Upload
jhatch9418
View
961
Download
1
Embed Size (px)
DESCRIPTION
Citation preview
Introducing Dynamic Data in Payment Transactions without Changing the Existing Infrastructure
RSA ConferenceFebruary 2011San Francisco
Daniel Chatelain, Vice PresidentOperations & Strategic AlliancesWebsite: www.qsecure.com
QSecure, Inc. Proprietary and Confidential 2February 2011
Data Breach Epidemic
QSecure, Inc. Proprietary and Confidential 3February 2011
The Problem: Large and Costly
• January 2009
• Heartland Payment Systems
• Over 100M accounts compromised
• Too costly to issue new cards
QSecure, Inc. Proprietary and Confidential 4February 2011
Interesting Data Points
• 86% of cards stopped being used within 24 hours after 1st use*
• Fraudsters do not stick to one particular industry in 71% of the cases*
• Every transaction is relying on static data
• Fraud attacks are getting more and more sophisticated
• Fraud not limited to ecommerce but also very real at ATMs and POSs
* Ethoca Report on Fraud – Feb 2011
QSecure, Inc. Proprietary and Confidential 5February 2011
True cost of Payment Fraud
The negative effects of fraud involve all participants in the card value chain.
In general, only the issuer’s fraud losses are widely tracked and shared
Note: opportunity costs include lost revenues due to fraud at time of card application and of increasing compliance costs driven by fraud regulations and laws
QSecure, Inc. Proprietary and Confidential 6February 2011
Market closest in Europe to the US market
Payment cards are now 100% EMV since 2004
UK fraud rate was 9 basis points for 2009 compared to 18 bp in 2001. Counterfeit represents 18% and is down 52% from 2008
At a high level, numbers demonstrate that EMV deployment starts bearing fruit
Market Update – Fraud in the UK
Source: APACS in the UK
£ millions
CNP Counterfeit L&S0
50
100
150
200
250
300
350
20052006200720082009
QSecure, Inc. Proprietary and Confidential 7February 2011
In the US, decrease of fraud in 2009 due essentially to card reissuance (Heartland data breach)
In the US, increase of fraud in the first half of 2010
In the US, hack of merchant payment network to get magstripe data information
ATM skimming with camera to capture PIN getting slick with technology improvement (less frequent but high impact)
Market Update – Fraud in the US
2003
2004
2005
2006
2007
2008
2009
0
2
4
6
8
10
12
Fraud Rate
Source: MasterCard Global Risk Conference 2010
BasisPoints
QSecure, Inc. Proprietary and Confidential 8February 2011
Who is QSecure?
• Silicon Valley startup VC funded in 2005 ($32M raised)
• Broad patent portfolio on the technology and business applications
• Pilot test programs in development with major issuers
• Focusing on reducing fraud for the financial industry on Card Present and Card Not Present Fraud
QSecure, Inc. Proprietary and Confidential 9February 2011
The Ideal Solution
• Prevents Fraud
• Without changing existing infrastructure
• Without changing customer behavior
• That can scale
• And remains affordable
QSecure, Inc. Proprietary and Confidential 10February 2011
• The Display-Only Card• Secure On-Line Payment Card• Dynamic CVV2• Dynamic 3D Secure Code• Dynamic Home Banking Code (OTP)• Additional Secure Card Code (OTP)• Event based or time based
• The SmartStripe-Only Card• Secure Card-Present Payment Card• Dynamic MagStripe
• The Combo Card• Secure Card-Present and On-Line Card
The Resulting Card Products – What you see
QSecure, Inc. Proprietary and Confidential 11February 2011
The SmartStripe Solution – What you don’t see
• Convenient, compatible and secure credit cards with SmartStripe technology• Dynamic cryptography on the magstripe makes each
transaction unique• No impact on existing acceptance infrastructure
• Backend platform authenticates unique number on the magstripe• Integrates into existing issuer processes• No change to other transaction network processes
QSecure, Inc. Proprietary and Confidential 12February 2011
Why QSecure Works for Issuers?
• Only the card is upgraded, with issuer in full control
• Each card and transaction is unique (no keys stored in card)
• Card information stored by merchants, acquirers or service bureaus can not be used fraudulently (including PIN data)
• Quickly identify fraud sources, no need to block and reissue cards
• Increase market share through greater cardholder trust
• Card are EMV compatible
QSecure, Inc. Proprietary and Confidential 13February 2011
Why QSecure Works for Others?
• Cardholders• No change in cardholder behavior• Card data is safe• It is like getting a new card for each transaction
• Merchants• No need to change existing acceptance infrastructure• Fraud stopped in real time before goods or services are lost• Limits their financial exposure • No negative impact on business• Enhances PCI DSS compliance efforts
QSecure, Inc. Proprietary and Confidential 14February 2011
One Secure Card for One Application or Many
Other Bank Channels
CustomerService
Online Banking
Card PresentInteraction
POSATM
Card Not PresentInteraction
MOTOInternet
3D Secure
PaymentAuthorization Server
Banking Host
QSecureAuthorizationServer
QSecure, Inc. Proprietary and Confidential 15February 2011
One Secure Card for One Application or Many
Other Banking Channels
CustomerService
Online Banking
Card PresentTransactions
POSATM
Card Not PresentTransactions
MOTO 3D Secure
PaymentAuthorization Server
Banking Host
QSecureAuthorization
Server
QCS
PersoBureau
Internet
QSecure, Inc. Proprietary and Confidential 16February 2011
The Display Only Card
• Up to 6 Digit Display on the back of the card
• Unique cryptogram provided each time the button is pressed (CVQ) – data good for only one transaction or a period of time
• Thin, flexible battery embedded in card with up to 3 year life
QSecure, Inc. Proprietary and Confidential 17February 2011
The Display Only Card• Key Benefits
– Prevents Card Not Present transactions fraud• eCommerce and MOTO with Dynamic CVV2
• 3D Secure if 3D Secure used by issuer
– No change to the existing merchant checkout process
– Dynamic data associated with each transaction
– Can be used as an OTP Authentication Token as well• For Home Banking Interaction (event based or time based)
• For IVR/Customer Service Interaction
QSecure, Inc. Proprietary and Confidential 18February 2011
Our Value Proposition
• Passed security requirements from Cartes Bancaires and Visa Europe to issue Display cards in Europe
• Independent of card manufacturing and personalization bureau for cost effectiveness
• A full solution compatible with existing issuance systems
• An expertise to enable card issuers in their implementation
• We are in PRODUCTION already with our display products
• A pilot program in the box to get started easily
QSecure, Inc. Proprietary and Confidential 19February 2011
Summary• Largest threat to financial transaction network is static
data payment transactions
• QSecure’s SmartStripe technology solves the problem with no change to acceptance infrastructure
• Solution in production today with display cards and in late stage of development with the SmartStripe
• QSecure platform offers complete solution from front end card to backend authorization
• We have pilot programs “in a box” available if interested
QSecure, Inc. Proprietary and Confidential 20February 2011
Thank You
Daniel Chatelain, Vice PresidentOperations & Strategic AlliancesWebsite: www.qsecure.com
We look forward to doing business with you