Summary 4th Eurosystem Security Certification Forum

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Summary 4th Eurosystem Security Certification Forum"

Transcription

1 DIRECTORATE GENERAL MARKET INFRASTRUCTURE & PAYMENTS MARKET INTEGRATION DIVISION ECB-PUBLIC 22 September 2014 Summary 4th Eurosystem Security Certification Forum 1. Introduction On 7 April 2014 the European Central Bank organised the 4th Eurosystem security certification forum (the forum) with the objective of promoting the harmonisation of the card payment terminal security requirements, the card terminal security evaluation methodology and the certification process, which were currently missing components of SEPA for cards. Moreover, the Eurosystem also aimed to help remove some of the bureaucratic barriers that a terminal manufacturer faced in order to produce and be able to sell a terminal throughout SEPA. In fact, the terminal security certification process is currently so diversified across SEPA such that terminal manufacturers incur high costs for several administrative activities when trying to successfully market their products in all SEPA countries. The participants in the forum included representatives from the Eurosystem, Europol, the European Commission, the Cards Stakeholders Group (CSG) 1, the European Payments Council (EPC) 2, merchants, terminal and chip manufacturers, card schemes and approval bodies, as well as from laboratories, card transaction processors, the Open Standards for Security and Certification (OSEC) 3 project and from the PCI Security Standards Council (PCI SSC) 4. The agenda included a welcome address by the ECB, followed by several presentations and panels involving the participants of the forum. The presentations and panels provided an overview of the various different market players views in respect of card and terminal security certification. Finally, the card schemes presented their views on the possible development of contactless technology The CSG is a de facto association composed of five representatives from the cards sector (retailers: vendors: processors: schemes and the EPC). These representatives have come together to participate in a structural cards dialogue. Further information on the CSG is available on its website. The EPC is the coordination and decision-making body of the European banking industry in relation to payments. Further information on the EPC is available on its website. The OSEC project is valuable in terms of achieving a harmonised point of interaction (POI) terminal for security certification in Europe that is based on the Common Criteria (CC) methodology. Further information on the OSEC project is available on its website The PCI SCC is an open global forum, which was launched in 2006 and is responsible for the development, management, education, and awareness of the PCI Security Standards. Further information on the PCI SCC is available on its website. 4th Eurosystem Security Certification Forum - Summary_ Page 1 of 11

2 2. The policy environment session 2.1 ECB/Eurosystem s objectives in the field of terminal security evaluation and certification methodologies The chair of the forum, Mr Ruttenberg (ECB), opened the forum by welcoming all the participants. Mr Tur Hartmann (ECB) began the working session with a presentation on the importance of shifting the focus to SEPA for cards now that the migration of credit transfers and direct debits in SEPA had almost been completed. From Mr Tur Hartmann s point of view, the main factors that were hampering a broader acceptance of all cards, and as such the realisation of SEPA for cards, were the varying regional business practices and rules and the non-compatible technical standards. The ECB strongly promoted the efforts to harmonise the principles, business practices and rules, and the technical standards adopted by the payments industry. The ultimate goal of the ECB was to establish an efficient, safe and reliable card payment arena, which also encompassed a low level of fraud. The ECB welcomed the work carried out by the CSG on further developing the Cards Standardisation Volume (the Volume) and supported the use of the ISO for card messages in the terminal-to-acquirer and acquirer-to-issuer domains for both authorisation and clearing and settlement. The latter would facilitate using the same infrastructures for card payment transactions and clearing and settlement as those already in place for SEPA credit transfers and SEPA direct debits. In the field of terminal security certification, the ECB had been monitoring and acknowledged the progress made by the payments industry. Moreover, the ECB supported the aim of achieving a single or a restricted number of SEPA-terminal security certification methodologies. In this respect, the ECB expected the convergence of terminal security certification methodologies to take place in accordance with the roadmap defined in the aforementioned Volume. To conclude, Mr Tur Hartmann presented the objectives, the composition and the functioning of the Euro Retail Payments Board. 2.2 Europol - electronic payment fraud in Europe Mr Godart presented an overview of the threats that Europol currently faced in respect of card payments. Criminal organisations existed at the international level and they were constantly improving their techniques. The law enforcement agencies needed to coordinate their work in order to maintain the necessary pace and resilience with which to combat these criminal activities. Mr Godart explained the common practices being used to initiate card payment fraud and presented some of the mission s achievements on the part of Europol in the face of card fraudsters thus far. One of the prominent features of Mr Godard s presentation was the fact that criminal organisations had largely been using stolen and counterfeit cards to subsidise their internal logistics (e.g. air travel, hotels, restaurants, etc.) rather than 5 The ISO is an international standard laid down by the International Organization for Standardization (ISO) Technical Committee TC68 Financial Services. Further information on these standards are available on ISO s website. 4th Eurosystem Security Certification Forum - Summary_ Page 2 of 11

3 trying to directly monetise the stolen goods. Furthermore, Europol predicted that mobile payments and other new technologies as the key areas in which criminal organisations would be more active in the future. Owing to the global impact of fraud, Mr Godart wanted to look into possibilities for improvement within the international cooperation mechanisms of law enforcement agencies so as to better respond to criminal activities. 2.3 ECB - third Eurosystem report on card fraud Mr Hofmeister (ECB) presented the third Eurosystem report on card fraud. Following a short introduction on the provision of data, Mr Hofmeister explained the main findings of the report. In 2012, the total value of card fraud in SEPA amounted to 1.33 billion; an increase of 15% compared with This fraud was largely concentrated in card-not-present transactions (60% of fraud) and in cross-border transactions (50% of the value of fraud compared with 7% of the total transaction value), there were large discrepancies in the level of fraud across the different EU countries. Mr Hofmeister concluded that there was a need to increase the level of security for card-not-present transactions, but that this would be addressed once the SecuRe Pay recommendations 6 were fully implemented by 1 February Moreover, even if migration to EMV 7 had improved security for card payments, a geo-blocking authorisation strategy remained an important component of the anti-fraud strategy, certainly as long as the magnetic stripe with all of the payment-related data was still on the card. 3. The industry s state-of play session 3.1 Cards Stakeholders Group SEPA cards standardisation Volume v7.0 8 Security and Security Certification Mr Bechis and Mr Massey (Co-chairs of the CSG) presented the progress made in Volume v7.0 with the focus being on Book 4 Security. The CSG expected the market to be able to comply with Volume within three years of its publication (January 2014). Mr Massey explained that the security requirements defined in the Volume referred to international standards (for example PCI, EMV, ISO and Common Criteria (CC) 9 ). The CSG was focusing its efforts on security and was further developing the Volume. The next version of the Volume was expected to be published in the second half of 2014; this update would also include remote payment security requirements. Mr Bechis and Mr Massey presented the content of Book 5, which The SecuRe Pay recommendations are available on the ECB s website. The EMV is a global standard for the interoperation of integrated circuit cards and chip card-capable point-of-sale (POS) terminals and automated teller machines (ATMs) for the purpose of authenticating card transactions. The organisation responsible for developing and updating the standard is EMVCO. Further information on the EMV and the EMVCO can be found on the EMVCO s website. The Volume is available on the EPC s website. The Common Criteria for Information Technology Security Evaluation (otherwise known as Common Criteria or CC) is an international standard (ISO/IEC 15408) for computer security certification. 4th Eurosystem Security Certification Forum - Summary_ Page 3 of 11

4 is the conformance verification process as per the Volume, the labelling, and the different types of approval and certifications processes used in the payments industry. Furthermore, the CSG was currently working on Book 7 Processing, as well as on an update of Book 3 - Data elements. With regard to terminal security certification, the CSG reported on its evaluation of the OSECOSEC project. The project was assessed against four objectives: i) security assurance; ii) capacity and timing; iii) competition; and iv)cost. As a result of this assessment, the CSG decided: i), to continue working together with OSEC for the next two years given that the objective of harmonisation/convergence of security certifications for the point of interaction (POI) was still considered feasible; ii), that there was a need for the card schemes and the approval bodies to decide on which security certification methodology to use (as described in Volume v7.0). In the interim period, card schemes and approval bodies within SEPA needed to collaborate in order to find out which certificates were being most widely used, so as to streamline the efforts to be made by the vendors and the merchants and to minimise approval costs in SEPA. Mr Bechis and Mr Massey presented the results of a survey on POI evaluation methodology among card schemes and approval bodies. All survey participants supported the security requirements defined in the Volume. Moreover, the survey examined the preferences with regard to the two main terminal security methodologies (PCI or CC) and the concept of convergence. The survey results showed that: i) 100% of the respondents supported the Volume s POI security requirements; ii) 71.4% of the respondents were generally in favour of the PCI methodology, whilst 14.3% were in favour of the CC methodology and 14.3% were in favour of converging the two; and iii) 85.7% of the respondents would accept PCI certification for terminal approval, 14.3% would accept CC certification and 57.1% were in favour of converging certification (they could accept both certifications). Mr Blasche (VÖB/GBIC) noted that the security requirements defined in the Volume covered the market s needs to a large extent and that the definition of these requirements had been the outcome of a long negotiation process within the CSG. 3.2 Panel 1 The need for harmonised European payment products and solutions for managing a multi-country business Mr Bourron (Total) began his presentation with the key figures from his company, thereby stressing the complexity of managing and accepting different payment instruments for fuel retailers. As an integrated cross-border merchant, Total needed to be able to deploy a single POI solution in order to increase its efficiency, reduce costs and achieve greater time-to-market (TTM). He also explained that fuel retailers had specific needs in terms of integrating the special needs relating to fuel cards and the general purpose payment cards. Total had chosen to implement EPAS 10 and IFSF th Eurosystem Security Certification Forum - Summary_ Page 4 of 11

5 standards. In this context, he stressed the need for SEPA for cards to be achieved and for the pace of the convergence process of the PCI and CC security evaluation and certification methodologies to be increased. Mr Bourron appreciated the work already carried out by the CSG on the Volume, but at the same time, he expressed his concerns regarding the results of the OSEC pilot (length of the project, absence of mutual recognition between the OSEC and the PCI). With regard to terminal security, he suggested using the PCIs and working to improve faith in the PCI s methodology by means of revamping the governance and revising the requirements. Moreover, he proposed removing type approval by card schemes/approval bodies for certified terminals. Mr Joliveau (SIA) presented the views of processors active at the international level. SIA processes several payment instrument transactions in various different countries. SIA offers services aimed at reducing card fraud by means of more advanced transaction authorisation. He assessed the importance of standardisation across Europe in order to achieve economies of scale and to reduce the TTM within SEPA. The standardisation process should focus on the terminal-to-acquirer (T2A) domain rather than the acquirer-to-issuer (A2I) domain, because: i) acquirers, either directly or through their processors, are already used to using several different standards (international, domestic and private card schemes) in order to connect with issuers; ii) terminals use different protocols from country to country and also different certification requirements. Moreover, he expected market players to view migration, at equal functionality, from an existing version of ISO to a common ISO8583 version or to ISO20022, rather negatively owing to the high costs of migration, whereby the efforts would not outweigh the benefits. Mr Joliveau believed that, in the long run, the efforts to achieve greater standardisation would bring advantages to both the market and to processors, however, he noted that customisations were required to fully respond to customers requirements. 3.3 Panel 2 The different terminal security certification methodologies and the results of the OSEC pilot Ms Quentmeier (OSEC Chair; SRC) presented the results of the work of the Open Standards for Cards (OSEC) project. She illustrated the advantages of the CC methodology, listed the OSEC project participants expectations with regard to the project and described the pilot. Ms Quentmeier stressed the relevance of the terminal security certification as a key component of payment card security and described the project s developments and achievements. Moreover, Ms Quentmeier supported the idea that only one harmonised assurance level would lead to common acceptance for type approval (by card schemes or approval bodies) and that the Labelling for security certification methods, as it stands in the Volume, could lead to market fragmentation. 11 International Forecourt Standards Forum. source: 12 The ISO 8583 is a standard for financial transaction card-originated messages. Card market players operate using different customisations of this standard. 4th Eurosystem Security Certification Forum - Summary_ Page 5 of 11

6 Ms Quentmeier reflected on the outcome of the evaluation of the OSEC approach performed by the Cards Stakeholders Group. Clearly, approval bodies currently did not share a common view on the results of the OSEC approach. Therefore, the project would continue for a further two years in order to: i) complete the experience with other CC evaluation and certification pilots; ii) investigate organisational models and establish formal governance of the project; iii) improve the TTM; and iv) cooperate with PCI SSC to achieve greater convergence. Participants in the forum took stock of the achievements of the OSEC project in that: i) all European card schemes and approval bodies involved in terminal approval had participated in the project; ii) many of the new security requirements identified had also been adopted by the PCI; iii) the JTEMS 13 had been established together with all relevant parties in order to develop new requirements and processes. Ms Quentmeier stated that the CC approach achieved a higher level of security for the terminal, because the evaluation methodology was more rigorous and was based on an omni-comprehensive approach. Moreover, Ms Quentmeier proposed that a CC certificate for terminals might be used to issue a PCI certificate. The German Banking Industry Committee (GBIC), the UK Card Association and Cartes Bancaires showed their willingness to help establish a coordination body in the field of certification that might benefit from the OSEC experience. Mr Whittacker (VISA Europe) presented the PCI Pin Transaction Security s (PTS) view in this field. First, he provided an overview of the PCI process for obtaining certificates, second he presented the governance of the PCI SSC PTS Working Group, which is responsible for developing and maintaining the PCI s certification standards (PCI PTS, PCI HSM 14 and PCI PIN) as well as reviewing and making recommendations on laboratory assessments and device evaluation reports. Third, Mr Whittacker presented developments in the PCI PTS methodology over the years. An increasing number of requirements had been requested over time for the new PCI PTS version. These new requirements had been introduced partly thanks to the experience gained from the OSEC project and now it demonstrates that the PCI PTS requirements can be reused in order to meet the EPC Plus security requirements defined in the Volume. Mr Whittacker is critic in regards of the OSEC pilot results for the following reasons: i) So far there have been insufficient evaluations to prove the validity of the pilot; ii) the current pilot identified a number of divergent approaches between national certification bodies; iii) there is no recognised widespread willingness to commit resources to formalise the OSEC processes and structures; iv) it is not practical to use a CC evaluation report in order to produce a PCI certificate owing to the structure and size of the documentation. 13 JIL Terminal Evaluation Methodology Subgroup (JTEMS) is a subgroup of the Joint Interpretation Library, which suggests specific tailoring of the CC methodology for card payment terminals. 14 Hardware Security Module. 4th Eurosystem Security Certification Forum - Summary_ Page 6 of 11

7 Finally, Mr Whittacker concluded that the PCI SSC represented the right solution for a global industry (common risk appetite and tolerances) compared to a common threat, as it did not subordinate national interests. Moreover, he questioned the security assurance level of the CC evaluation compared with the PCI PTS and the convenience of adopting the CC methodology. Mr Brown (UL laboratories 15 ) introduced to the discussion the views of a laboratory involved in performing both PCI and CC tests. Mr Brown presented the UL laboratories experience during the OSEC project. UL laboratories tested a Secure Electrans terminal against the CC CAS 16 POI protection profile. During the evaluation, UL laboratories identified security issues related to the terminal software. The terminal vendor resolved these issues and the product became more secure as a result of the evaluation process. Mr Brown stated that the laboratories involved in the OSEC project had worked cooperatively (in the JTEMS) to ensure consistency of the CC approach across the different countries subject to the oversight of different national certification bodies. Mr Brown concluded that working within the framework of the OSEC pilot had been a fruitful experience. The OSEC certification model was still in the early stages of its development, and for this reason, the OSEC pilot had incurred delays and implementation issues. 3.4 Panel 3 The roadmap for harmonisation of the terminal security evaluation and certification methodologies Mr Blasche (VÖB/GBIC) introduced the German banking industry s position on the terminal security certification. He informed the forum that the GBIC had a proprietary methodology for the terminal security certification that granted a high level of security (no major security incidents for the past 20 years) and a good cost/benefit ratio. The GBIC had decided to move over to the CC methodology in order to employ a harmonised European methodology for both evaluation and certification. The GBIC thereby aimed to achieve greater convergence of the current methodologies, as foreseen in the Volume. Along the same lines as Ms Quentmeier, he also believed that the labelling of different methodologies in accordance with the Volume would not help the current situation of market fragmentation and it would, therefore, potentially lead to different/inconsistent security levels. Mr Blasche listed the reasons that had led the GBIC to use the CC as the future terminal security certification methodology: i) the evaluation is carried out using the white box approach ; 17 ii) the CC recommends the immediate coverage of all publicly known attacks; iii) a systematic approach covering the entire life-cycle is in place and the approach is open, transparent and decentralised; iv) there is repeatability, comparability and traceability of the results; and v) it is possible to have open European governance. 15 UL laboratories account for around 45% of all PCI approval on a global scale. 16 Common Approval Scheme. 17 The tester knows how the terminal is built. 4th Eurosystem Security Certification Forum - Summary_ Page 7 of 11

8 To conclude, Mr Blasche supported OSEC s pilot work, as he believes it is a workable solution. The GBIC will insist upon the usage of CC testing before granting its scheme s certification, as from Moreover, CC certification is already regarded as an agreed option. Mr Alonso (Servired) began his presentation with an overview of the Spanish market, mainly as an acquiring country making cross-border transactions. Mr Alonso supported the need for having interoperable solutions with globally active card schemes and further compliance with the Volume. In the field of terminal security certification, the Servired representative claimed that working both with the PCI and the CC required a great deal of effort, therefore, there was urgent need for harmonisation between the different methodologies. Servired had chosen to use the PCI approach, because: i) it ensures interoperability and is widely recognised; ii) the PCI SSC security requirements are consistent with the Volume. Mr Whittacker (Visa Europe) also provided Visa s view on this issue. For Visa, there was clear evidence that the results of the OSEC pilot were useful. Mr Whittacker claimed that the PCI was able to deal rapidly with the security issues of the terminals, whilst OSEC did not provide any clear timing for its certification process. Moreover, the costs of setting up a security certification infrastructure based on common criteria were not outweighed by the benefits. Visa would always request a PCI certificate, because its global platform required global rules and processes to be in place within the framework of the four-party model. Nevertheless, he recognised that the OSEC project had contributed to gaining insight into software attacks on the terminals. Mr Whittacker concluded that the major challenges for the payment card market in the future were related to the type of acceptance points and the mobile payment devices. The security level of these new environments raised new challenges for the industry, since these devices were mainly designed to respond to business needs rather than to the type of security features, particularly on the acceptance side. In this context, one of the most interesting and challenging innovations was the Host Card Emulation for NFC contactless mobile payments with the card being cloud-based. 3.5 Developments in security, the view of a vendor Mr Jacquis (Ingenico), following an introduction of the key indicators of Ingenico, proposed looking at retail payments using a new approach. Mr Jacquis presented some of the recently observed consumer behaviour trends for retail purchases, the main conclusions drawn were: i) 50% of consumers have stopped buying in shops owing to the time spent in queues; ii) 91% of consumers retrieve information online before buying in shops (excluding food). Therefore, retailers are changing the way in which they interact with consumers and finalise orders, retailers are trying to integrate the web experience into their traditional sales channels (web-to-store, store-to-web, and web-instore). Mr Jacquis indicated that security represented a major challenge in this new environment. Given that payment solutions were developing so rapidly in this sense, the security rules obviously needed to follow along the same path. In order to overcome these challenges, Mr Jacquis said that the TTM for new 4th Eurosystem Security Certification Forum - Summary_ Page 8 of 11

9 solutions should be taken into account and, in particular, the trade-off between the TTM and security, the current situation might favour new entrants which would radically innovate the payments market. Ingenico was supportive of the SEPA security certification harmonisation process and had joined the OSEC pilot. However, its feedback on the pilot was negative, because the TTM and cost efficiency criteria had not been met. 3.6 Payment card and mobile platform certification: views of the Smart Payment Association (SPA) 18 Mr Gaston (Gemalto) presented the views of the Smart Payment Association on the UICC 19 (new generation SIM card with payment capabilities) security certification. He explained all the steps required to obtain certification for the UICC. The UICC certification process lasts for several months and accounts for a significant part of the production costs. At present, card manufacturers certify their products in accordance with the schemes requirements and/or the methodology stipulated by the national security authorities. Ms Gaston stressed the fact that the EMV technology had, thus far, provided a high level of confidence and security in the face-to-face environment. Mobile payment platforms based on SIM cards, issued by a mobile network operator, currently allow for card payments using a mobile. The security level of mobile payment components should be at the same level as any standard transaction. The security certification of the UICC component raised challenges for the implementation of mobile payment programs, the main ones being: i) mobile payment applications on open platforms with different life-cycles compared with the card payment industry based mainly on closed platforms to date; ii) the renewal of the respective certifications creates synchronisation issues and uncertainty for the issuer mobile network operators (MNOs). Mr Gaston was of the opinion that the global UICC life certification process was too cumbersome. The SPA was therefore working on several initiatives in order to optimise the certification process and hence to promote payments via mobile devices. The on-going initiatives by the SPA to promote mobile payments were: i) to propose a new UICC certification process through the development of a unified UICC/payment application end-of-life policy; ii) to facilitate the dialogue between mobile telecom operators, payment schemes and banks; and iii) to explore the options for Trusted Service Managers (TSM) to improve users experience managing mobile payment applications. Moreover, Mr Gaston expressed his doubts regarding the security level ensured by the Host Card Emulation (HCE) services related to mobile payments. 18 The Smart Payment Association (SPA) is the trade body of the smart card payment industry; its members are Giesecke & Devrient, Gemalto, Oberthur Technologies, Austria Card, Incard and Morpho. With more than 975 million smart payment cards delivered by its members in 2012, the SPA represents more than 85% of the smart payment card market. Source: 19 Universal Integrated Circuit Card. 4th Eurosystem Security Certification Forum - Summary_ Page 9 of 11

10 3.7 Panel 4 Contactless technology - setting up interoperable standards in the early stages of implementation Mr Lourenco (MasterCard) introduced the last panel on contactless technology. For MasterCard, contactless technology was already a reality: there are more than 1 million cards in several countries in Europe and there are specific requirements for contactless terminals (both for the PCI and the CC). Contactless technology was designed to speed up payment, displace cash and increase card usage for low value transactions (usually below 25). Contactless cards can take different forms (cards, stickers, mobiles, wristbands, key fobs) and these multiple forms enable new electronic payments as opposed to using cash. Mr Lourenco presented the elective target for contactless products. Contactless products met the needs of consumer segments such as the affluent, mass affluent, young professionals and optimistic and emerging multicultural people. The usage of contactless products drives value, whereby speed and convenience have the greatest relevance for the payer and the payee. The business environments in which contactless products might create greater value were drugstores, fast food restaurants, supermarkets, airports and transit businesses. Mr Lourenco identified the main advantages for the payee as being the reduction of cash handling costs, the promotion of higher spending at the POI, a faster check-out and the opportunity to enable mobile payments. On the other hand, the card issuer is able to promote the frequent usage of the card, thereby increasing customer loyalty and displacing cash. At last, Mr Lourenco reported on some recent research showing that, in many countries, cash is considered to be among the dirtiest mediums, and consumers would be happy to replace it with electronic payments, mainly for the cleanliness factor. Mr Sarazin (Cartes Bancaires - CB) presented some key figures from the CB (more than 10 billion transactions in 2013). CB analysed the distribution of the payment transactions done by consumers with different instruments (cash, CB cards, cheques, and other) arranged by transaction value. The analysis showed that the wide majority of all transactions below 15 were executed in cash and that around 50% of all payment transactions were actually below this value. CB has gradually introduced contactless technology to the market over the past two years. Currently, there are more than 1 million contactless payment users with more than 2 million payments per month, CB is experiencing very strong growth in contactless transactions but still Mr Sarazin expects even stronger growth in this technology for the time to come. He said that one of the key elements for the success of contactless technology was the acceptance in the transit industry, where the speed of transaction is one of the required features of the payment instrument. CB has a full co-badged strategy with Visa and MasterCard on contactless technology. Mr Sarazin claimed that migration to SEPA standards could take around ten years, as was the case for migration to EMV. 4th Eurosystem Security Certification Forum - Summary_ Page 10 of 11

11 4. Conclusion The Chair, Mr Ruttenberg, concluded that focusing on security for card-not-present transactions was a top priority. However, reducing card fraud also depended on the physical terminal security features, given the fact that card data were often captured and stolen in the context of the physical environment. The ECB took stock of the progress made by the initiatives in the field of terminal security certification and continued to promote the harmonisation of the market with a view to creating SEPA for cards: a harmonised, competitive and innovative European card payments area. The ECB recognised the fact that a single harmonised framework for terminal security certification would be optimal. The convergence of multiple security frameworks to a chosen few was already considered to be a major achievement, given the market conditions and diverging stakeholders interests. The ECB recognised that the convergence process of the terminal security certification methodologies was not completely straightforward. In fact, there were differing interpretations of the convergence concept among stakeholders and further work was required in this area. The ECB equally recognised that major technological developments had been made in the area of electronic payment instruments and that these developments were affecting consumer behaviour at the POI. The ECB would continue to monitor developments in the field of card payment functional and security standardisation. Furthermore, the ECB would continue acting as a catalyst in the context of SEPA in order to enhance further market integration. 4th Eurosystem Security Certification Forum - Summary_ Page 11 of 11

A Guide to EMV. Version 1.0 May 2011. Copyright 2011 EMVCo, LLC. All rights reserved.

A Guide to EMV. Version 1.0 May 2011. Copyright 2011 EMVCo, LLC. All rights reserved. A Guide to EMV Version 1.0 May 2011 Objective Provide an overview of the EMV specifications and processes What is EMV? Why EMV? Position EMV in the context of the wider payments industry Define the role

More information

SEPA Security Certification Framework

SEPA Security Certification Framework www.epc-cep.eu SEPA Security Certification Framework Topic 7 for discussion 25 th COGEPS Ugo Bechis EPC - Cards Working Group Chair Cards Stakeholders Group Co-Chair Bruxelles, 10- October 20 SEPA Card

More information

Paving the way for a SEPA wide Payment Solution. The OSCar Project June 2013

Paving the way for a SEPA wide Payment Solution. The OSCar Project June 2013 Paving the way for a SEPA wide Payment Solution The OSCar Project June 2013 Agenda 1. Retailers needs and expectations (related to Payment solutions) 2. SEPA Card Standardization program contribution 3.

More information

Mobile Near-Field Communications (NFC) Payments

Mobile Near-Field Communications (NFC) Payments Mobile Near-Field Communications (NFC) Payments OCTOBER 2013 GENERAL INFORMATION American Express continues to develop its infrastructure and capabilities to support growing market interest in mobile payments

More information

EPC020-08 11.02.2015 SEPA CARDS STANDARDISATION (SCS) VOLUME

EPC020-08 11.02.2015 SEPA CARDS STANDARDISATION (SCS) VOLUME EPC020-08 11.02.2015 (Vol Ref. 7.5.1.05) SEPA CARDS STANDARDISATION (SCS) VOLUME BOOK 5 CONFORMANCE VERIFICATION PROCESSES Payments and Cash Withdrawals with Cards in SEPA Applicable Standards and Conformance

More information

Questions & Answers clarifying key aspects of the SEPA Cards Framework

Questions & Answers clarifying key aspects of the SEPA Cards Framework Doc. EPC075-08 (Version 10.0) 11 June 2008 Questions & Answers clarifying key aspects of the SEPA Cards Framework Circulation: Publicly available Restricted: No SEPA a Guide to the Single Euro Payments

More information

4 PAYMENT CARD SECURITY IN THE CONTEXT OF EUROPEAN HARMONISATION

4 PAYMENT CARD SECURITY IN THE CONTEXT OF EUROPEAN HARMONISATION 4 PAYMENT CARD SECURITY IN THE CONTEXT OF EUROPEAN HARMONISATION The Observatory for Payment Cards Security took note of the development in 2005 of two proposals for harmonising card payments in Europe.

More information

U.S. Smart Card Migration: Stripe to EMV Claudia Swendseid, Federal Reserve Bank of Minneapolis Terry Dooley, SHAZAM Kristine Oberg, Elavon

U.S. Smart Card Migration: Stripe to EMV Claudia Swendseid, Federal Reserve Bank of Minneapolis Terry Dooley, SHAZAM Kristine Oberg, Elavon U.S. Smart Card Migration: Stripe to EMV Claudia Swendseid, Federal Reserve Bank of Minneapolis Terry Dooley, SHAZAM Kristine Oberg, Elavon UMACHA Navigating Payments 2014 October 8, 2014 Who We Are Claudia

More information

Corporate Launch Event October 27, Brussels

Corporate Launch Event October 27, Brussels Corporate Launch Event October 27, Brussels Driving Interoperability in Card Payments 2 1 Terms of Reference Payment - the action of paying or the process of being paid - a set of rules governing the exchange

More information

Roadmap for the Single Euro Payments Area

Roadmap for the Single Euro Payments Area www.europeanpaymentscouncil.eu Roadmap for the Single Euro Payments Area Status and progress Gerard Hartsink Chair - European Payments Council Raad Nederlandse Detailhandel Utrecht, 28 augustus 2009 Agenda

More information

Transaction Security. Test & Certification and Security Evaluation

Transaction Security. Test & Certification and Security Evaluation Transaction Security Test & Certification and Security Evaluation Your independent, trusted partner for transaction security technology Welcome to UL UL is a world leader in advancing safety with over

More information

TERMS OF REFERENCE FOR THE SEPA COMPLIANCE OF CARD SCHEMES

TERMS OF REFERENCE FOR THE SEPA COMPLIANCE OF CARD SCHEMES 4 March 2009 TERMS OF REFERENCE FOR THE SEPA COMPLIANCE OF CARD SCHEMES The Eurosystem supports the creation of the Single Euro Payments Area (SEPA) which will enable retail payments in euro to be made

More information

JTEMS - a technical community for the evaluation of payment terminals. Sandro Amendola, SRC Ingo Hahlen, BSI 11 th ICCC, Turkey

JTEMS - a technical community for the evaluation of payment terminals. Sandro Amendola, SRC Ingo Hahlen, BSI 11 th ICCC, Turkey - a technical community for the evaluation of payment terminals Sandro Amendola, SRC Ingo Hahlen, BSI 11 th ICCC, Turkey Outline of the presentation Example for a technical CC-community apart from smart

More information

Transaction Security. Training Academy

Transaction Security. Training Academy Transaction Security Training Academy Your independent, trusted partner for transaction security technology Welcome to UL UL is a world leader in advancing safety with over a hundred years of history.

More information

ECB-RESTRICTED. Card payments in Europe a renewed focus on SEPA for cards

ECB-RESTRICTED. Card payments in Europe a renewed focus on SEPA for cards ECB-RESTRICTED Card payments in Europe a renewed focus on SEPA for cards COGEPS 11 March 2014 SEPA WHERE DO WE STAND SEPA migration end-date (1 February 2014) was a key milestone (regardless of the additional

More information

1i. What other gaps or opportunities not mentioned in the paper could be addressed to make improvements to the U.S. payment system?

1i. What other gaps or opportunities not mentioned in the paper could be addressed to make improvements to the U.S. payment system? Name: LORENZO GASTON Organization: SMART PAYMENT ASSOCIATION (SPA) Industry Segment: Technology Solution Provider/Processor General 1. Are you in general agreement with the payment system gaps and opportunities

More information

The Adoption of EMV Technology in the U.S. By Dave Ewald Global Industry Sales Consultant Datacard Group

The Adoption of EMV Technology in the U.S. By Dave Ewald Global Industry Sales Consultant Datacard Group The Adoption of EMV Technology in the U.S. By Dave Ewald Global Industry Sales Consultant Datacard Group Abstract: Visa Inc. and MasterCard recently announced plans to accelerate chip migration in the

More information

INTRODUCTION AND HISTORY

INTRODUCTION AND HISTORY INTRODUCTION AND HISTORY EMV is actually younger than we all may think as it only became available, as a specification that could be implemented, in 1996. The evolution of EMV can be seen in the development

More information

It is a great pleasure for me to be here in Madrid to share with you some

It is a great pleasure for me to be here in Madrid to share with you some Recent developments and policy challenges affecting large-value and retail payment systems in Europe Banque de France It is a great pleasure for me to be here in Madrid to share with you some thoughts

More information

EMV and Small Merchants:

EMV and Small Merchants: September 2014 EMV and Small Merchants: What you need to know Mike English Executive Director, Product Development Heartland Payment Systems 2014 Heartland Payment Systems, Inc. All trademarks, service

More information

A Guide to EMV Version 1.0 May 2011

A Guide to EMV Version 1.0 May 2011 Table of Contents TABLE OF CONTENTS... 2 LIST OF FIGURES... 4 1 INTRODUCTION... 5 1.1 Purpose... 5 1.2 References... 5 2 BACKGROUND... 6 2.1 What is EMV... 6 2.2 Why EMV... 7 3 THE HISTORY OF EMV... 8

More information

Payments Transformation - EMV comes to the US

Payments Transformation - EMV comes to the US Accenture Payment Services Payments Transformation - EMV comes to the US In 1993 Visa, MasterCard and Europay (EMV) came together and formed EMVCo 1 to tackle the global challenge of combatting fraudulent

More information

A RE T HE U.S. CHIP RULES ENOUGH?

A RE T HE U.S. CHIP RULES ENOUGH? August 2015 A RE T HE U.S. CHIP RULES ENOUGH? A longer term view of security and the payments landscape is needed. Abstract: The United States is finally modernizing its card payment systems and confronting

More information

welcome to liber8:payment

welcome to liber8:payment liber8:payment welcome to liber8:payment Our self-service kiosks free up staff time and improve the overall patron experience. liber8:payment further enhances these benefits by providing the convenience

More information

PCI and EMV Compliance Checkup

PCI and EMV Compliance Checkup PCI and EMV Compliance Checkup ATM Security Jim Pettitt Director, ATM Security Diebold Incorporated Agenda ATM threats today Top of mind risk PCI Impact on Security U.S. EMV Migration Conclusions / recommendations

More information

Mobile Payment: The next step of secure payment VDI / VDE-Colloquium. Hans-Jörg Frey Senior Product Manager May 16th, 2013

Mobile Payment: The next step of secure payment VDI / VDE-Colloquium. Hans-Jörg Frey Senior Product Manager May 16th, 2013 Mobile Payment: The next step of secure payment VDI / VDE-Colloquium May 16th, 2013 G&D has been growing through continuous innovation Server software and services Token and embedded security Cards for

More information

Transaction Security. Advisory Services

Transaction Security. Advisory Services Transaction Security Advisory Services Your independent, trusted partner for transaction security technology Welcome to UL UL is a world leader in advancing safety with over a hundred years of history.

More information

EPC020-08 11.02.2015 SEPA CARDS STANDARDISATION (SCS) VOLUME

EPC020-08 11.02.2015 SEPA CARDS STANDARDISATION (SCS) VOLUME EPC020-08 11.02.2015 (Vol Ref. 7.7.0.05) 1 2 3 4 5 6 7 8 9 10 11 12 13 SEPA CARDS STANDARDISATION (SCS) VOLUME BOOK 7 CARDS PROCESSING FRAMEWORK Payments and Cash Withdrawals with Cards in SEPA Applicable

More information

1 ARE PCI SECURITY MEASURES SUITED TO THE FRENCH MARKET?

1 ARE PCI SECURITY MEASURES SUITED TO THE FRENCH MARKET? 1 ARE PCI SECURITY MEASURES SUITED TO THE FRENCH MARKET? As part of its task of monitoring the security policies implemented by issuers and acquirers, the Observatory conducted an assessment in 2010 to

More information

THE FIVE Ws OF EMV BY DAVE EWALD GLOBAL EMV CONSULTANT AND MANAGER DATACARD GROUP

THE FIVE Ws OF EMV BY DAVE EWALD GLOBAL EMV CONSULTANT AND MANAGER DATACARD GROUP THE FIVE Ws OF EMV BY DAVE EWALD GLOBAL EMV CONSULTANT AND MANAGER DATACARD GROUP WHERE IS THE U.S. PAYMENT CARD INDUSTRY NOW? WHERE IS IT GOING? Today, payment and identification cards of all types (credit

More information

BGS MOBILE PLATFORM HCE AND CLOUD BASED PAYMENTS

BGS MOBILE PLATFORM HCE AND CLOUD BASED PAYMENTS HCE AND CLOUD BASED PAYMENTS 1 Contactless payments are vital for further development of the payment industry. More than 3 mln POS terminals around the globe can accept contactless payments. Mobile phones

More information

EuroCommerce position paper Online e-payments

EuroCommerce position paper Online e-payments EuroCommerce position paper Online e-payments 16 September 2011 EuroCommerce welcomes the opportunity to comment on online payment issues. We carried out a brief members' survey and consulted within the

More information

Visa Recommended Practices for EMV Chip Implementation in the U.S.

Visa Recommended Practices for EMV Chip Implementation in the U.S. CHIP ADVISORY #20, UPDATED JULY 11, 2012 Visa Recommended Practices for EMV Chip Implementation in the U.S. Summary As issuers, acquirers, merchants, processors and vendors plan and begin programs to adopt

More information

Private Label Payment Systems. White Label Systems

Private Label Payment Systems. White Label Systems Private Label Payment Systems White Label Systems 15 November 2011 Contents 1. Executive summary... 3 2. Introduction... 4 2.1. Scope... 4 2.2. Audience... 4 2.3. Smart cards as a security standard...

More information

Your Partner for European Payment Processing

Your Partner for European Payment Processing Your Partner for European Payment Processing A state-of-the-art platform built to support European diversity We believe that SEPA and domestic instruments will co-exist for some time, and both need to

More information

Payments and Withdrawals with Cards in SEPA Applicable Standards and Certification Process

Payments and Withdrawals with Cards in SEPA Applicable Standards and Certification Process Doc: EPC020-08 14 December 2011 (Version 6.0) SEPA CARDS STANDARDISATION (SCS) VOLUME BOOK OF REQUIREMENTS Payments and Withdrawals with Cards in SEPA Applicable Standards and Certification Process Abstract

More information

European Commission Green Paper on card, mobile and e- payments

European Commission Green Paper on card, mobile and e- payments European Commission Green Paper on card, mobile and e- payments A Cicero Consulting Special Report 2 Contents page Cicero Introduction Page 3 Current payments landscape Page 5 Objectives Page 5 Possible

More information

Payment Card Fraud in the European Union Perspective of Law Enforcement Agencies

Payment Card Fraud in the European Union Perspective of Law Enforcement Agencies images: Fotolia Situation Report - Payment Card Fraud 2012 Public Version Situation Report Payment Card Fraud in the European Union Perspective of Law Enforcement Agencies This Europol product analyses

More information

Asian Payment Card Forum

Asian Payment Card Forum Information Brochure Asian Payment Card Forum 19-20 October, Meliá Hanoi Hotel, Vietnam Converging Payments to a Digital Commerce Future Focus The Roadmap for Consumer Payments Today From Contactless to

More information

Table of Contents TABLE OF CONTENTS 2 PAYMENT CARDS TECHNOLOGY: MAGNETIC STRIPE VERSUS INTEGRATED CHIP...4

Table of Contents TABLE OF CONTENTS 2 PAYMENT CARDS TECHNOLOGY: MAGNETIC STRIPE VERSUS INTEGRATED CHIP...4 Table of Contents TABLE OF CONTENTS TABLE OF CONTENTS... 1-1 SECTION ONE: BACKGROUND...3 1 INTRODUCTION...3 2 PAYMENT CARDS TECHNOLOGY: MAGNETIC STRIPE VERSUS INTEGRATED CHIP...4 3 TYPES OF PAYMENT CARD

More information

Euro Retail Payment Board

Euro Retail Payment Board CSG 044-15 (v1.0) Euro Retail Payment Board SEPA Card Standardisation Stock Taking Exercise & Implementation plan Progress Report 29 June 2015 CSG Secretariat - Cours Saint-Michel 30 A - B 1040 Brussels

More information

American Express Contactless Payments

American Express Contactless Payments PRODUCT CAPABILITY GUIDE American Express Contactless Payments American Express Contactless Payments Help Enable Increased Convenience For Card Members At The Point Of Sale American Express contactless

More information

Irmfried Schwimann. Acting Director 'Financial services and Health-related markets' European Commission, DG Competition. SEPA and competition

Irmfried Schwimann. Acting Director 'Financial services and Health-related markets' European Commission, DG Competition. SEPA and competition Irmfried Schwimann Acting Director 'Financial services and Health-related markets' European Commission, DG Competition SEPA and competition European Payment Council, Coordination Committee offsite meeting

More information

Position Paper e-payments

Position Paper e-payments Position Paper e-payments 10 Recommendations for a Stronger e-payments Landscape in Europe www.ecommerce-europe.eu POSITION PAPER 3 Introduction: Ecommerce Europe Ecommerce Europe (www.ecommerce-europe.eu)

More information

JTEMS A Community for the Evaluation and Certification of Payment Terminals

JTEMS A Community for the Evaluation and Certification of Payment Terminals JTEMS A Community for the Evaluation and Certification of Payment Terminals Jürgen Blum, Federal Office for Information Security (BSI), Germany 14 th ICCC, USA Outline Brief overview: What is JTEMS? Who

More information

PCI DSS Compliance Services January 2016

PCI DSS Compliance Services January 2016 PCI DSS Compliance Services January 2016 20160104-Galitt-PCI DSS Compliance Services.pptx Agenda 1. Introduction 2. Overview of the PCI DSS standard 3. PCI DSS compliance approach Copyright Galitt 2 Introduction

More information

Visa Europe Our response to the European Commission s proposed regulation of interchange fees for card-based payment transactions

Visa Europe Our response to the European Commission s proposed regulation of interchange fees for card-based payment transactions Visa Europe Our response to the European Commission s proposed regulation of interchange fees for card-based payment transactions Executive summary On 24 July 2013 the European Commission published a proposal

More information

European Payment Card Systems for the 21 st Century. A paper from MasterCard Europe

European Payment Card Systems for the 21 st Century. A paper from MasterCard Europe U European Payment Card Systems for the 21 st Century A paper from MasterCard Europe For four decades, MasterCard Europe 1 has been working successfully with European banks to deliver secure, efficient

More information

Position Paper Ecommerce Europe. E-Payments 2012

Position Paper Ecommerce Europe. E-Payments 2012 Position Paper Ecommerce Europe E-Payments 2012 Contents Introduction: Ecommerce Europe 3 1. Payments from the merchants perspective 5 2. Market outlook 6 3. Card-based payments and related fraud issues

More information

The Canadian Migration to EMV. Prepared By:

The Canadian Migration to EMV. Prepared By: The Canadian Migration to EMV Prepared By: December 1993 Everyone But The USA Is Migrating The international schemes decided Smart Cards are the way forward Europay, MasterCard & Visa International Produced

More information

We make cards and payments work for people as a part of everyday life. We bring information to life

We make cards and payments work for people as a part of everyday life. We bring information to life We make cards and payments work for people as a part of everyday life We bring information to life 2 EVRY is a leading IT company in the Nordic region. Through advice, technology and solutions, EVRY brings

More information

Securing the future of mobile services. SIMalliance Open Mobile API. An Introduction v2.0. Security, Identity, Mobility

Securing the future of mobile services. SIMalliance Open Mobile API. An Introduction v2.0. Security, Identity, Mobility 1 An Introduction v2.0 September 2015 Document History 2 Version Date Editor Remarks 1.0 06/04/2011 OMAPI Working Group Public release 2.0 27/09/2015 OMAPI Working Group Public release Copyright 2015 SIMalliance

More information

AUSTRALIAN PAYMENTS FRAUD DETAILS AND DATA

AUSTRALIAN PAYMENTS FRAUD DETAILS AND DATA Australian Payments Clearing Association AUSTRALIAN PAYMENTS FRAUD DETAILS AND DATA 214 Australian Payments Clearing Association Limited ABN 12 55 136 519 CONTENTS OVERVIEW 1 SECTION 1 Fraud rates 4 SECTION

More information

Unleashing the Power of Smart Payment

Unleashing the Power of Smart Payment Unleashing the Power of Smart Payment Brian Russell, Smart Payment Association (SPA) Representative and Senior Vice President, Payment and Transit, Giesecke & Devrient April 2013 V5 (MaMo V2.7) Agenda

More information

EMV in Hotels Observations and Considerations

EMV in Hotels Observations and Considerations EMV in Hotels Observations and Considerations Just in: EMV in the Mail Customer Education: Credit Card companies have already started customer training for the new smart cards. 1 Questions to be Answered

More information

EC - Green Paper Towards an integrated European market for card, internet and mobile payments European Payments Council Response

EC - Green Paper Towards an integrated European market for card, internet and mobile payments European Payments Council Response EPC079-12 Version 1.0 Date issued: 6 April 2012 EPC EC - Green Paper Towards an integrated European market for card, internet and mobile payments European Payments Council Response Circulation: Public

More information

Terms of Reference of the SEPA Cards Certification Management Body (SCCMB)

Terms of Reference of the SEPA Cards Certification Management Body (SCCMB) Terms of Reference of the SEPA Cards Certification Management Body (SCCMB) Draft V1.0.1 2 nd June 2015 1 DEFINITIONS A Card Payment Scheme/Approval Body is an organisation that is subject to Oversight

More information

World-wide trends in innovation on the acquiring side

World-wide trends in innovation on the acquiring side World-wide trends in innovation on the acquiring side CPSS-World Bank retail payments forum Perugia, March 19 th 2013 Edgar, Dunn & Company, 2013 Yogesh Oka Yogesh.Oka@edgardunn.com David Poe David.Poe@edgardunn.com

More information

Meet The Family. Payment Security Standards

Meet The Family. Payment Security Standards Meet The Family Payment Security Standards Meet The Family Payment Security Standards Payment Processing Electronic payments are increasingly becoming part of our everyday lives. For most people, it can

More information

Asian Payment Card Forum Growing the Business: Launching Successful Consumer Payments Products

Asian Payment Card Forum Growing the Business: Launching Successful Consumer Payments Products Asian Payment Card Forum Growing the Business: Launching Successful Consumer Payments Products Dusit Thani Hotel, Bangkok, Thailand September 201 Information Brochure Focus in 2014 Payment Card Technology

More information

Wayne EMV Solutions. Protect your business with a complete EMV Solution inside and out.

Wayne EMV Solutions. Protect your business with a complete EMV Solution inside and out. Wayne EMV Solutions Protect your business with a complete EMV Solution inside and out. The transition to Europay, MasterCard, Visa (EMV) standards: Significantly reduce your risk of payment card fraud

More information

for CONSUMERS Information on the SINGLE EURO PAYMENTS AREA

for CONSUMERS Information on the SINGLE EURO PAYMENTS AREA Version 5.0 - February 2014 for CONSUMERS Information on the SINGLE EURO PAYMENTS AREA All you need to know about SEPA EPC Shortcut Series* Shortcut to SEPA Shortcut to the SEPA Direct Debit Schemes Shortcut

More information

HCE and SIM Secure Element:

HCE and SIM Secure Element: HCE and SIM Secure Element: It s not black and white A Discussion Paper from Consult Hyperion Supported by: Date: June 2014 Authors: Steve Pannifer, Dick Clark, Dave Birch steve.pannifer@chyp.com Consult

More information

What is SEPA? Fact Sheet. Streamlining Payments in Europe

What is SEPA? Fact Sheet. Streamlining Payments in Europe Fact Sheet Streamlining Payments in Europe The Single Euro Payments Area (SEPA) is the area where citizens, companies and other economic players will be able to make and receive payments in euros (whether

More information

EMV Migration and Certification in the U.S. UL's View on Optimizing EMV Brand Certification Processes

EMV Migration and Certification in the U.S. UL's View on Optimizing EMV Brand Certification Processes EMV Migration and Certification in the U.S. UL's View on Optimizing EMV Brand Certification Processes EMV Migration and Certification in the U.S. UL's View on Optimizing EMV Brand Certification Processes

More information

What is EMV? What is different?

What is EMV? What is different? U.S. consumers are receiving new debit and credit cards with embedded chip technology that better stores and protects cardholder information. These new chip cards are part of the new card standard, Europay,

More information

A stocktaking of measures

A stocktaking of measures LA FINANCE SOLIDAIRE CHAPTER OU ÉTHIQUE 1 A stocktaking of measures to protect online card payments 13 13 The Observatory regularly monitors fraud in card-not-present (CNP) payments, which amounted to

More information

EPC SEPA CARDS STANDARDISATION (SCS) VOLUME

EPC SEPA CARDS STANDARDISATION (SCS) VOLUME EPC020-08 08.12.2015 (Vol Ref. 7.7.1.1) SEPA CARDS STANDARDISATION (SCS) VOLUME BOOK 7 CARDS PROCESSING FRAMEWORK Payments and Cash Withdrawals with Cards in SEPA Applicable Standards and Conformance Processes

More information

Interoperable Mobile Payment A Requirements-Based Architecture

Interoperable Mobile Payment A Requirements-Based Architecture Interoperable Mobile Payment A Requirements-Based Architecture Dr. Manfred Männle Encorus Technologies GmbH; product management Payment Platform Summary: Existing payment methods like cash and debit/credit

More information

THIRD REPORT ON CARD FRAUD

THIRD REPORT ON CARD FRAUD THIRD REPORT ON CARD FRAUD February 14 F e b r u a ry 14 In 14 all publications feature a motif taken from the banknote. European Central Bank, 14 Address Kaiserstrasse 29 6311 Frankfurt am Main Germany

More information

Payment Card Industry (PCI) Data Security Standard. PCI DSS Applicability in an EMV Environment A Guidance Document Version 1

Payment Card Industry (PCI) Data Security Standard. PCI DSS Applicability in an EMV Environment A Guidance Document Version 1 Payment Card Industry (PCI) Data Security Standard PCI DSS Applicability in an EMV Environment A Guidance Document Version 1 Release date: 5 October 2010 Table of Contents 1 Executive Summary... 3 1.1

More information

ESBG amendment proposals Regulation on interchange fees for card-based payment transactions

ESBG amendment proposals Regulation on interchange fees for card-based payment transactions ESBG amendment proposals Regulation on interchange fees for card-based payment transactions November 2013 Doc 1059/2013/Vers 1.0 NBI ESBG amendment proposals Regulation on interchange fees for card-based

More information

Euronet s Contactless Solution

Euronet s Contactless Solution Serving millions of people worldwide with electronic payment convenience. Euronet s Contactless Solution Fast, Secure and Convenient Transactions with No Swiping, PIN or Signature Copyright 2011 Euronet

More information

ACI TOKEN MANAGER FOR MOBILE: TOKEN SERVICE PROVISION, HCE AND EMBEDDED SECURE ELEMENT IN THE CLOUD

ACI TOKEN MANAGER FOR MOBILE: TOKEN SERVICE PROVISION, HCE AND EMBEDDED SECURE ELEMENT IN THE CLOUD DELIVERS PEACE OF MIND PRODUCT FLYER ACI TOKEN MANAGER FOR MOBILE: TOKEN SERVICE PROVISION, HCE AND EMBEDDED SECURE ELEMENT IN THE CLOUD ENABLE FULL SUPPORT OF THE MOBILE PAYMENTS PROCESS FOR EMBEDDED

More information

Fourth report on card fraud

Fourth report on card fraud Fourth report on card fraud July 2015 Contents Executive summary 2 1 Introduction 5 2 Total level of card fraud 7 3 Card fraud according to different card functions 9 4 CNP fraud 10 Box 1 Fraud migration

More information

EMP's vision is to be the leading electronic payments processing company in the emerging markets of Africa and the Middle East.

EMP's vision is to be the leading electronic payments processing company in the emerging markets of Africa and the Middle East. EMP's vision is to be the leading electronic payments processing company in the emerging markets of Africa and the Middle East. EMP's mission is to be at the forefront of the region's electronic payments

More information

Position Paper. issuers. how to leverage EC s regulation proposal. on interchange fees for card-based payment transactions

Position Paper. issuers. how to leverage EC s regulation proposal. on interchange fees for card-based payment transactions Position Paper issuers how to leverage EC s regulation proposal on interchange fees for card-based payment transactions The issuing landscape has dramatically changed over the last few years increased

More information

Il Ruolo della Tecnologia: l importanza delle scelte e l ottimizzazione dei costi SIAnet for SEPA! Giacomo BUICO Network Services Director

Il Ruolo della Tecnologia: l importanza delle scelte e l ottimizzazione dei costi SIAnet for SEPA! Giacomo BUICO Network Services Director Il Ruolo della Tecnologia: l importanza delle scelte e l ottimizzazione dei costi SIAnet for SEPA! Giacomo BUICO Network Services Director sia-ssb 2007 SEPA Topics SEPA impacts technology, legislation

More information

Your Reference Guide to EMV Integration: Understanding the Liability Shift

Your Reference Guide to EMV Integration: Understanding the Liability Shift Your Reference Guide to EMV Integration: Understanding the Liability Shift UNDERSTANDING EMV EMVCo was formed in February 1999 by Europay, MasterCard and Visa to establish and maintain global interoperability

More information

Or the. EPASOrg Annual Conference 2014. ISO 20022 card payment standards development. William VANOBBERGHEN, Secretary General, EPASOrg

Or the. EPASOrg Annual Conference 2014. ISO 20022 card payment standards development. William VANOBBERGHEN, Secretary General, EPASOrg EPASOrg Annual Conference 2014 ISO 20022 card payment standards development Or the William VANOBBERGHEN, Secretary General, EPASOrg 9 October 2014 Gresham Palace, Budapest Business drivers Lack of interoperability

More information

Position Paper - Acquirers. acquire. maximum business advantage. from new EU Regulation on interchange. fees for card-based payment transactions

Position Paper - Acquirers. acquire. maximum business advantage. from new EU Regulation on interchange. fees for card-based payment transactions Position Paper - Acquirers acquire maximum business advantage from new EU Regulation on interchange fees for card-based payment transactions The payment landscape has changed a lot over the last few years.

More information

Re-engineering Debit: The Missing SEPA Blueprint

Re-engineering Debit: The Missing SEPA Blueprint Re-engineering Debit: The Missing SEPA Blueprint ARTICLE Peter Jones Managing Director PSE Consulting (Payment Systems Europe) 14 th March 2005 As the plan for a Single Euro(pean) Payments Area (SEPA)

More information

ERPB FINAL REPORT MOBILE AND CARD-BASED CONTACTLESS PROXIMITY PAYMENTS

ERPB FINAL REPORT MOBILE AND CARD-BASED CONTACTLESS PROXIMITY PAYMENTS ERPB/2015/016 Document ERPB CTLP 70-15 Version 1.1 Date: 5 November 2015 ERPB FINAL REPORT MOBILE AND CARD-BASED CONTACTLESS PROXIMITY PAYMENTS Abstract Document Reference ERPB CTLP 70-15 Issue Version

More information

It is both an honour and a pleasure for me to be here and to celebrate with

It is both an honour and a pleasure for me to be here and to celebrate with Drivers for change in payment and securities settlement systems Gertrude Tumpel-Gugerell European Central Bank Introduction It is both an honour and a pleasure for me to be here and to celebrate with you

More information

Android pay. Frequently asked questions

Android pay. Frequently asked questions Android pay Frequently asked questions June 2015 Android Pay - FAQs In May 2015, Android Pay was announced by Google. Android Pay is Google s payments solution that allows consumers to do in-store and

More information

ACQUIRER OR ACQUIRING BANK A financial institution (often a bank) where a merchant has an account to process transactions and card payments

ACQUIRER OR ACQUIRING BANK A financial institution (often a bank) where a merchant has an account to process transactions and card payments A TO Z JARGON BUSTER A ACQUIRER OR ACQUIRING BANK A financial institution (often a bank) where a merchant has an account to process transactions and card payments ATM Automated Teller Machine. Unattended,

More information

Payments Package: Questions and Answers

Payments Package: Questions and Answers Payments Package: Questions and Answers Date: November 2013 Contact: Ruth Milligan, T: +32 2 737 05 95, milligan@eurocommerce.be A. Introduction The Commission published its Payments Package on 24 July

More information

Community Financial Institution EMV Readiness

Community Financial Institution EMV Readiness Community Financial Institution EMV Readiness EMV is a trademark owned by EMVCo LLC 2014 First Data Corporation. All Rights Reserved. Copyright 2014 First Data Corporation EMV Timeline 2011: EMV technology

More information

Euronet s EMV Chip Solutions Superior Protection with Enhanced Security against Fraud

Euronet s EMV Chip Solutions Superior Protection with Enhanced Security against Fraud Serving millions of people worldwide with electronic payment convenience. Euronet s EMV Chip Solutions Superior Protection with Enhanced Security against Fraud Copyright 2011 Euronet Worldwide, Inc. All

More information

THE SINGLE EURO PAYMENTS AREA (SEPA) AN INTEGRATED RETAIL PAYMENTS MARKET

THE SINGLE EURO PAYMENTS AREA (SEPA) AN INTEGRATED RETAIL PAYMENTS MARKET THE SINGLE EURO PAYMENTS AREA (SEPA) AN INTEGRATED RETAIL PAYMENTS MARKET Contents Foreword 3 Introduction 4 1. Creating SEPA 5 Overview of SEPA 5 Stakeholders 5 Why SEPA? 6 What has been achieved so far?

More information

Bilateral and Multilateral Processing of Card Transactions in Europe. A Card Scheme Independent Message Standard. White Paper

Bilateral and Multilateral Processing of Card Transactions in Europe. A Card Scheme Independent Message Standard. White Paper THE Berlin GROUP A EUROPEAN INITIATIVE FOR CARD PAYMENTS IN EUROPE Bilateral and Multilateral Processing of Card Transactions in Europe A Card Scheme Independent Message Standard White Paper 25/02/2009

More information

A Brand New Checkout Experience

A Brand New Checkout Experience A Brand New Checkout Experience EMV Transformation EMV technology is transforming the U.S. payment industry, bringing a whole new experience to the checkout counter. Introduction What is EMV? It s 3 small

More information

A Brand New Checkout Experience

A Brand New Checkout Experience A Brand New Checkout Experience EMV Transformation EMV technology is transforming the U.S. payment industry, bringing a whole new experience to the checkout counter. Introduction What is EMV? It s 3 small

More information

Competition policy brief

Competition policy brief Issue 2015-3 June 2015 ISBN 978-92-79-38783-8, ISSN: 2315-3113 Competition policy brief Occasional discussion papers by the Competition Directorate General of the European Commission The Interchange Fees

More information

Suzanne Lynch Professor of Practice Economic Crime Utica College sl6-15 1

Suzanne Lynch Professor of Practice Economic Crime Utica College sl6-15 1 Suzanne Lynch Professor of Practice Economic Crime Utica College sl6-15 1 The most significant trend is decreasing paper payments and increasing electronic payments. Many organizations are also seeing

More information

Mobile Financial Services

Mobile Financial Services Mobile Financial Services CANTO AGM 2014 January 27, 2014 27 janvier 2014 1 Agenda MoreMagic and Oberthur Technologies International TopUp and White label The Digital Revolution The Caribbean Opportunity

More information

OT PRODUCTS AND SOLUTIONS EMV-IN-A-BOX

OT PRODUCTS AND SOLUTIONS EMV-IN-A-BOX OT PRODUCTS AND SOLUTIONS EMV-IN-A-BOX FOR A SMOOTH MIGRATION EMV DUAL INTERFACE CARDS WILL REPRESENT 50% OF 2016 SHIPMENTS FRAUD PERCENTAGE IS DIVIDED BY 6 IN EMV COUNTRIES COMPARED TO WORLDWIDE AVERAGE

More information

EPC178-10 Version 2.0

EPC178-10 Version 2.0 EPC178-10 Version 2.0 MOBILE CONTACTLESS SEPA CARD PAYMENTS INTEROPERABILITY IMPLEMENTATION GUIDELINES Abstract This document provides guidance for the implementation of Mobile Contactless SEPA Card Payments

More information

OpenEdge Research & Development Group April 2015

OpenEdge Research & Development Group April 2015 2015: Security, Merchant Readiness & the Coming Liability Shift OpenEdge Research & Development Group April 2015 solutions@openedgepay.com openedgepay.com 2015: Security, Merchant Table of Contents The

More information