels of EMV Chip Functionality
26
© 2013 Fiserv, Inc. or its affiliates.
E M V U . S . M i g r a t i o n
2 0 1 5
The Debate Over Signature vs. Chip & PIN
27
• Experts generally agree that Chip-and-PIN should be
the standard.
• Merchants fear that fraud losses will be higher with
signature authentication - - majority of merchant
terminals will support both.
• Chip & PIN issuers will need to decide on online-only or
both offline and online capabilities.
• When traveling abroad cardholders may experience unattended offline transactions with PIN-only machines (European train ticket kiosks, toll roads, gas pumps).
© 2013 Fiserv, Inc. or its affiliates.
E M V U . S . M i g r a t i o n
2 0 1 5
Example of a Secure EMV Transaction
28
E M V U . S . M i g r a t i o n
2 0 1 5
Contact or
Contactless
Payment
Method
Card
Authentication
Cardholder
Verification
Transaction
Authorization
Online (using
Dynamic
Cryptogram)
OR
Offline (using
SDA, DDA or
CDA)
Signature
Online PIN
Offline PIN
No CVM
Online
Offline
© 2013 Fiserv, Inc. or its affiliates.
E M V U . S . M i g r a t i o n
2 0 1 5
• Expense
• Complexity
• Promise of Fraud Mitigation
Limited
• Durbin Amendment
Compliance
• ATM Changes/Expenses
• Limited Merchant Incentive
• Cardholder Experience
Challenges Surrounding EMV in U.S.
30
© 2013 Fiserv, Inc. or its affiliates.
Javelin Research has estimated the
cost of terminal and card migration as
high as $12 billion. – Javelin Research
Group
31
© 2013 Fiserv, Inc. or its affiliates.
E M V U . S . M i g r a t i o n
2 0 1 5
EMV is Complex
32
• 1 billion payment cards in the U.S.
• 15 million POS devices
• EMV requires new security hardware and software in the
POS terminals
• Multiple configurations on chip cards
• Script and testing for
each card program
• Extensive testing needed
to avoid interoperability
failures and in-the-field
card failures.
© 2013 Fiserv, Inc. or its affiliates.
E M V U . S . M i g r a t i o n
2 0 1 5
Fraud Mitigation Limited
33
EMV cards only afford protection in a card-present
environment. Card-not-present uses is where fraud
predominately occurs.
Risk tools and PCI standards have dramatically reduced fraud
for U.S. issuers
2 times
Card-Not-Present
Fraud Losses
© 2013 Fiserv, Inc. or its affiliates.
E M V U . S . M i g r a t i o n
2 0 1 5
Durbin Amendment Compliance Issue
34
• The Durbin Amendment, Oct. 2011, requires debit
cards to offer merchants a choice of at least
2 unaffiliated networks in which to route transactions.
EMV applications
are proprietary to
a card brand, so
EMV will only
support one
network.
© 2013 Fiserv, Inc. or its affiliates.
E M V U . S . M i g r a t i o n
2 0 1 5
Possible Solution to Durbin Amendment
Compliance Issue
35
• EMV Migration Forum representing 18 networks is working
on a solution for a common application that would allow
merchants to have a choice in routing.
• The proposed common application ID would process the
transaction against a table of bank ID numbers to
determine which network the issuer belongs to and which
one the merchant prefers.
© 2013 Fiserv, Inc. or its affiliates.
E M V U . S . M i g r a t i o n
2 0 1 5
ATM Changes/Expense to Support EMV
36
• The ATM will need to have:
• An EMV compliant (and certified)
card reader and requisite
certified EMV kernel
• Application software that
supports EMV
• EMV compatible screen load
programs
• Ensure any local screen
customization integrates with
these new screen loads
• Some customers may opt to test
EMV upgrades in addition to
testing performed by their
processor
Estimated $2,000 to upgrade an ATM
to be EMV capable
Source: Julie Control McNelley, Research
Director for Aite, Blog 9/10/12
© 2013 Fiserv, Inc. or its affiliates.
E M V U . S . M i g r a t i o n
2 0 1 5
Limited Merchant Incentive
37
• No TIP (Technology Innovation Program) for U.S.
• Merchant disagreement:
• Some retailers embracing EMV
• Others are questioning why U.S. retailers are being asked to
upgrade to an older technology that has existed for more
than a decade in Europe, instead of preparing for a more
secure, modern approach to protecting payments.
―We want
something better!‖
© 2013 Fiserv, Inc. or its affiliates.
E M V U . S . M i g r a t i o n
2 0 1 5
Cardholder Experience
38
• Need to educate consumers on changes with new card.
• Chip card must be inserted in reader and left in for the
duration of the transaction.
• MC and Visa credit cards will most likely be signature
preferred at the POS.
• MC and Visa debit cards
will most likely be PIN
preferred at the POS.
• All ATM transactions
require PIN.
© 2013 Fiserv, Inc. or its affiliates.
E M V U . S . M i g r a t i o n
2 0 1 5
Overcoming These Challenges
39
• Adopting chip card technology in the U.S. seems
inevitable and will hold significant benefits for card
issuers.
• We will undoubtedly overcome many of these challenges
and forge ahead with EMV migration.
• 2013 will be the year of education and planning.
• 2014 may see sizeable deployment in the U.S.
© 2013 Fiserv, Inc. or its affiliates.
E M V U . S . M i g r a t i o n
2 0 1 5
Polling Question
40
What stage is your organization at in its EMV Migration
planning?
A. None - Haven’t started yet
B. Discovery – Learning and gathering information
C. Early Stage – Contacted processor and have begun
preliminary strategy development
D. Implementation – Active implementation. Have
issued EMV cards or are soon to be issuing
E. Don’t Know
© 2013 Fiserv, Inc. or its affiliates.
E M V U . S . M i g r a t i o n
2 0 1 5
How Should You Approach EMV?
42
Options to Consider:
• Payment application (Visa,
MasterCard, American
Express, Discover)
• Dual interface, contact and
contactless
• Online or Offline cardholder
authorization methods
• Online PIN & Signature
cardholder verification
methods
Add on Value:
• Multiple application
platforms to support loyalty
or healthcare
• Dynamic load, new
applications can be added
post issuance+
© 2013 Fiserv, Inc. or its affiliates.
E M V U . S . M i g r a t i o n
2 0 1 5
Timeline for Card Issuance
44
Week
1 Week
2 Week
3 Week
4 Week
5 Week
6 Week
7 Week
8 Week
9 Week
10 Week
11 Week
12 Week
13
Card Design
Proof Approval
Network Association
Certification Request
and Process Begins
Order Plastic
*subject to change based on technology availability
Association
Certification
Approval
Final Testing by
client, processor
and Association
Test Phase
Production of
Test Cards
Ready to process and personalize
EMV cards today
© 2013 Fiserv, Inc. or its affiliates.
E M V U . S . M i g r a t i o n
2 0 1 5
Getting Prepared
45
Get educated
Engage partners – card processor, card personalization bureau, ATM vendor, card
association and networks
Calculate EMV migration costs (ATM upgrades, card issuance, resource
investments)
Match timeline with card re-issue cycles
Focus strategy on international travelers
Create education plan for cardholders
E M V U . S . M i g r a t i o n
2 0 1 5
Questions
Sharon Pazlar
Director, Product Management
Fiserv Output Solutions
651-846-3618
© 2013 Fiserv, Inc. or its affiliates.
E M V U . S . M i g r a t i o n
2 0 1 5
Survey Questions
47
#1 How well did this webinar meet the stated objectives?
• Excellent
• Good
• Fair
• Poor
• No Opinion
#2 How would you rate the value of the information provided?
• Too basic – didn’t learn much new
• Just right
• Too complex and advanced – need the basics
• No Opinion
#3 Would you like Fiserv to contact you regarding your EMV planning strategy?
• Yes
• No