Tokenization: FAQs & General Information. BACKGROUND. GENERAL INFORMATION What is Tokenization?
|
|
- Wilfrid Clark
- 8 years ago
- Views:
Transcription
1 FAQ Tokenization: FAQs & General Information BACKGROUND As technology evolves, consumers are increasingly making their purchases online or through mobile devices and digital wallet applications and their payment card information may be saved online for more efficiency in future check-out experiences. In response, the industry has moved to support payment form factors that provide increased protection against counterfeiting, account misuse and other forms of fraud. With criminals inventing new ways to steal customer information, it is more important than ever for financial institutions, merchants and payment brands to ensure consumer security. While EMV chip cards provide substantial protection for card-present transactions, a similar need exists to minimize unauthorized use of cardholder account data and to reduce cross-channel fraud for card-not-present transactions, as well as in emerging transaction environments that combine elements of cardpresent and card-not-present transactions. One such way is through the use of payment token numbers. GENERAL INFORMATION What is Tokenization? Tokenization is a method for protecting card data by substituting a card s Primary Account Number (PAN) with a unique, randomly generated sequence of numbers. This token can be reversed to its true associated PAN value by the service provider who initially created the token. Tokens can be either single- or multi-use. The number is the same length and format as the original PAN; it is no different from a standard payment card number in the virtual eyes of back-end transaction processing systems, applications and storage tools. The random token sequence acts as a substitute value for the actual PAN while the data is at rest inside an issuer s or retailer s systems. Tokenization eliminates the need for merchants, e-commerce sites and operators of mobile wallets to store sensitive payment card data on their networks. Payment Tokenization allows a consumer to register a payment card with a mobile wallet or online store and replace the actual card number with a payment token number used for that merchant or wallet vendor. What are the benefits of payment Tokenization for the issuer and cardholder? For the cardholder, Tokenization provides a digital user experience offering: Data security the payment token number is meaningless to anyone except the issuer and payment brand, and it can only be used with the registered mobile device or online merchant with whom the consumer registered. Simplified purchasing experience for consumers by largely eliminating the need to enter and re-enter the account number when shopping on a consumer controlled mobile device Reduced proliferation of account numbers for both e-commerce and m-commerce s benefit from: Data security Enhanced cardholder experience Global standard and interoperability helps reduce data protection requirements for the payment brand and its participants New POS payment protocol support (i.e., NFC, QR code, other) Increased transparency of transactions from alternative payment providers Simplified payment process for the cardholder Improved transaction approval levels, and reduced risk of subsequent fraud in the event of a data breach in which payment tokens are exposed instead of PANs
2 How does Tokenization benefit the merchant? A token is stored in the merchant environment in place of the primary account number, making it possible for a merchant to process follow-up transactions, without having to store customers account data in the clear: Tokens remove the need for merchants to retain PANs in card data environment. Tokens cannot be used by an unauthorized party to conduct fraudulent transactions. Tokens match the format of the initiating PAN. Tokens do not overlap major brands. Visa, MasterCard and American Express are using different BIN ranges for Tokenization that look exactly like their PANs today. Visa and MasterCard will be using BINs within their existing range today. Tokens are card-based, meaning a merchant will always get the same token back for a specific PAN. Tokens share the last four digits with the corresponding PAN. A payment token can be used freely by systems and applications within a merchant environment. Where payment Tokenization is properly implemented, merchants can limit the storage of cardholder data to within the Tokenization system, and can simplify an entity s assessment against PCI DSS standards. Acquirers and merchants may experience a reduced threat of online attacks and data breaches, as payment token databases are less appealing targets given their limitation to a specific domain (i.e., online, NFC, QR Code). Acquirers and merchants may also benefit from the higher assurance levels that payment tokens offer. Merchants can use Tokenization to facilitate on-demand, subscription or recurring transactions. Decreased shopping cart abandonment rates. How does payment Tokenization affect the consumer experience? The consumer has greater peace of mind with enhanced security measures, and he or she also benefits from a more efficient shopping experience. For instance: The card number and other details a consumer uses during enrollment can be taken by a wallet provider and passed securely to the payment brand. The Token Service Provider then switches the physical card number for a completely different payment token number with a new expiration date. The payment token not the consumer s card number is stored securely in the phone s wallet. The payment token can only be used with the associated device. Similarly, whenever a consumer uses NFC at a merchant, the payment token is used in the transaction. If a criminal compromises the merchant, the data is completely unusable. The consumer can also use payment Tokenization in e-commerce or m-commerce scenarios. When the consumer associates their payment card with an e-commerce merchant using payment Tokenization, they receive a new payment token number to be used solely with that particular e-commerce merchant. When the consumer shops online with that merchant, the payment token is the only data being passed to the merchant s site. Just as in the in-store example above, if a criminal hacked the e-commerce site and accessed the consumer s information, the hacker would find the information completely useless. Why is Tokenization needed today? Over the past few years, broad proliferation of card-on-file models, both Remote and Proximity, has created an industry need to produce and use tokens. Some examples: Card-on-File Merchant Digital Wallet QR and Bar Code NFC and Chip Merchant uses tokens in lieu of PANs in card-on-file database Branded Digital Wallet presents Pay with Wallet in front of card on file QR or Bar Code supplier puts a Bar Code in front of card on file Account number in NFC or chip device 2
3 These new business models and use cases for card-on-file transactions create several issues: Emerging Payment models within the current industry infrastructure result in the lack of full visibility into transaction data. Reduced security with the card credentials passed through new channels and form factors Challenges in ownership of customer service and post-transaction issues/dispute resolution What is the difference between Tokenization and encryption? Tokenization protects data at rest, while encryption protects data in motion. Other differences between tokenization and encryption are outlined in the table below: Performance 1 Data portability Off-line use Operational impacts Deployment impacts Tokenization Centralized model with good performance in data center, assuming a robust back-end. Network latency is a performance consideration. Data must be de-tokenized to be exported outside of customer-controlled domain. Requires connection to token server, or distributed token servers. Can customize token to reduce or eliminate operational impacts. Low. Only applications capturing or using the PAN need to be changed. No DB/file changes needed. encryption Distributed model with excellent performance. Key can be exported to allow encrypted data to be exported. Locally cached keys permit offline use. Format of encrypted elements cannot be defined. Moderate. All applications capturing or using the PAN, plus *all* applications where the expansion of the PAN impacts other fields. 1 Applies to a typical, smaller sizes. Source: RSA Data Tokenization Server with Encryption. What is the difference between a token and a single-use or virtual accounts? Tokenized accounts, single use accounts and virtual accounts are similar in that each masks the original PAN. However, each differs in use case as well as how it translates back to that PAN behind the scenes. A single-use account number is typically used once for a specific purchase and changed for each transaction. There are also other forms of virtual accounts or ghost accounts that can be used for more than one purchase or transaction. Usually the financial institution or processor owns the conversion of the single use/virtual account to the PAN. Tokenized accounts can be used for multiple purchases, and can be restricted in how they are used with a specific merchant, device, transaction or category of transactions. Token purchases go through the Network Service with the card brands for conversion to the PAN. How is payment Tokenization affecting the payments ecosystem? Technology is changing the way we deal with payments. As the table below highlights, there are a number of differences in how the payments ecosystem deals with plastic and non-plastics in the market. how is the credential created and transmitted to the storage location? where and how is the credential stored? how is the credential used to create a payment transaction? With Plastics Create a 16-digit PAN, personalize plastic EMV, mag stripe, card-on-file system Swipe, dip or tap plastic Beyond Plastics Create token, transmit to consumers devices Mobile device, card-on-file system Tap device, QR reader, encrypted stream Regardless of how the payment token is created, stored, or used, the token must be compatible with the existing payment processing ecosystem. The industry recognizes two new entities for payment tokenization, as indicated in the following table. 3
4 entities Cardholder Card Acceptor Acquirer Network (Visa, MasterCard, American Express) Token Requestor Token Service Provider description Consumer-enrolled issuer / network Merchant-enrolled acquirer / network Financial Institution / Processor Financial Institution / Processor Card network / Processor Enrolled entity requesting tokens Authorized entity providing tokens TOKEN STANDARD What standards are in place to guide the industry for Tokenization? On March 11, 2014, EMVCo (Visa, MasterCard, American Express, JCB, Discover and UnionPay ) published the first guide covering industry specifications for Tokenization Titled EMV Tokenization Payment Tokenization Specifications. The specifications deal with the required technical architecture of the Tokenization standard for securing online payments using tokens via consumer-controlled mobile devices. Current payment token standards include: Tokens will meet ISO standards (13- to 19-character numeric length) to support payment processing within the existing ecosystem. There is no conflict with an issuer-assigned PAN, and tokens are generated from a separate BIN. Token BIN/PAN ranges reflect the product attributes, such as debit or signature. Payment tokens must pass basic validation rules of an account number while reinforcing interoperability. All tokens are mapped and associated with an underlying PAN that is sent in authorization to the issuer. Tokens are accepted, processed and routed based on the ecosystem (i.e., merchants, acquirers, processors, networks and issuers). What are the token-related fields that TSYS is supporting? TSYS clients can refer to the TSYS Enterprise Tokenization Manual on Docline for this information. How are token decisions made? Token approvals for requesting card accounts will not always be granted. s will be able to evaluate each token request based on numerous risk parameters in place at the time. Generally, this results in one of the following outcomes: Successfully approve to generate and issue an active token Decline the request to issue the token Conditionally approve, requiring additional cardholder authentication before going to the decline If additional cardholder authentication is required, issuers have the option to perform additional Identification and Verification (ID&V) checks (i.e., one-time password (OTP) or Knowledge based authentication (KBA)) with the consumer to decide whether the card qualifies to be tokenized. What does the payment token request process look like? The illustration below highlights the process of a Payment Token Request: 1 PAN 2 ID&V Token Requestor Token 4 Token Vault Token Evaluation Request 3 4 Authorization Request
5 Step 1: The Token Requestor sends a cardholder PAN to the token vault (i.e., a request). Step 2: The issuer performs 1 ID&V and passes those results to the vault. This is known 2 as binding. This completes the payment token registration. ID&V ensures that the payment token is replacing a PAN that was legitimately being used by the Token Requestor. ID&V is performed each time a payment token is requested. 4 3 Step Token 3: As part of the Payment Token Evaluation Request Process, the Token Vault alerts the issuer that Identification and Verification (ID&V) is needed. Requestor PAN Token Token Vault ID&V Token Evaluation Request Step 4: The Token Vault passes the registered payment token to the Token Requestor, completing the payment token request. Authorization Request Merchant Token Token PAN+Token 6 Acquirer 5 4 Token Service Authorization Response Token Authorization The illustration below demonstrates the Payment Token Transaction Authorization process: Step 1: The cardholder initiates a purchase with a payment token, which then passes through the merchant acquirer as if it were a PAN. Step 2: The payment token is de-tokenized into a PAN by the Token Service Provider (TSP). Step 3: The PAN and token are sent to the issuer, which makes an authorisation decision. Step 4: The issuer sends the PAN and authorisation response back to the TSP. Step 5: The TSP re-tokenizes the PAN. Step 6: The TSP sends the PAN and authorisation response through the acquirer to the merchant. WHAT TSYS IS DOING IN TOKENIZATION Is TSYS ready for Tokenization from a compliance standpoint? Yes. TSYS is supporting the mandates issued by the payment brands relating to Tokenization processing. Additionally, TSYS is reviewing the EMVCo proposed token standards. There are currently several pieces of compliance information available on Docline that our clients can access: XMLM Enhancements Changes to FCS and WCSA Screens and Reports to Support the Visa Payment Token Standard Compliance Release 14.1 North America Adding Fields to the Authorization Log to Support the Payment Token Standard Is TSYS supporting the Network Token On Behalf Of (OBO) Services? Yes. TSYS Enterprise Tokenization SM is a plug-and-play solution specifically designed to secure payment card information for Mobile use cases whether those are through digital wallets or In-App transactions. POS and online purchases remain unchanged as they are today with no token. It is our belief that Tokenization via the digital/mobile wallet will be the catalyst that fuels mobile payment growth and proliferation because both the consumer s and the merchant s data are more secure. TSYS Tokenization solution is designed for compatibility with various mobile offerings. As cardholders begin to shift to mobile payments, we recommend that you provide the highest protection available. 5
6 The initial TSYS Tokenization solution includes the following products and services: Brand Enrollment and Configuration to manage issuer enrollment with digital wallets (i.e. Apple Pay) and Network Services, including both Service Administration and Risk Management set-up. This service is not available for our International clients at this time. Transaction Processing to on-board clients to the platform and process token authorizations across TSYS systems and applications Call Center Management for existing TSYS Managed Services clients to administrate tokens and tokenized cardholder accounts Brand Enrollment and Configuration Service Administration ENROLLMENT CONFIGURATION As part of the set up, TSYS will do the enrollment on behalf of the issuer (Enablement model to be confirmed with the schemes) must identify BINs, provide card art and sign the wallet provider agreement 1 Transaction 2 Processing Token Operations AUTHORISATION/CLEARING/ SETTLEMENT EXCEPTIONS FRAUD/RISK VALUE-ADD APPS Implementation Configuration management, authorisation logs, fraud & risk, testing Processing Provisioning authorization requests, account verification, tapped transaction & e-commerce Call Center Management Token Administration LIFECYCLE MANAGEMENT Implementation Configuration management, authorisation logs, fraud & risk, testing Processing Provisioning authorization requests, account verification, tapped transaction & e-commerce This service is not available to International clients at this time. TSYS recognizes that continued investment and development is required to support Tokenization as a global standard. Further development is under way to support Tokenization beyond the U.S. and the U.K., and will be communicated in the future. What steps do I need to take to begin offering Tokenization to my cardholders? 1. Determine your digital payments strategy. TSYS is available to assist you in this process. 2. Build and educate your team; research the requirements. Contact TSYS to receive the initial Product Documentation that includes our Implementation Overview with a questionnaire and pricing. 3. For Apple Pay specifically, engage TSYS to formally begin the process of enrolling with the networks, processing transactions and readying your call center representatives to receive inquiries related to tokenized transactions and accounts. More detail on each of the steps above can be found in our published best practices document, located on Who is eligible to offer Apple Pay? Apple Pay is now available to U.S. and U.K. issuers on the Consumer platforms. TSYS is waiting for Apple and the brands to finalize the rollout dates for commercial portfolios and other regions, and we will be able to determine eligibility or implementation dates shortly thereafter. Contact your account manager for updates. When will Tokenization be available for the rest of North America and other International Locations? TSYS is working now to make our service available to our Canadian clients to accommodate other digital wallets that may be available in the near future. Apple has not specified a date for Apple Pay (Tokenization) to be available to the rest of North America or wider European deployment. 6
7 What about Commercial, Debit, Prepaid, the rest of North America and other International Locations? We are evaluating other card types, platforms and regions based on both client demand and changes in the industry. Contact your TSYS account manager or relationship representative to discuss your specific needs, and we will share additional details as our plans and long-term roadmaps develop. Is my small business portfolio eligible? If your small business customers are on the Consumer credit platform, they could be included. However, current use cases are consumer-focused. This service is BIN-driven. Check with your TSYS account manager or sales representative to verify availability. Will we need to re-issue cards in order to offer this product to our cardholders? No. Adding Apple Pay or any other digital wallet does not have any impact on your issued cards. What is unique about the TSYS Tokenization Solution? TSYS is able to utilize the OBO services provided by the payment brands and combine the results with account data, using issuer defined rules and parameters to process transactions. TSYS is also preparing to enhance reporting capabilities associated with token authorizations through TSYS Analytics. I know there are other digital wallets available in the market. Can TSYS process transactions for those providers as well as Apple? TSYS is working to enable Tokenization for all issuers through any digital wallet or payment application provider as they are available in your market. Who should I contact at Apple to begin discussions on offering Apple Pay? Contacting Apple is not necessary for each issuer. All activities for enablement with Apple will be managed through a combination of TSYS and the payment brands. In the enrollment process, you will need to accept the non-negotiable Terms and Conditions of Apple. to learn more contact your sales representative or account manager at , or visit us at. twitter.com/tsys_tss facebook.com/tsys1 linkedin.com/company/tsys 2015 Total System Services, Inc.. All rights reserved worldwide. Total System Services, Inc., and TSYS are federally registered service marks of Total System Services, Inc., in the United States. Total System Services, Inc., and its affiliates own a number of service marks that are registered in the United States and in other countries. All other products and company names are trademarks of their respective companies. (06/2015)
Digital Payment Solutions TSYS Enterprise Tokenization:
Digital Payment Solutions TSYS Enterprise : FAQs & General Information FAQ TSYS DIGITAL DIGITAL PAYMENT PAYMENTS SOLUTIONS SOLUTIONS Account Holder Experience Apple Pay 1 Android Pay 2 Samsung Pay 2 Issuer
More informationEmerging Trends in the Payment Ecosystem: The Good, the Bad and the Ugly DAN KRAMER
Emerging Trends in the Payment Ecosystem: The Good, the Bad and the Ugly DAN KRAMER SHAZAM, Senior Vice President Agenda The Ugly Fraud The Bad EMV? The Good Tokenization and Other Emerging Payment Options
More informationEMV and Small Merchants:
September 2014 EMV and Small Merchants: What you need to know Mike English Executive Director, Product Development Heartland Payment Systems 2014 Heartland Payment Systems, Inc. All trademarks, service
More informationHow Multi-Pay Tokens Can Reduce Security Risks and the PCI Compliance Burden for ecommerce Merchants
How Multi-Pay Tokens Can Reduce Security Risks and the PCI Compliance Burden for ecommerce Merchants 2012 First Data Corporation. All trademarks, service marks and trade names referenced in this material
More informationApple Pay. Frequently Asked Questions UK Launch
Apple Pay Frequently Asked Questions UK Launch Version 1.0 2015 First Data Corporation. All Rights Reserved. All trademarks, service marks and trade names referenced in this material are the property of
More informationApple Pay. Frequently Asked Questions UK
Apple Pay Frequently Asked Questions UK Version 1.0 (July 2015) First Data Merchant Solutions is a trading name of First Data Europe Limited, a private limited company incorporated in England (company
More informationEMV and Chip Cards Key Information On What This Is, How It Works and What It Means
EMV and Chip Cards Key Information On What This Is, How It Works and What It Means Document Purpose This document is intended to provide information about the concepts behind and the processes involved
More informationHow Secure are Contactless Payment Systems?
SESSION ID: HT-W01 How Secure are Contactless Payment Systems? Matthew Ngu Engineering Manager RSA, The Security Division of EMC Chris Scott Senior Software Engineer RSA, The Security Division of EMC 2
More informationHeartland Secure. By: Michael English. A Heartland Payment Systems White Paper 2014. Executive Director, Product Development
A Heartland Payment Systems White Paper 2014 Heartland Secure. By: Michael English Executive Director, Product Development 2014 Heartland Payment Systems. All trademarks, service marks and trade names
More informationEMV and Restaurants: What you need to know. Mike English. October 2014. Executive Director, Product Development Heartland Payment Systems
October 2014 EMV and Restaurants: What you need to know Mike English Executive Director, Product Development Heartland Payment Systems 2014 Heartland Payment Systems, Inc. All trademarks, service marks
More informationPractically Thinking: What Small Merchants Should Know about EMV
Practically Thinking: What Small Merchants Should Know about EMV 1 Practically Thinking: What Small Merchants Should Know About EMV Overview Savvy business owners know that payments are about more than
More informationACI TOKEN MANAGER FOR MOBILE: TOKEN SERVICE PROVISION, HCE AND EMBEDDED SECURE ELEMENT IN THE CLOUD
DELIVERS PEACE OF MIND PRODUCT FLYER ACI TOKEN MANAGER FOR MOBILE: TOKEN SERVICE PROVISION, HCE AND EMBEDDED SECURE ELEMENT IN THE CLOUD ENABLE FULL SUPPORT OF THE MOBILE PAYMENTS PROCESS FOR EMBEDDED
More informationKey Steps to Meeting PCI DSS 2.0 Requirements Using Sensitive Data Discovery and Masking
Key Steps to Meeting PCI DSS 2.0 Requirements Using Sensitive Data Discovery and Masking SUMMARY The Payment Card Industry Data Security Standard (PCI DSS) defines 12 high-level security requirements directed
More informationA RE T HE U.S. CHIP RULES ENOUGH?
August 2015 A RE T HE U.S. CHIP RULES ENOUGH? A longer term view of security and the payments landscape is needed. Abstract: The United States is finally modernizing its card payment systems and confronting
More informationPayments Transformation - EMV comes to the US
Accenture Payment Services Payments Transformation - EMV comes to the US In 1993 Visa, MasterCard and Europay (EMV) came together and formed EMVCo 1 to tackle the global challenge of combatting fraudulent
More informationAndroid pay. Frequently asked questions
Android pay Frequently asked questions June 2015 Android Pay - FAQs In May 2015, Android Pay was announced by Google. Android Pay is Google s payments solution that allows consumers to do in-store and
More informationThird Party Agent Registration and PCI DSS Compliance Validation Guide
Visa Europe Third Party Agent Registration and PCI DSS Compliance Validation Guide May 2016 Version 1.3 Visa Europe 2015 Contents 1 Introduction... 4 1.1 Definitions of Agents... 4 2 Registration Process...
More informationOpenEdge Research & Development Group April 2015
2015: Security, Merchant Readiness & the Coming Liability Shift OpenEdge Research & Development Group April 2015 solutions@openedgepay.com openedgepay.com 2015: Security, Merchant Table of Contents The
More informationEMV and Restaurants What you need to know! November 19, 2014
EMV and Restaurants What you need to know! Mike English Executive Director of Product Development Kristi Kuehn Sr. Director, Compliance November 9, 204 Agenda EMV overview Timelines Chip Card Liability
More informationMobile Near-Field Communications (NFC) Payments
Mobile Near-Field Communications (NFC) Payments OCTOBER 2013 GENERAL INFORMATION American Express continues to develop its infrastructure and capabilities to support growing market interest in mobile payments
More informationPCI Compliance Overview
PCI Compliance Overview 1 PCI DSS Payment Card Industry Data Security Standard Standard that is applied to: Merchants Service Providers (Banks, Third party vendors, gateways) Systems (Hardware, software)
More informationPreparing for EMV chip card acceptance
Preparing for EMV chip card acceptance Ben Brown Vice President, Regional Sales Manager, Wells Fargo Merchant Services Lily Page Vice President, Wholesale ereceivables, Wells Fargo Merchant Services June
More informationEMV : Frequently Asked Questions for Merchants
EMV : Frequently Asked Questions for Merchants The information in this document is offered on an as is basis, without warranty of any kind, either expressed, implied or statutory, including but not limited
More informationProtecting Cardholder Data Throughout Your Enterprise While Reducing the Costs of PCI Compliance
Payment Security White Paper Protecting Cardholder Data Throughout Your Enterprise While Reducing the Costs of PCI Compliance Breaches happen across all industries as thieves look for vulnerabilities.
More informationWe believe First Data is well positioned to take advantage of all of these trends given the breadth of our solutions and our global operating
Given recent payment data breaches, clients are increasingly demanding robust security and fraud solutions; and Financial institutions continue to outsource and leverage technology providers given their
More informationACQUIRER OR ACQUIRING BANK A financial institution (often a bank) where a merchant has an account to process transactions and card payments
A TO Z JARGON BUSTER A ACQUIRER OR ACQUIRING BANK A financial institution (often a bank) where a merchant has an account to process transactions and card payments ATM Automated Teller Machine. Unattended,
More informationPayment Security Solutions. Payment Tokenisation. Secure payment data storage and processing, while maintaining reliable, seamless transactions
Payment Security Solutions Payment Tokenisation Secure payment data storage and processing, while maintaining reliable, seamless transactions 02 Payment Security Solutions CyberSource Payment Tokenisation:
More informationVerified by Visa. Acquirer and Merchant Implementation Guide. U.S. Region. May 2011
Verified by Visa Acquirer and Merchant Implementation Guide U.S. Region Verified by Visa Acquirer and Merchant Implementation Guide U.S. Region VISA PUBLIC DISCLAIMER: THE RECOMMENDATIONS CONTAINED HEREIN
More informationEnhancing Payment Card Security New Measures to be Phased in from 2 nd Quarter 2010 to 1 st Quarter 2011
Enhancing Payment Card Security New Measures to be Phased in from 2 nd Quarter 2010 to 1 st Quarter 2011 On 5 th March 2010, The Association of Banks in Singapore announced key measures to adopt a holistic
More informationPayment Card Industry Data Security Standard (PCI DSS) Q & A November 6, 2008
Payment Card Industry Data Security Standard (PCI DSS) Q & A November 6, 2008 What is the PCI DSS? And what do the acronyms CISP, SDP, DSOP and DISC stand for? The PCI DSS is a set of comprehensive requirements
More informationtoast EMV in 2015: How Restaurants Can Prepare for the New Chip-and-Pin Standard
toast EMV in 2015: How Restaurants Can Prepare for the New Chip-and-Pin Standard Table of Contents For more than 40 years, merchants and consumers have used magnetic stripe credit cards and compatible
More informationU.S. Smart Card Migration: Stripe to EMV Claudia Swendseid, Federal Reserve Bank of Minneapolis Terry Dooley, SHAZAM Kristine Oberg, Elavon
U.S. Smart Card Migration: Stripe to EMV Claudia Swendseid, Federal Reserve Bank of Minneapolis Terry Dooley, SHAZAM Kristine Oberg, Elavon UMACHA Navigating Payments 2014 October 8, 2014 Who We Are Claudia
More informationEMV FAQs. Contact us at: CS@VancoPayments.com. Visit us online: VancoPayments.com
EMV FAQs Contact us at: CS@VancoPayments.com Visit us online: VancoPayments.com What are the benefits of EMV cards to merchants and consumers? What is EMV? The acronym EMV stands for an organization formed
More informationIs Payment Tokenization Ready for Primetime?
Is Payment Tokenization Ready for Primetime? Perspectives from Industry Stakeholders on the Tokenization Landscape Marianne Crowe and Susan Pandy, Federal Reserve Bank of Boston David Lott, Federal Reserve
More informationPCI DSS Compliance Services January 2016
PCI DSS Compliance Services January 2016 20160104-Galitt-PCI DSS Compliance Services.pptx Agenda 1. Introduction 2. Overview of the PCI DSS standard 3. PCI DSS compliance approach Copyright Galitt 2 Introduction
More informationCredit Card Processing Overview
CardControl 3.0 Credit Card Processing Overview Overview Credit card processing is a very complex and important system for anyone that sells goods. This guide will hopefully help educate and inform new
More informationPCI DSS FAQ. The twelve requirements of the PCI DSS are defined as follows:
What is PCI DSS? PCI DSS is an acronym for Payment Card Industry Data Security Standards. PCI DSS is a global initiative intent on securing credit and banking transactions by merchants & service providers
More informationThe Cost of Compliance
The Cost of Compliance The Payment Card Industry Data Security Standard (PCI DSS) aims to protect sensitive cardholder data throughout the life cycle of ecommerce transactions. The standard puts heavy
More informationEMV Frequently Asked Questions for Merchants May, 2014
EMV Frequently Asked Questions for Merchants May, 2014 Copyright 2014 Vantiv All rights reserved. Disclaimer The information in this document is offered on an as is basis, without warranty of any kind,
More informationINTRODUCTION AND HISTORY
INTRODUCTION AND HISTORY EMV is actually younger than we all may think as it only became available, as a specification that could be implemented, in 1996. The evolution of EMV can be seen in the development
More informationTHE FIVE Ws OF EMV BY DAVE EWALD GLOBAL EMV CONSULTANT AND MANAGER DATACARD GROUP
THE FIVE Ws OF EMV BY DAVE EWALD GLOBAL EMV CONSULTANT AND MANAGER DATACARD GROUP WHERE IS THE U.S. PAYMENT CARD INDUSTRY NOW? WHERE IS IT GOING? Today, payment and identification cards of all types (credit
More informationGLOBAL MOBILE PAYMENT TRANSACTION VALUE IS PREDICTED TO REACH USD 721 BILLION BY 2017. 1. MasterCard M/Chip Mobile Solution
INTRODUCING M/Chip Mobile SIMPLIFYING THE DEPLOYMENT OF SECURE ELEMENT MOBILE PAYMENTS OCTOBER 2015 GLOBAL MOBILE PAYMENT TRANSACTION VALUE IS PREDICTED TO REACH USD 721 BILLION BY 2017. 1 Research into
More informationThe Relationship Between PCI, Encryption and Tokenization: What you need to know
October 2014 The Relationship Between PCI, Encryption and Tokenization: What you need to know Mike English Executive Director, Product Development Heartland Payment Systems 2014 Heartland Payment Systems,
More informationPCI DSS 101 FOR CTOs AND BUSINESS EXECUTIVES
PCI DSS 101 FOR CTOs AND BUSINESS EXECUTIVES CUTTING THROUGH THE COMPLEXITY AND CONFUSION Over the years, South African retailers have come under increased pressure to gain PCI DSS (Payment Card Industry
More informationTHE ROAD TO U.S. EMV MIGRATION Information and Strategies to Help Your Institution Make the Change
THE ROAD TO U.S. EMV MIGRATION Information and Strategies to Help Your Institution Make the Change Advancements in technological capabilities, along with increasing levels of counterfeit fraud, led the
More informationJosiah Wilkinson Internal Security Assessor. Nationwide
Josiah Wilkinson Internal Security Assessor Nationwide Payment Card Industry Overview PCI Governance/Enforcement Agenda PCI Data Security Standard Penalties for Non-Compliance Keys to Compliance Challenges
More informationAmerican Express Contactless Payments
PRODUCT CAPABILITY GUIDE American Express Contactless Payments American Express Contactless Payments Help Enable Increased Convenience For Card Members At The Point Of Sale American Express contactless
More informationA Guide to EMV. Version 1.0 May 2011. Copyright 2011 EMVCo, LLC. All rights reserved.
A Guide to EMV Version 1.0 May 2011 Objective Provide an overview of the EMV specifications and processes What is EMV? Why EMV? Position EMV in the context of the wider payments industry Define the role
More informationCyberSource Payment Security. with PCI DSS Tokenization Guidelines
CyberSource Payment Security Compliance The PCI Security Standards Council has published guidelines on tokenization, providing all merchants who store, process, or transmit cardholder data with guidance
More informationCardControl. Credit Card Processing 101. Overview. Contents
CardControl Credit Card Processing 101 Overview Credit card processing is a very complex and important system for anyone that sells goods. This guide will hopefully help educate and inform new and old
More informationOpenEdge Research & Development Group April 2015
2015: Development, Merchant Readiness & the Coming Liability Shift OpenEdge Research & Development Group April 2015 developers@openedgepay.com openedgepay.com 2015: Development, Merchant Table of Contents
More informationSecure Payments Framework Workgroup
Secure Payments Framework Workgroup EMV for the US Hospitality Industry Version 1.0 About HTNG Hotel Technology Next Generation (HTNG) is a non-profit association with a mission to foster, through collaboration
More informationTokenization Amplified XiIntercept. The ultimate PCI DSS cost & scope reduction mechanism
Tokenization Amplified XiIntercept The ultimate PCI DSS cost & scope reduction mechanism Paymetric White Paper Tokenization Amplified XiIntercept 2 Table of Contents Executive Summary 3 PCI DSS 3 The PCI
More informationPayment Methods. The cost of doing business. Michelle Powell - BASYS Processing, Inc.
Payment Methods The cost of doing business Michelle Powell - BASYS Processing, Inc. You ve got to spend money, to make money Major Industry Topics Industry Process Flow PCI DSS Compliance Risks of Non-Compliance
More informationPCI General Policy. Effective Date: August 2008. Approval: December 17, 2015. Maintenance of Policy: Office of Student Accounts REFERENCE DOCUMENTS:
Effective Date: August 2008 Approval: December 17, 2015 PCI General Policy Maintenance of Policy: Office of Student Accounts PURPOSE: To protect against the exposure and possible theft of account and personal
More informationTable of Contents. Overview. What is payment processing? Who s Who. Types of Payment Solutions. Online Transactions. Interchange Process
Overview Credit Card Processing 101 is your go-to handbook for navigating the payments industry. This document provides a quick and thorough understanding on how businesses accept electronic payments,
More informationGuide to Data Field Encryption
Guide to Data Field Encryption Contents Introduction 2 Common Concepts and Glossary 3 Encryption 3 Data Field Encryption 3 Cryptography 3 Keys and Key Management 5 Secure Cryptographic Device 7 Considerations
More informationMaking Cloud-Based Mobile Payments a Reality with Digital Issuance, Tokenization, and HCE WHITE PAPER
Making Cloud-Based Mobile Payments a Reality with Digital Issuance, Tokenization, and HCE WHITE PAPER Why Cloud-Based Mobile Payments? The promise of mobile payments has captured the imagination of banks,
More informationFAQ EMV. EMV Overview
FAQ EMV EMV Overview What are the benefits of EMV cards? A: Several factors are driving the U.S. card market to migrate to chip-based cards using the EMV specifications. EMV offers advantages for consumers,
More informationRegistration and PCI DSS compliance validation
Visa Europe A Guide for Third Party Agents Registration and PCI DSS compliance validation October 2015 Version 1.1 Visa Europe 2015 Contents 1 Introduction... 4 1.1 Definitions of Agents... 4 2 Registration
More informationFrequently Asked Questions
PCI Compliance Frequently Asked Questions Table of Content GENERAL INFORMATION... 2 PAYMENT CARD INDUSTRY DATA SECURITY STANDARD (PCI DSS)...2 Are all merchants and service providers required to comply
More informationWhat Issuers Need to Know Top 25 Questions on EMV Chip Cards and Personalization
Frequently Asked Questions What Issuers Need to Know Top 25 Questions on EMV Chip Cards and Personalization Issuers across the United States are beginning to embark in the planning and execution phase
More informationCard Network Update Chip (EMV) Acceptance in the United States At-A-Glance
Card Network Update Chip (EMV) Acceptance in the United States At-A-Glance Allegiance Merchant Services is committed to assisting you in navigating through the various considerations that you may face
More informationEMV and Encryption + Tokenization: A Layered Approach to Security
EMV and Encryption + Tokenization: A Layered Approach to Security 2012 First Data Corporation. All trademarks, service marks and trade names referenced in this material are the property of their respective
More informationCard Acceptance Best Practices Playing it Safe at the Point of Sale
White Paper Card Acceptance Best Practices Playing it Safe at the Point of Sale Fraudulent activity costs U.S. businesses billions. And that is just lost revenue. When you consider the associated damage
More informationEMV FAQs for developers
EMV FAQs for developers You accept the Information presented herein as is, without any representation as to its accuracy or completeness. What are the three levels of EMV certification? There are three
More informationPayment Card Industry (PCI) Data Security Standard. PCI DSS Applicability in an EMV Environment A Guidance Document Version 1
Payment Card Industry (PCI) Data Security Standard PCI DSS Applicability in an EMV Environment A Guidance Document Version 1 Release date: 5 October 2010 Table of Contents 1 Executive Summary... 3 1.1
More informationUniversity Policy Accepting Credit Cards to Conduct University Business
BROWN UNIVERSITY University Policy Accepting Credit Cards to Conduct University Business Purpose Brown University requires all departments that are involved with credit card handling to do so in compliance
More informationA Brand New Checkout Experience
A Brand New Checkout Experience EMV Transformation EMV technology is transforming the U.S. payment industry, bringing a whole new experience to the checkout counter. Introduction What is EMV? It s 3 small
More informationA Brand New Checkout Experience
A Brand New Checkout Experience EMV Transformation EMV technology is transforming the U.S. payment industry, bringing a whole new experience to the checkout counter. Introduction What is EMV? It s 3 small
More information* Any merchant that has suffered a hack that resulted in an account data compromise may be escalated to a higher validation level.
Q: What is PCI? A: The Payment Card Industry Data Security Standard (PCI DSS) is a set of requirements designed to ensure that ALL companies that process, store or transmit credit card information maintain
More informationMitigating Fraud Risk Through Card Data Verification
Risk Management Best Practices 11 September 2014 Mitigating Fraud Risk Through Card Data Verification AP, Canada, CEMEA, LAC, U.S. Issuers, Processors With a number of cardholder payment options (e.g.,
More informationA multi-layered approach to payment card security.
A multi-layered approach to payment card security. CARD-NOT-PRESENT 1 A recent research study revealed that Visa cards are the most widely used payment method at Canadian websites, on the phone, or through
More informationPayment Card Industry Data Security Standard (PCI DSS)
Payment Card Industry Data Security Standard (PCI DSS) What is PCI SSC? A 12 year old independent industry standards body providing oversight of the development and management of Payment Card Industry
More informationVisa Debit processing. For ecommerce and telephone order merchants
Visa Debit processing For ecommerce and telephone order merchants Table of contents About this guide 3 General procedures 3 Authorization best practices 3 Status check transactions 4 Authorization reversals
More informationmobile payment acceptance Solutions Visa security best practices version 3.0
mobile payment acceptance Visa security best practices version 3.0 Visa Security Best Practices for, Version 3.0 Since Visa s first release of this best practices document in 2011, we have seen a rapid
More informationGrow with our omni-channel payment processing technologies and merchant services.
Grow with our omni-channel payment processing technologies and merchant services. Get ready for growth Payment processing solutions ecommerce mcommerce In-app payments Virtual terminal Card present EMV
More informationChanging Consumer Purchasing Patterns. John Mayleben, CPP SVP, Technology and Product Development Michigan Retailers Association
Changing Consumer Purchasing Patterns John Mayleben, CPP SVP, Technology and Product Development Michigan Retailers Association Michigan Retailers Association! Michigan Retailers Association is trade
More informationWhite Paper: Are there Payment Threats Lurking in Your Hospital?
White Paper: Are there Payment Threats Lurking in Your Hospital? With all the recent high profile stories about data breaches, payment security is a hot topic in healthcare today. There s been a steep
More informationUniversity Policy Accepting and Handling Payment Cards to Conduct University Business
BROWN UNIVERSITY University Policy Accepting and Handling Payment Cards to Conduct University Business Table of Contents Purpose... 2 Scope... 2 Authorization... 2 Establishing a new account... 2 Policy
More informationMOBILE PAYMENT IN THE EU: ROLE OF NFC. Gerd Thys Product Manager Clear2Pay Open Test Solutions (OTS) gerd.thys@clear2pay.com
MOBILE PAYMENT IN THE EU: ROLE OF NFC Gerd Thys Product Manager Clear2Pay Open Test Solutions (OTS) gerd.thys@clear2pay.com READY FOR MOBILE PAYMENT AT THE PUMP? Germany : One in three willing to pay for
More informationTarget Security Breach
Target Security Breach Lessons Learned for Retailers and Consumers 2014 Pointe Solutions, Inc. PO Box 41, Exton, PA 19341 USA +1 610 524 1230 Background In the aftermath of the Target breach that affected
More informationPayLeap Guide. One Stop
PayLeap Guide One Stop PayLeap does it all. Take payments in person? Check. Payments over the phone or by mail? Check. Payments from mobile devices? Of course. Online payments? No problem. In addition
More informationSwedbank Payment Portal Implementation Overview
Swedbank Payment Portal Implementation Overview Product: Hosted Pages Region: Baltics September 2015 Version 1.0 Contents 1. Introduction 1 1.1. Audience 1 1.2. Hosted Page Service Features 1 1.3. Key
More informationVoltage SecureData Web with Page-Integrated Encryption (PIE) Technology Security Review
Voltage SecureData Web with Page-Integrated Encryption (PIE) Technology Security Review Prepared for: Coalfire Systems, Inc. March 2, 2012 Table of Contents EXECUTIVE SUMMARY... 3 DETAILED PROJECT OVERVIEW...
More informationDATA SECURITY, FRAUD PREVENTION AND COMPLIANCE
DATA SECURITY, FRAUD PREVENTION AND COMPLIANCE December 2015 English_General This presentation was prepared exclusively for the benefit and internal use of the J.P. Morgan client or potential client to
More informationE M V I M P L E M E N TAT I O N T O O L S F O R S U C C E S S, P C I & S E C U R I T Y. February 2014
E M V I M P L E M E N TAT I O N T O O L S F O R S U C C E S S, P C I & S E C U R I T Y February 2014 A G E N D A EMV Overview EMV Industry Announcements EMV Transaction Differences, What to Expect Solution
More informationPROTECTION OF OUR MERCHANTS AND REFERRAL PARTNERS IS OUR FIRST CONCERN
PCI Q: What is PCI? A: The Payment Card Industry Data Security Standard (PCI DSS) is a set of requirements designed to ensure that ALL companies that process, store or transmit credit card information
More informationThoughts on PCI DSS 3.0. D. Timothy Hartzell CISSP, CISM, QSA, PA-QSA Associate Director
Thoughts on PCI DSS 3.0 D. Timothy Hartzell CISSP, CISM, QSA, PA-QSA Associate Director Agenda 1 2 3 Global Payment Card Statistics and Trends PCI DSS Overview PCI DSS Version 3.0: Important Timelines
More informationStronger(Security(and( Mobile'Payments'! Dramatically*Faster!and$ Cheaper'to'Implement"
!!!! Stronger(Security(and( Mobile'Payments'! Dramatically*Faster!and$ Cheaper'to'Implement" Here$is$a$simple,$cost$effective$way$to$achieve$transaction$security$for$ mobile$payments$that$allows$easy$and$secure$provisioning$of$cards.$
More informationVisa Recommended Practices for EMV Chip Implementation in the U.S.
CHIP ADVISORY #20, UPDATED JULY 11, 2012 Visa Recommended Practices for EMV Chip Implementation in the U.S. Summary As issuers, acquirers, merchants, processors and vendors plan and begin programs to adopt
More informationThe Comprehensive, Yet Concise Guide to Credit Card Processing
The Comprehensive, Yet Concise Guide to Credit Card Processing Written by David Rodwell CreditCardProcessing.net Terms of Use This ebook was created to provide educational information regarding payment
More informationGuideline on Debit or Credit Cards Usage
CMSGu2012-04 Mauritian Computer Emergency Response Team CERT-MU SECURITY GUIDELINE 2011-02 Enhancing Cyber Security in Mauritius Guideline on Debit or Credit Cards Usage National Computer Board Mauritius
More informationImplementation Guide
Implementation Guide PayLINK Implementation Guide Version 2.1.252 Released September 17, 2013 Copyright 2011-2013, BridgePay Network Solutions, Inc. All rights reserved. The information contained herein
More informationVisa Debit ecommerce merchant acceptance. Frequently asked questions and flowchart
Visa Debit ecommerce merchant acceptance Frequently asked questions and flowchart Table Of Contents Visa Debit. The convenience of debit. The security of Visa. 3 The value of Visa Debit for ecommerce:
More informationSection 3.9 PCI DSS Information Security Policy Issued: June 2016 Replaces: January 2015
Section 3.9 PCI DSS Information Security Policy Issued: June 2016 Replaces: January 2015 I. PURPOSE The purpose of this policy is to establish guidelines for processing charges on Payment Cards to protect
More informationPayeezy SM Webinar: 15 Minutes to Apple Pay TM In-App Payments with Payeezy. Tom Eck First Data. October 2, 2014
Payeezy SM Webinar: 15 Minutes to Apple Pay TM In-App Payments with Payeezy Tom Eck First Data October 2, 2014 1 Today s Goal Understand Apple Pay In-App Payments and how to quickly and easily enable them
More informationEMV in Hotels Observations and Considerations
EMV in Hotels Observations and Considerations Just in: EMV in the Mail Customer Education: Credit Card companies have already started customer training for the new smart cards. 1 Questions to be Answered
More informationPayment Card Industry Data Security Standard Training. Chris Harper Vice President of Technical Services Secure Enterprise Computing, Inc.
Payment Card Industry Data Security Standard Training Chris Harper Vice President of Technical Services Secure Enterprise Computing, Inc. March 27, 2012 Agenda Check-In 9:00-9:30 PCI Intro and History
More informationHealthcare Payment Security Is Your Patient s Card Data Exposed? May 24, 2016
Healthcare Payment Security Is Your Patient s Card Data Exposed? May 24, 2016 PRESENTER BIOS Michael Fidler Vice President Elavon Healthcare Payment Solutions Michael D. Fidler is Vice President, Healthcare
More information