DATA SECURITY, FRAUD PREVENTION AND COMPLIANCE

Save this PDF as:

Size: px
Start display at page:

Download "DATA SECURITY, FRAUD PREVENTION AND COMPLIANCE"

Transcription

1 DATA SECURITY, FRAUD PREVENTION AND COMPLIANCE December 2015 English_General This presentation was prepared exclusively for the benefit and internal use of the J.P. Morgan client or potential client to whom it is directly delivered and/or addressed (including subsidiaries and affiliates, the Company ) in order to assist the Company in evaluating, on a preliminary basis, the feasibility of a possible transaction or transactions or other business relationship and does not carry any right of publication or disclosure, in whole or in part, to any other party. This presentation is for discussion purposes only and is incomplete without reference to, and should be viewed solely in conjunction with, the oral briefing provided by J.P. Morgan. Neither this presentation nor any of its contents may be disclosed or used for any other purpose without the prior written consent of J.P. Morgan. DATA SECURITY, FRAUD PREVENTION AND COMPLIANCE To the extent that the information in this presentation is based upon any management forecasts or other information supplied to us by or on behalf of the Company, it reflects such information as well as prevailing conditions and our views as of this date, all of which are accordingly subject to change. J.P. Morgan s opinions and estimates constitute J.P. Morgan s judgment and should be regarded as indicative, preliminary and for illustrative purposes only. In preparing this presentation, we have relied upon and assumed, without independent verification, the accuracy and completeness of all information available from public sources or which was provided to us by or on behalf of the Company or which was otherwise reviewed by us. J.P. Morgan makes no representations as to the actual value which may be received in connection with a transaction nor the legal, tax or accounting effects of consummating a transaction. Unless expressly contemplated hereby, the information in this presentation does not take into account the effects of a possible transaction or transactions involving an actual or potential change of control, which may have significant valuation and other effects. Notwithstanding anything herein to the contrary, the Company and each of its employees, representatives or other agents may disclose to any and all persons, without limitation of any kind, the U.S. federal and state income tax treatment and the U.S. federal and state income tax structure (if applicable) of the transactions contemplated hereby and all materials of any kind (including opinions or other tax analyses) that are provided to the Company insofar as such treatment and/or structure relates to a U.S. federal or state income tax strategy provided to the Company by J.P. Morgan. J.P. Morgan's policies on data privacy can be found at IRS Circular 230 Disclosure: JPMorgan Chase & Co. and its affiliates do not provide tax advice. Accordingly, any discussion of U.S. tax matters included herein (including any attachments) is not intended or written to be used, and cannot be used, in connection with the promotion, marketing or recommendation by anyone not affiliated with JPMorgan Chase & Co. of any of the matters addressed herein or for the purpose of avoiding U.S. tax-related penalties. Chase, JPMorgan and JPMorgan Chase are marketing names for certain businesses of JPMorgan Chase & Co. and its subsidiaries worldwide (collectively, JPMC ) and if and as used herein may include as applicable employees or officers of any or all of such entities irrespective of the marketing name used. Products and services may be provided by commercial bank affiliates, securities affiliates or other JPMC affiliates or entities. In particular, securities brokerage services other than those which can be provided by commercial bank affiliates under applicable law will be provided by registered broker/dealer affiliates such as J.P. Morgan Securities LLC or J.P. Morgan Institutional Investments Inc. or by such other affiliates as may be appropriate to provide such services under applicable law. Such securities are not deposits or other obligations of any such commercial bank, are not guaranteed by any such commercial bank and are not insured by the Federal Deposit Insurance Corporation. Not all products and services are available in all geographic areas. Eligibility for particular products and services is subject to final determination by JPMC and or its affiliates/subsidiaries. This presentation does not constitute a commitment by any JPMC entity to extend or arrange credit or to provide any other services. 1

2 Learning objectives After attending this session, you will better understand How PCI compliance fits into an information security culture The latest technology available to help protect the data in your environment The role of EMV as a fraud prevention measure DATA SECURITY, FRAUD PREVENTION AND COMPLIANCE How implementing data security and fraud prevention measures can help decrease risk while maintaining or improving the resident s experience 1 Agenda PCI Compliance and Data Security 2 Data Security Solutions 8 Fraud Prevention 14 DATA SECURITY, FRAUD PREVENTION AND COMPLIANCE 2 2

3 Threats are outpacing most organizations ability to secure their infrastructure 783 Breaches reported in 2014; an increase of 27.5% from ,428,956 Records that were breached in 4,538 data breaches made public since % Percentage of companies NOT fully compliant with all 12 PCI standard requirements 3 PCI COMPLIANCE AND DATA SECURITY Sources: 1 ITRC Breach Report Privacy Rights Clearinghouse 3 Verizon 2015 PCI Compliance Report 3 PCI in brief Data security standards created and maintained by the Payment Card Industry Security Standards Council (PCI SSC) Applies to any system that stores, processes or transmits card data 12 requirements addressing operational and technical areas Specific technology guidelines for encryption and tokenization PCI COMPLIANCE AND DATA SECURITY Organizations often need to combine multiple technologies to secure data and meet PCI requirements 4 3

4 The prioritized approach Six milestones 1. If you don t need it, don t store it 2. Secure the perimeter 3. Secure applications 4. Monitor and control access to your systems 5. Protect stored cardholder data 6. Finalize remaining compliance efforts, and ensure all controls are in place Tools and guidance on the PCI SSC Web site PCI COMPLIANCE AND DATA SECURITY 5 Why NOT compliance? New compliance mandates are potentially endless Government regulation Industry standards Organization policies Achieving compliance is easier than maintaining compliance Becoming compliant is a project Maintaining compliance is a culture change Why information security PCI COMPLIANCE AND DATA SECURITY A single, comprehensive set of enterprise information security polices, standards, baselines, and procedures Simplifies culture change Simplifies compliance mandate responses by Cataloging existing controls Speeding gap analysis Limiting expense and churn caused by new mandates Reduces compliance to a single core competency: Security 6 4

5 Security is a business decision Steps to take Assess the risks Identify the mitigation options Determine how much risk The organization is comfortable accepting The organization is ALLOWED to accept Recognize the constraints Acquire and apply resources IT and information security can then Consolidate data and systems Segment the network PCI COMPLIANCE AND DATA SECURITY Implement the controls Close the gaps 7 Agenda PCI Compliance and Data Security 2 Data Security Solutions 8 Fraud Prevention 14 DATA SECURITY, FRAUD PREVENTION AND COMPLIANCE 8 5

6 Security is Comprehensive A viable security solution to combat today s threats requires a comprehensive combination of security solutions Replaces customer payment data with a benign value that cannot be converted back to card or account information within a merchant s network, protecting that data from security threats. Tokenization EMV Advanced chip card technology that helps prevent skimming, counterfeit and lost/stolen fraud. Encryption PCI DSS Encryption technology that protects the primary account number of a payment card from moment of capture at retail point of sale Fraud Tools A combination of preventative, detective, responsive controls applied to a merchant s process, people, and technologies. DATA SECURITY SOLUTIONS Tools that provide greater visibility into sophisticated fraud patterns, advanced capabilities include proxy piercing and geolocation, which can pinpoint a transaction s origin in real time, and dynamic order linking 9 Encryption 101 What is Encryption? Encryption is a security measure that leverages a cipher algorithm to mathematically transform sensitive data in such a way that only authorized parties can read it Encryption does not prevent interception of data, but rather the access to the content intercepted From the initial swipe, dip, tap, or click, card data can be encrypted to protect the data throughout the payment transmission process How Does it Work? Recipient's Public Key Recipient's Private Key Source: PacketLife.net DATA SECURITY SOLUTIONS Why is Encryption Important? Ideal for Data on the Go: Encryption is particularly useful in secure transmission of sensitive information Open Model with Limited Risk Exposure: Encryption leverages a public and private key model, where a public key is widely available to encrypt messages while a private key is only available to the receiving party for decryption of the message 10 6

7 Tokenization 101 What is Tokenization? Tokenization is the process through which real account data is replaced with a proxy value known as a token These tokens can either be static (never changing) or dynamic (different for each transaction) Some tokens are format-preserving (i.e., they look like regular PANs), while others can be different lengths or alphanumeric in context Tokens were created to minimize risk for merchants who stored live payment account credentials on their servers, but have expanded to minimize risks for issuers, brands, acquirers, and consumers Think of Tokens like Casino Chips You trade cash for chips Cash is valuable in a large context and is easily used Chips are valuable only in a limited context (inside the casino) and can only be used to do certain things defined by the house (e.g. play on certain table games) Why is Tokenization Important? DATA SECURITY SOLUTIONS Renders Previously High Value Data Almost Useless: Cash is higher risk because it can be stolen and used anywhere, while a chip is lower risk because even if it s stolen, it can t be used everywhere Consolidates Risk to a Single Control Point: Tokenization is like going to the cashier and giving cash and receiving tokens and De-Tokenization is like going back to the cashier and trading chips for cash 11 Hosted Pay for Ecommerce A consumer-facing hosted page that captures customer payment data in a PCI compliant manner Creating a secure and seamless payment experience for your customers while keeping your organization compliant Benefits Increases the security of your customers payment data Reduces the cost and scope of PCI compliance Your Website Ecommerce Platform Enables you to maintain complete control of your branding throughout the payment cycle Hosted Pay Minimizes initial and ongoing IT resource impacts How it works A Hosted Pay can clone your payment page so you maintain complete control of the look and feel of your customers checkout experience. There are no static templates to update. Payment Success CLONE¹ Payment Token Payment brands for approval DATA SECURITY SOLUTIONS There is no need to use an acquirer-branded payment page. You can change your payment page elements at any time, and Hosted Pay will capture the changes in real time. You are in control of your brand on the payment page at all times. 12 Your bank account 7

8 encryption What does it do for your organization? Encrypts PAN and CVV data within a customer s browser Provides you with full payment page control; no re-directs Remains invisible to the customer Delivers an effective PCI solution Offers a host-based alternative to a Hosted Pay DATA SECURITY SOLUTIONS 13 Agenda PCI Compliance and Data Security 2 Data Security Solutions 8 Fraud Prevention 14 DATA SECURITY, FRAUD PREVENTION AND COMPLIANCE 14 8

9 EMV The Basics How EMV Chip Cards are Different Chip cards are inserted into chip-reading devices rather than being swiped If PIN is supported on the chip card, it will replace traditional signature In conjunction with PIN, chip cards provide an added layer of authentication Terminals will accept both magnetic stripe and chip cards for years to come Customer Verification Methods (CVM) Chip and Signature Chip and Offline PIN Chip and Online PIN The consumer signs to validate their identity Prevents counterfeit card fraud The chip card and the terminal validate the PIN, then authorize Prevents counterfeit, stolen and never received or issued card fraud The consumer s PIN is sent to the host for validation Prevents counterfeit, stolen and never received or issued card fraud FRAUD PREVENTION Source: EMVCo Q statistics 15 Key points about EMV in the US Benefits of chip technology Confidence EMV has been used globally with cards in Europe for over a decade; and in Canada over the last seven years Security and Fraud Protection dynamic authentication reduces the value of stolen cardholder data; Chip technology is more difficult to duplicate and combining its use with a PIN helps reduce fraud due to lost, stolen or counterfeit cards Reduces Chargebacks the use of PIN with the chip technology can significantly reduce the frequency of chargebacks Global Interoperability and Consistency outside of the U.S., 43.3% of all cards are EMV and 86.8% of terminals are EMV capable US migration drivers Avoid becoming a destination for criminals and global magnetic-stripe fraud activity Increase satisfaction of traveling international cardholders Maintain interoperability with the rest of the world Position the industry for the adoption of other forms of payment, notably NFC mobile contactless payments Payment brand mandates and chargeback liability shifts are forcing the adoption of this technology What is a liability shift? FRAUD PREVENTION Liability Shift is a change in who bears the chargeback related cost of fraudulent transactions The penalty for merchants or issuers missing the October 2015 (non Petro) / October 2017 (Petro) deadline is a shift in fraud related liability. Merchants who have not implemented an EMV certified solution will risk absorbing the cost of all disputed counterfeit and potentially lost/stolen/not received fraudulent transactions they initiate. 16 9

10 EMV in the US: Key Merchant Considerations Keys to EMV Readiness 1. The Right Integration: Direct, Middleware/Third Party (TP) Gateway, Semi-Integrated, or Stand-Alone approach 2. Merchant Readiness: Processes, Procedures, Learning / Development on handling EMV transactions 3. Consumer Readiness: Building Awareness and Understanding of EMV Make The Most of EMV Migration 1. Consider POS modernization holistically PIN Acceptance, E2E Encryption, Tokenization, Contactless, High-Speed IP Connectivity 2. Be prepared for Fraud Increases in Card Not Present (CNP) channels EMV adoption has historically shifted Card Present Fraud to CNP and cross-border Fraud Omni-channel and CNP merchants should prepare by evaluating fraud detection technology AVS/CVV alone is not enough as false positive exposure can be high. Include other fraud detection technology such as Velocity Checks, Positive and Negative Lists, Proxy Piercing/IP Geolocation, and Dynamic Risk Scoring FRAUD PREVENTION 17 Key takeaways PCI Basic security measures but not all that is needed Data protection Any time the card data is exposed, in transit or at rest, it is at risk Layered protection is the only answer Different from data protection Fraud management More risk in CNP space than card present Geolocation, proxy piercing, device fingerprinting FRAUD PREVENTION 18 10

11 Speaker contact information Matthew Leman Vice President, Special Markets Chase Paymentech O: FRAUD PREVENTION 19 11

Electronic Payment Processing: Electronic Arts European Cash Management CALIFORNIA ASSOCIATION OF COUNTY TREASURERS & TAX COLLECTORS

Electronic Payment Processing: Electronic Arts European Cash Management CALIFORNIA ASSOCIATION OF COUNTY TREASURERS & TAX COLLECTORS Electronic Payment Processing: Electronic Arts Challenges European Cash Management and Smart Solutions CALIFORNIA ASSOCIATION OF COUNTY TREASURERS & TAX COLLECTORS June MARCH 10, 2013 2015 This presentation

More information

EMV's Role in reducing Payment Risks: a Multi-Layered Approach

EMV's Role in reducing Payment Risks: a Multi-Layered Approach EMV's Role in reducing Payment Risks: a Multi-Layered Approach April 24, 2013 Agenda EMV Rationale Why is this worth the effort? Guides how we implement it EMV Vulnerability at the POS EMV Impact on CNP

More information

What Merchants Need to Know About EMV

What Merchants Need to Know About EMV Effective November 1, 2014 1. What is EMV? EMV is the global standard for card present payment processing technology and it s coming to the U.S. EMV uses an embedded chip in the card that holds all the

More information

EMV and Restaurants What you need to know! November 19, 2014

EMV and Restaurants What you need to know! November 19, 2014 EMV and Restaurants What you need to know! Mike English Executive Director of Product Development Kristi Kuehn Sr. Director, Compliance November 9, 204 Agenda EMV overview Timelines Chip Card Liability

More information

EMV and Small Merchants:

EMV and Small Merchants: September 2014 EMV and Small Merchants: What you need to know Mike English Executive Director, Product Development Heartland Payment Systems 2014 Heartland Payment Systems, Inc. All trademarks, service

More information

What is EMV? What is different?

What is EMV? What is different? U.S. consumers are receiving new debit and credit cards with embedded chip technology that better stores and protects cardholder information. These new chip cards are part of the new card standard, Europay,

More information

Card Network Update Chip (EMV) Acceptance in the United States At-A-Glance

Card Network Update Chip (EMV) Acceptance in the United States At-A-Glance Card Network Update Chip (EMV) Acceptance in the United States At-A-Glance Allegiance Merchant Services is committed to assisting you in navigating through the various considerations that you may face

More information

PCI DSS FAQ. The twelve requirements of the PCI DSS are defined as follows:

PCI DSS FAQ. The twelve requirements of the PCI DSS are defined as follows: What is PCI DSS? PCI DSS is an acronym for Payment Card Industry Data Security Standards. PCI DSS is a global initiative intent on securing credit and banking transactions by merchants & service providers

More information

Your Reference Guide to EMV Integration: Understanding the Liability Shift

Your Reference Guide to EMV Integration: Understanding the Liability Shift Your Reference Guide to EMV Integration: Understanding the Liability Shift UNDERSTANDING EMV EMVCo was formed in February 1999 by Europay, MasterCard and Visa to establish and maintain global interoperability

More information

Visa Recommended Practices for EMV Chip Implementation in the U.S.

Visa Recommended Practices for EMV Chip Implementation in the U.S. CHIP ADVISORY #20, UPDATED JULY 11, 2012 Visa Recommended Practices for EMV Chip Implementation in the U.S. Summary As issuers, acquirers, merchants, processors and vendors plan and begin programs to adopt

More information

Heartland Secure. By: Michael English. A Heartland Payment Systems White Paper 2014. Executive Director, Product Development

Heartland Secure. By: Michael English. A Heartland Payment Systems White Paper 2014. Executive Director, Product Development A Heartland Payment Systems White Paper 2014 Heartland Secure. By: Michael English Executive Director, Product Development 2014 Heartland Payment Systems. All trademarks, service marks and trade names

More information

OpenEdge Research & Development Group April 2015

OpenEdge Research & Development Group April 2015 2015: Security, Merchant Readiness & the Coming Liability Shift OpenEdge Research & Development Group April 2015 solutions@openedgepay.com openedgepay.com 2015: Security, Merchant Table of Contents The

More information

EMV and Restaurants: What you need to know. Mike English. October 2014. Executive Director, Product Development Heartland Payment Systems

EMV and Restaurants: What you need to know. Mike English. October 2014. Executive Director, Product Development Heartland Payment Systems October 2014 EMV and Restaurants: What you need to know Mike English Executive Director, Product Development Heartland Payment Systems 2014 Heartland Payment Systems, Inc. All trademarks, service marks

More information

FOR A BARRIER-FREE PAYMENT PROCESSING SOLUTION

FOR A BARRIER-FREE PAYMENT PROCESSING SOLUTION FOR A BARRIER-FREE PAYMENT PROCESSING SOLUTION MAKE THE SWITCH TO MONEXgroup ecommerce I Mobile I Wireless I Integrated I Countertop Solutions IN-STORE ON-THE-GO ONLINE Accept secure debit and credit card

More information

THE FIVE Ws OF EMV BY DAVE EWALD GLOBAL EMV CONSULTANT AND MANAGER DATACARD GROUP

THE FIVE Ws OF EMV BY DAVE EWALD GLOBAL EMV CONSULTANT AND MANAGER DATACARD GROUP THE FIVE Ws OF EMV BY DAVE EWALD GLOBAL EMV CONSULTANT AND MANAGER DATACARD GROUP WHERE IS THE U.S. PAYMENT CARD INDUSTRY NOW? WHERE IS IT GOING? Today, payment and identification cards of all types (credit

More information

Introductions 1 min 4

Introductions 1 min 4 1 2 1 Minute 3 Introductions 1 min 4 5 2 Minutes Briefly Introduce the topics for discussion. We will have time for Q and A following the webinar. 6 Randy - EMV History / Chip Cards /Terminals 5 Minutes

More information

toast EMV in 2015: How Restaurants Can Prepare for the New Chip-and-Pin Standard

toast EMV in 2015: How Restaurants Can Prepare for the New Chip-and-Pin Standard toast EMV in 2015: How Restaurants Can Prepare for the New Chip-and-Pin Standard Table of Contents For more than 40 years, merchants and consumers have used magnetic stripe credit cards and compatible

More information

Payments Transformation - EMV comes to the US

Payments Transformation - EMV comes to the US Accenture Payment Services Payments Transformation - EMV comes to the US In 1993 Visa, MasterCard and Europay (EMV) came together and formed EMVCo 1 to tackle the global challenge of combatting fraudulent

More information

Preparing for EMV chip card acceptance

Preparing for EMV chip card acceptance Preparing for EMV chip card acceptance Ben Brown Vice President, Regional Sales Manager, Wells Fargo Merchant Services Lily Page Vice President, Wholesale ereceivables, Wells Fargo Merchant Services June

More information

EMV FAQs for developers

EMV FAQs for developers EMV FAQs for developers You accept the Information presented herein as is, without any representation as to its accuracy or completeness. What are the three levels of EMV certification? There are three

More information

A Brand New Checkout Experience

A Brand New Checkout Experience A Brand New Checkout Experience EMV Transformation EMV technology is transforming the U.S. payment industry, bringing a whole new experience to the checkout counter. Introduction What is EMV? It s 3 small

More information

A Brand New Checkout Experience

A Brand New Checkout Experience A Brand New Checkout Experience EMV Transformation EMV technology is transforming the U.S. payment industry, bringing a whole new experience to the checkout counter. Introduction What is EMV? It s 3 small

More information

Payment Card Industry (PCI) Data Security Standard. PCI DSS Applicability in an EMV Environment A Guidance Document Version 1

Payment Card Industry (PCI) Data Security Standard. PCI DSS Applicability in an EMV Environment A Guidance Document Version 1 Payment Card Industry (PCI) Data Security Standard PCI DSS Applicability in an EMV Environment A Guidance Document Version 1 Release date: 5 October 2010 Table of Contents 1 Executive Summary... 3 1.1

More information

The Adoption of EMV Technology in the U.S. By Dave Ewald Global Industry Sales Consultant Datacard Group

The Adoption of EMV Technology in the U.S. By Dave Ewald Global Industry Sales Consultant Datacard Group The Adoption of EMV Technology in the U.S. By Dave Ewald Global Industry Sales Consultant Datacard Group Abstract: Visa Inc. and MasterCard recently announced plans to accelerate chip migration in the

More information

The Relationship Between PCI, Encryption and Tokenization: What you need to know

The Relationship Between PCI, Encryption and Tokenization: What you need to know October 2014 The Relationship Between PCI, Encryption and Tokenization: What you need to know Mike English Executive Director, Product Development Heartland Payment Systems 2014 Heartland Payment Systems,

More information

E U R O P E A N B A N K F U N D I N G I N A B A I L - I N W O R L D

E U R O P E A N B A N K F U N D I N G I N A B A I L - I N W O R L D ILF Conference, 3 May 2012 David Marks, Chairman of FIG Debt Capital Markets, J.P. Morgan S T R I C T L Y P R I V A T E A N D C O N F I D E N T I A L English_General This presentation was prepared exclusively

More information

EMV in Hotels Observations and Considerations

EMV in Hotels Observations and Considerations EMV in Hotels Observations and Considerations Just in: EMV in the Mail Customer Education: Credit Card companies have already started customer training for the new smart cards. 1 Questions to be Answered

More information

Practically Thinking: What Small Merchants Should Know about EMV

Practically Thinking: What Small Merchants Should Know about EMV Practically Thinking: What Small Merchants Should Know about EMV 1 Practically Thinking: What Small Merchants Should Know About EMV Overview Savvy business owners know that payments are about more than

More information

EMV FAQs. Contact us at: CS@VancoPayments.com. Visit us online: VancoPayments.com

EMV FAQs. Contact us at: CS@VancoPayments.com. Visit us online: VancoPayments.com EMV FAQs Contact us at: CS@VancoPayments.com Visit us online: VancoPayments.com What are the benefits of EMV cards to merchants and consumers? What is EMV? The acronym EMV stands for an organization formed

More information

A CHASE PAYMENTECH WHITE PAPER. Expanding internationally: Strategies to combat online fraud

A CHASE PAYMENTECH WHITE PAPER. Expanding internationally: Strategies to combat online fraud A CHASE PAYMENTECH WHITE PAPER Expanding internationally: Strategies to combat online fraud Fraud impacts nearly eight in every ten international online retailers 1. It hampers prospects for growth, restricts

More information

Healthcare Payment Security Is Your Patient s Card Data Exposed? May 24, 2016

Healthcare Payment Security Is Your Patient s Card Data Exposed? May 24, 2016 Healthcare Payment Security Is Your Patient s Card Data Exposed? May 24, 2016 PRESENTER BIOS Michael Fidler Vice President Elavon Healthcare Payment Solutions Michael D. Fidler is Vice President, Healthcare

More information

Fighting Today s Cybercrime

Fighting Today s Cybercrime SECURELY ENABLING BUSINESS Fighting Today s Cybercrime Ongoing PCI Compliance Using Data-Centric Security Technologies HOUSEKEEPING ITEMS All phone lines have been muted for the duration of the webinar.

More information

EMV and Chip Cards Key Information On What This Is, How It Works and What It Means

EMV and Chip Cards Key Information On What This Is, How It Works and What It Means EMV and Chip Cards Key Information On What This Is, How It Works and What It Means Document Purpose This document is intended to provide information about the concepts behind and the processes involved

More information

PCI Compliance Overview

PCI Compliance Overview PCI Compliance Overview 1 PCI DSS Payment Card Industry Data Security Standard Standard that is applied to: Merchants Service Providers (Banks, Third party vendors, gateways) Systems (Hardware, software)

More information

EMV EMV TABLE OF CONTENTS

EMV EMV TABLE OF CONTENTS 2 TABLE OF CONTENTS Intro... 2 Are You Ready?... 3 What Is?... 4 Why?... 5 What Does Mean To Your Business?... 6 Checklist... 8 3 U.S. Merchants 60% are expected to convert to -enabled devices by 2015.

More information

PCI and EMV Compliance Checkup

PCI and EMV Compliance Checkup PCI and EMV Compliance Checkup ATM Security Jim Pettitt Director, ATM Security Diebold Incorporated Agenda ATM threats today Top of mind risk PCI Impact on Security U.S. EMV Migration Conclusions / recommendations

More information

FOR A BARRIER-FREE PAYMENT PROCESSING SOLUTION

FOR A BARRIER-FREE PAYMENT PROCESSING SOLUTION FOR A BARRIER-FREE PAYMENT PROCESSING SOLUTION MAKE THE SWITCH TO MONEXgroup ecommerce I Mobile I Wireless I Integrated I Countertop Solutions PAYMENTS IN-STORE PAYMENTS ON-THE-GO PAYMENTS ONLINE Accept

More information

Mitigating Fraud Risk Through Card Data Verification

Mitigating Fraud Risk Through Card Data Verification Risk Management Best Practices 11 September 2014 Mitigating Fraud Risk Through Card Data Verification AP, Canada, CEMEA, LAC, U.S. Issuers, Processors With a number of cardholder payment options (e.g.,

More information

welcome to liber8:payment

welcome to liber8:payment liber8:payment welcome to liber8:payment Our self-service kiosks free up staff time and improve the overall patron experience. liber8:payment further enhances these benefits by providing the convenience

More information

How to Prepare. Point of sale requirements are changing. Get ready now.

How to Prepare. Point of sale requirements are changing. Get ready now. How to Prepare for EMV Point of sale requirements are changing. Get ready now. The EMV mandate is fast approaching. Now is the time to plan a strategy to prepare for this change. 2 EMV: The Backstory 3

More information

EMV and Encryption + Tokenization: A Layered Approach to Security

EMV and Encryption + Tokenization: A Layered Approach to Security EMV and Encryption + Tokenization: A Layered Approach to Security 2012 First Data Corporation. All trademarks, service marks and trade names referenced in this material are the property of their respective

More information

Save Money on Credit Card Processing. So how do you save money on credit card processing? It is a very simple process.

Save Money on Credit Card Processing. So how do you save money on credit card processing? It is a very simple process. My main responsibility as a Regional Account Manager for IMD is obtain the absolute lowest possible merchant fees for you as a business. Why? The more customers we can save money, the more volume of business

More information

IS YOUR CUSTOMERS PAYMENT DATA REALLY THAT SAFE? A Chase Paymentech Paper

IS YOUR CUSTOMERS PAYMENT DATA REALLY THAT SAFE? A Chase Paymentech Paper IS YOUR CUSTOMERS PAYMENT DATA REALLY THAT SAFE? A Chase Paymentech Paper A data breach has the potential to cost retailers millions in lost customers and sales. In this paper we discuss a number of possible

More information

U.S. Smart Card Migration: Stripe to EMV Claudia Swendseid, Federal Reserve Bank of Minneapolis Terry Dooley, SHAZAM Kristine Oberg, Elavon

U.S. Smart Card Migration: Stripe to EMV Claudia Swendseid, Federal Reserve Bank of Minneapolis Terry Dooley, SHAZAM Kristine Oberg, Elavon U.S. Smart Card Migration: Stripe to EMV Claudia Swendseid, Federal Reserve Bank of Minneapolis Terry Dooley, SHAZAM Kristine Oberg, Elavon UMACHA Navigating Payments 2014 October 8, 2014 Who We Are Claudia

More information

Mobile Near-Field Communications (NFC) Payments

Mobile Near-Field Communications (NFC) Payments Mobile Near-Field Communications (NFC) Payments OCTOBER 2013 GENERAL INFORMATION American Express continues to develop its infrastructure and capabilities to support growing market interest in mobile payments

More information

Visa U.S. Merchant EMV Chip Acceptance Readiness Guide. 10 Steps to Planning Chip Implementation for Contact and Contactless Transactions

Visa U.S. Merchant EMV Chip Acceptance Readiness Guide. 10 Steps to Planning Chip Implementation for Contact and Contactless Transactions Visa U.S. Merchant EMV Chip Acceptance Readiness Guide 10 Steps to Planning Chip Implementation for Contact and Contactless Transactions Visa U.S. Merchant EMV Chip Acceptance Readiness Guide 10 Steps

More information

Tokenization Amplified XiIntercept. The ultimate PCI DSS cost & scope reduction mechanism

Tokenization Amplified XiIntercept. The ultimate PCI DSS cost & scope reduction mechanism Tokenization Amplified XiIntercept The ultimate PCI DSS cost & scope reduction mechanism Paymetric White Paper Tokenization Amplified XiIntercept 2 Table of Contents Executive Summary 3 PCI DSS 3 The PCI

More information

Changing Consumer Purchasing Patterns. John Mayleben, CPP SVP, Technology and Product Development Michigan Retailers Association

Changing Consumer Purchasing Patterns. John Mayleben, CPP SVP, Technology and Product Development Michigan Retailers Association Changing Consumer Purchasing Patterns John Mayleben, CPP SVP, Technology and Product Development Michigan Retailers Association Michigan Retailers Association! Michigan Retailers Association is trade

More information

Tokenization: FAQs & General Information. www.tsys.com BACKGROUND. GENERAL INFORMATION What is Tokenization?

Tokenization: FAQs & General Information. www.tsys.com BACKGROUND. GENERAL INFORMATION What is Tokenization? FAQ Tokenization: FAQs & General Information BACKGROUND As technology evolves, consumers are increasingly making their purchases online or through mobile devices and digital wallet applications and their

More information

Target Security Breach

Target Security Breach Target Security Breach Lessons Learned for Retailers and Consumers 2014 Pointe Solutions, Inc. PO Box 41, Exton, PA 19341 USA +1 610 524 1230 Background In the aftermath of the Target breach that affected

More information

We believe First Data is well positioned to take advantage of all of these trends given the breadth of our solutions and our global operating

We believe First Data is well positioned to take advantage of all of these trends given the breadth of our solutions and our global operating Given recent payment data breaches, clients are increasingly demanding robust security and fraud solutions; and Financial institutions continue to outsource and leverage technology providers given their

More information

EMV : Frequently Asked Questions for Merchants

EMV : Frequently Asked Questions for Merchants EMV : Frequently Asked Questions for Merchants The information in this document is offered on an as is basis, without warranty of any kind, either expressed, implied or statutory, including but not limited

More information

SellWise User Group. Thursday, February 19, 2015

SellWise User Group. Thursday, February 19, 2015 SellWise User Group Thursday, February 19, 2015 Slides and recording posted on scouting.org/financeimpact Look on the Council Fiscal Management Tab, then look at the bottom left for Sellwise Support/User

More information

Guideline on Debit or Credit Cards Usage

Guideline on Debit or Credit Cards Usage CMSGu2012-04 Mauritian Computer Emergency Response Team CERT-MU SECURITY GUIDELINE 2011-02 Enhancing Cyber Security in Mauritius Guideline on Debit or Credit Cards Usage National Computer Board Mauritius

More information

Transitions in Payments: PCI Compliance, EMV & True Transactions Security

Transitions in Payments: PCI Compliance, EMV & True Transactions Security Transitions in Payments: PCI Compliance, EMV & True Transactions Security There have been more than 600 million records compromised from approximately 4,000 data breaches since 2005 and those are just

More information

Credit Card Processing, Point of Sale, ecommerce

Credit Card Processing, Point of Sale, ecommerce Credit Card Processing, Point of Sale, ecommerce Compliance, Self Auditing, and More John Benson Kurt Willey HACKS REGULATIONS Greater Risk for Merchants Topics Compliance Changes Scans Self Audits

More information

Protecting Cardholder Data Throughout Your Enterprise While Reducing the Costs of PCI Compliance

Protecting Cardholder Data Throughout Your Enterprise While Reducing the Costs of PCI Compliance Payment Security White Paper Protecting Cardholder Data Throughout Your Enterprise While Reducing the Costs of PCI Compliance Breaches happen across all industries as thieves look for vulnerabilities.

More information

Glossary. Account number

Glossary. Account number Glossary Note: All definitions listed in this section are also available in the Course Glossary. You can access the course Glossary online by clicking the Glossary link in the Materials section of the

More information

Fall Conference November 19 21, 2013 Merchant Card Processing Overview

Fall Conference November 19 21, 2013 Merchant Card Processing Overview Fall Conference November 19 21, 2013 Merchant Card Processing Overview Agenda Industry Definition Process Flows Processing Costs Chargeback's Payment Card Industry (PCI) Guidelines for Convenience Fees

More information

How Multi-Pay Tokens Can Reduce Security Risks and the PCI Compliance Burden for ecommerce Merchants

How Multi-Pay Tokens Can Reduce Security Risks and the PCI Compliance Burden for ecommerce Merchants How Multi-Pay Tokens Can Reduce Security Risks and the PCI Compliance Burden for ecommerce Merchants 2012 First Data Corporation. All trademarks, service marks and trade names referenced in this material

More information

Prevention Is Better Than Cure EMV and PCI

Prevention Is Better Than Cure EMV and PCI Prevention Is Better Than Cure EMV and PCI Prevention Is Better Than Cure An independent view on the effectiveness of EMV and PCI in case of large-scale card compromise. Over the past couple of months,

More information

Policy Title: Payment Cards Policy Effective Date: 5/5/2010. Policy Number: FA-PO-1214 Date of Last Revision: 11/5/2014

Policy Title: Payment Cards Policy Effective Date: 5/5/2010. Policy Number: FA-PO-1214 Date of Last Revision: 11/5/2014 Policy Title: Effective Date: 5/5/2010 Policy Number: FA-PO-1214 Date of Last Revision: 11/5/2014 Oversight Department: Financial Services Next Review Date: 10/1/2016 1. PURPOSE The for Radford University

More information

NEWS BULLETIN 2015-16

NEWS BULLETIN 2015-16 NEWS BULLETIN Maine Automobile Dealers Association 180 Civic Center Drive P. O. Box 2667 Augusta, Maine 04338-2667 DIAL 623-3882 e-mail:info@maineautodealers.com FAX 623-2318 DISTRIBUTION General Manager

More information

Emerging Trends in the Payment Ecosystem: The Good, the Bad and the Ugly DAN KRAMER

Emerging Trends in the Payment Ecosystem: The Good, the Bad and the Ugly DAN KRAMER Emerging Trends in the Payment Ecosystem: The Good, the Bad and the Ugly DAN KRAMER SHAZAM, Senior Vice President Agenda The Ugly Fraud The Bad EMV? The Good Tokenization and Other Emerging Payment Options

More information

Testimony of Scott Talbott, Sr. V.P. for Government Relations, Electronic Transactions Association (ETA)

Testimony of Scott Talbott, Sr. V.P. for Government Relations, Electronic Transactions Association (ETA) Testimony of Scott Talbott, Sr. V.P. for Government Relations, Electronic Transactions Association (ETA) House Small Business Committee Hearing on the EMV Deadline and What It Means for Small Business

More information

Understand the Business Impact of EMV Chip Cards

Understand the Business Impact of EMV Chip Cards Understand the Business Impact of EMV Chip Cards 3 What About Mail/Telephone Order and ecommerce? 3 What Is EMV 3 How Chip Cards Work 3 Contactless Technology 4 Background: Behind the Curve 4 Liability

More information

mobile payment acceptance Solutions Visa security best practices version 3.0

mobile payment acceptance Solutions Visa security best practices version 3.0 mobile payment acceptance Visa security best practices version 3.0 Visa Security Best Practices for, Version 3.0 Since Visa s first release of this best practices document in 2011, we have seen a rapid

More information

EMV Frequently Asked Questions for Merchants May, 2014

EMV Frequently Asked Questions for Merchants May, 2014 EMV Frequently Asked Questions for Merchants May, 2014 Copyright 2014 Vantiv All rights reserved. Disclaimer The information in this document is offered on an as is basis, without warranty of any kind,

More information

E M V I M P L E M E N TAT I O N T O O L S F O R S U C C E S S, P C I & S E C U R I T Y. February 2014

E M V I M P L E M E N TAT I O N T O O L S F O R S U C C E S S, P C I & S E C U R I T Y. February 2014 E M V I M P L E M E N TAT I O N T O O L S F O R S U C C E S S, P C I & S E C U R I T Y February 2014 A G E N D A EMV Overview EMV Industry Announcements EMV Transaction Differences, What to Expect Solution

More information

A Guide to EMV. Version 1.0 May 2011. Copyright 2011 EMVCo, LLC. All rights reserved.

A Guide to EMV. Version 1.0 May 2011. Copyright 2011 EMVCo, LLC. All rights reserved. A Guide to EMV Version 1.0 May 2011 Objective Provide an overview of the EMV specifications and processes What is EMV? Why EMV? Position EMV in the context of the wider payments industry Define the role

More information

Mobile Payment Solutions: Best Practices and Guidelines

Mobile Payment Solutions: Best Practices and Guidelines Presented by the Mobile Payments Committee of the Electronic Transactions Association Mobile Payment Solutions: Best Practices and Guidelines ETA s Best Practices and Guidelines for Mobile Payment Solutions

More information

Newtek, The Small Business Authority 855-2thesba www.thesba.com. thesba.com 855-2thesba

Newtek, The Small Business Authority 855-2thesba www.thesba.com. thesba.com 855-2thesba thesba.com 855-2thesba EMV Chip Technology, Secure Electronic Payments The world of payments is evolving. We are starting to see an evolution from typical static magnetic strip cards to more intelligent

More information

Payment Card Industry Data Security Standards

Payment Card Industry Data Security Standards Payment Card Industry Data Security Standards Discussion Objectives Agenda Introduction PCI Overview and History The Protiviti Difference Questions and Discussion 2 2014 Protiviti Inc. CONFIDENTIAL: This

More information

Thoughts on PCI DSS 3.0. D. Timothy Hartzell CISSP, CISM, QSA, PA-QSA Associate Director

Thoughts on PCI DSS 3.0. D. Timothy Hartzell CISSP, CISM, QSA, PA-QSA Associate Director Thoughts on PCI DSS 3.0 D. Timothy Hartzell CISSP, CISM, QSA, PA-QSA Associate Director Agenda 1 2 3 Global Payment Card Statistics and Trends PCI DSS Overview PCI DSS Version 3.0: Important Timelines

More information

Key Steps to Meeting PCI DSS 2.0 Requirements Using Sensitive Data Discovery and Masking

Key Steps to Meeting PCI DSS 2.0 Requirements Using Sensitive Data Discovery and Masking Key Steps to Meeting PCI DSS 2.0 Requirements Using Sensitive Data Discovery and Masking SUMMARY The Payment Card Industry Data Security Standard (PCI DSS) defines 12 high-level security requirements directed

More information

THE ROAD TO U.S. EMV MIGRATION Information and Strategies to Help Your Institution Make the Change

THE ROAD TO U.S. EMV MIGRATION Information and Strategies to Help Your Institution Make the Change THE ROAD TO U.S. EMV MIGRATION Information and Strategies to Help Your Institution Make the Change Advancements in technological capabilities, along with increasing levels of counterfeit fraud, led the

More information

Digital Payment Solutions TSYS Enterprise Tokenization:

Digital Payment Solutions TSYS Enterprise Tokenization: Digital Payment Solutions TSYS Enterprise : FAQs & General Information FAQ TSYS DIGITAL DIGITAL PAYMENT PAYMENTS SOLUTIONS SOLUTIONS Account Holder Experience Apple Pay 1 Android Pay 2 Samsung Pay 2 Issuer

More information

Statement of Stephen W. Orfei General Manager PCI Security Standards Council

Statement of Stephen W. Orfei General Manager PCI Security Standards Council Statement of Stephen W. Orfei General Manager PCI Security Standards Council Before the Committee on Financial Services, United States House of Representatives Protecting Consumers: Financial Data Security

More information

OpenEdge Research & Development Group April 2015

OpenEdge Research & Development Group April 2015 2015: Development, Merchant Readiness & the Coming Liability Shift OpenEdge Research & Development Group April 2015 developers@openedgepay.com openedgepay.com 2015: Development, Merchant Table of Contents

More information

Visa U.S. Merchant EMV Chip Acceptance Readiness Guide. 10 Steps to Planning Chip Implementation for Contact and Contactless Transactions

Visa U.S. Merchant EMV Chip Acceptance Readiness Guide. 10 Steps to Planning Chip Implementation for Contact and Contactless Transactions Visa U.S. Merchant EMV Chip Acceptance Readiness Guide 10 Steps to Planning Chip Implementation for Contact and Contactless Transactions Visa U.S. Merchant EMV Chip Acceptance Readiness Guide 10 Steps

More information

Payments Fraud Best Practices

Payments Fraud Best Practices Stephen W. Markwell Disbursements Product Executive J.P. Morgan Pamela R. Malmos Director Finance, Treasury Operations ConAgra Foods, Inc. Fraud Prevention Laura Howley, CTP Director, Global Treasury Operations

More information

Flexible and secure. acceo tender retail. payment solution. tender-retail.acceo.com

Flexible and secure. acceo tender retail. payment solution. tender-retail.acceo.com Flexible and secure payment solution acceo tender retail payment solution tender-retail.acceo.com Take control of your payment transactions ACCEO Tender Retail is a specialized middleware that handles

More information

Visa U.S. Merchant EMV Chip Acceptance Readiness Guide. 10 Steps to Planning Chip Implementation for Contact and Contactless Transactions

Visa U.S. Merchant EMV Chip Acceptance Readiness Guide. 10 Steps to Planning Chip Implementation for Contact and Contactless Transactions Visa U.S. Merchant EMV Chip Acceptance Readiness Guide 10 Steps to Planning Chip Implementation for Contact and Contactless Transactions Visa U.S. Merchant EMV Chip Acceptance Readiness Guide 10 Steps

More information

Chip Card (EMV ) CAL-Card FAQs

Chip Card (EMV ) CAL-Card FAQs U.S. Bank Chip Card (EMV ) CAL-Card FAQs Below are answers to some frequently asked questions about the migration to U.S. Bank chipenabled CAL-Cards. This guide can help ensure that you are prepared for

More information

PREPARING FOR THE MIGRATION TO EMV IN

PREPARING FOR THE MIGRATION TO EMV IN PREPARING FOR THE MIGRATION TO EMV IN THE U.S. A Mercator Advisory Group Research Brief Sponsored by Merchant Warehouse 2010 Mercator Advisory Group, Inc. 8 Clock Tower Place, Suite 420 Maynard, MA 01754

More information

CardControl. Credit Card Processing 101. Overview. Contents

CardControl. Credit Card Processing 101. Overview. Contents CardControl Credit Card Processing 101 Overview Credit card processing is a very complex and important system for anyone that sells goods. This guide will hopefully help educate and inform new and old

More information

Frequently Asked Questions

Frequently Asked Questions PCI Compliance Frequently Asked Questions Table of Content GENERAL INFORMATION... 2 PAYMENT CARD INDUSTRY DATA SECURITY STANDARD (PCI DSS)...2 Are all merchants and service providers required to comply

More information

American Express Contactless Payments

American Express Contactless Payments PRODUCT CAPABILITY GUIDE American Express Contactless Payments American Express Contactless Payments Help Enable Increased Convenience For Card Members At The Point Of Sale American Express contactless

More information

Drive your fraud rates down

Drive your fraud rates down Drive your fraud rates down Drive your fraud rates down To a greater or lesser extent, fraud concerns almost everyone involved in e-business. With margins tight and competition fierce, the prospect of

More information

Secure Payments Framework Workgroup

Secure Payments Framework Workgroup Secure Payments Framework Workgroup EMV for the US Hospitality Industry Version 1.0 About HTNG Hotel Technology Next Generation (HTNG) is a non-profit association with a mission to foster, through collaboration

More information

U.S. Bank. U.S. Bank Chip Card FAQs for Program Administrators. In this guide you will find: Explaining Chip Card Technology (EMV)

U.S. Bank. U.S. Bank Chip Card FAQs for Program Administrators. In this guide you will find: Explaining Chip Card Technology (EMV) U.S. Bank U.S. Bank Chip Card FAQs for Program Administrators Here are some frequently asked questions Program Administrators have about the replacement of U.S. Bank commercial cards with new chip-enabled

More information

Frequently asked questions - Visa paywave

Frequently asked questions - Visa paywave Frequently asked questions - Visa paywave What is Visa paywave? Visa paywave is a new contactless method of payment - the latest evolution in Visa payments. It is a simple, secure and quick payment method

More information

U.S. House Small Business Committee. On Behalf of the National Grocers Association. October 6, 2015

U.S. House Small Business Committee. On Behalf of the National Grocers Association. October 6, 2015 U.S. House Small Business Committee On Behalf of the National Grocers Association October 6, 2015 The National Grocers Association (NGA) appreciates the opportunity to submit comments for the record to

More information

PREVENTING PAYMENT CARD DATA BREACHES

PREVENTING PAYMENT CARD DATA BREACHES NEW SCIENCE TRANSACTION SECURITY ARTICLE PREVENTING PAYMENT CARD DATA BREACHES DECEMBER 2014 UL.COM/NEWSCIENCE NEW SCIENCE TRANSACTION SECURITY OVERVIEW From research on the latest electronic transaction

More information

Credit Card Processing Overview

Credit Card Processing Overview CardControl 3.0 Credit Card Processing Overview Overview Credit card processing is a very complex and important system for anyone that sells goods. This guide will hopefully help educate and inform new

More information

Puzzled about PCI compliance? Proactive ways to navigate through the standard for compliance

Puzzled about PCI compliance? Proactive ways to navigate through the standard for compliance Puzzled about PCI compliance? Proactive ways to navigate through the standard for compliance March 29, 2012 1:00 p.m. ET If you experience any technical difficulties, please contact 888.228.0988 or support@learnlive.com

More information

A CHASE PAYMENTECH WHITEPAPER. Building customer loyalty in a multi-channel world Creating an optimised approach for e-tailers

A CHASE PAYMENTECH WHITEPAPER. Building customer loyalty in a multi-channel world Creating an optimised approach for e-tailers A CHASE PAYMENTECH WHITEPAPER Building customer loyalty in a multi-channel world Creating an optimised approach for e-tailers Table Of Contents Changing shopping habits... 3 The multi-channel journey...

More information

PCI 3.1 Changes. Jon Bonham, CISA Coalfire System, Inc.

PCI 3.1 Changes. Jon Bonham, CISA Coalfire System, Inc. PCI 3.1 Changes Jon Bonham, CISA Coalfire System, Inc. Agenda Introduction of Coalfire What does this have to do with the business office Changes to version 3.1 EMV P2PE Questions and Answers Contact Information

More information

EMV mobile Point of Sale (mpos) Initial Considerations

EMV mobile Point of Sale (mpos) Initial Considerations EMV mobile Point of Sale EMV mobile Point of Sale (mpos) Initial Considerations Version 1.1 June 2014 2014 EMVCo, LLC ( EMVCo ). All rights reserved. Any and all uses of the EMV Specifications ( Materials

More information

EMV ADOPTION AND ITS IMPACT ON FRAUD MANAGEMENT WORLDWIDE

EMV ADOPTION AND ITS IMPACT ON FRAUD MANAGEMENT WORLDWIDE EMV ADOPTION AND ITS IMPACT ON FRAUD MANAGEMENT WORLDWIDE A Mercator Advisory Group Research Brief Sponsored by FICO January 2014 Table of Contents Introduction...3 The EMV Standard and What It Does...3

More information