NFC Application Mobile Payments



Similar documents
Training. MIFARE4Mobile. Public. MobileKnowledge April 2015

Mobile Payment: The next step of secure payment VDI / VDE-Colloquium. Hans-Jörg Frey Senior Product Manager May 16th, 2013

Payments: POS, mpos & Mobile payments Gorka Hernando (Speaker) / Eric Leroux (Host)

EMV and Small Merchants:

Mobile Near-Field Communications (NFC) Payments

EMV and Restaurants: What you need to know. Mike English. October Executive Director, Product Development Heartland Payment Systems

EMV : Frequently Asked Questions for Merchants

EMV Frequently Asked Questions for Merchants May, 2014

The EMV Readiness. Collis America. Guy Berg President, Collis America

GLOBAL MOBILE PAYMENT TRANSACTION VALUE IS PREDICTED TO REACH USD 721 BILLION BY MasterCard M/Chip Mobile Solution

A Guide to EMV. Version 1.0 May Copyright 2011 EMVCo, LLC. All rights reserved.

Android pay. Frequently asked questions

Banking. Extending Value to Customers. KONA Banking product matrix. is leading the next generation of payment solutions.

BGS MOBILE PLATFORM HCE AND CLOUD BASED PAYMENTS

Payments Transformation - EMV comes to the US

Making Cloud-Based Mobile Payments a Reality with Digital Issuance, Tokenization, and HCE WHITE PAPER

PCI and EMV Compliance Checkup

Preparing for EMV chip card acceptance

Credit Card Processing Overview

EMV mobile Point of Sale (mpos) Initial Considerations

Training. NFC in Android. Public. MobileKnowledge October 2015

EMV FAQs. Contact us at: Visit us online: VancoPayments.com

Fundamentals of EMV. Guy Berg Senior Managing Consultant MasterCard Advisors

CardControl. Credit Card Processing 101. Overview. Contents

ACI TOKEN MANAGER FOR MOBILE: TOKEN SERVICE PROVISION, HCE AND EMBEDDED SECURE ELEMENT IN THE CLOUD

What Merchants Need to Know About EMV

The future of contactless mobile payment: with or without Secure Element?

OT PRODUCTS AND SOLUTIONS EMV-IN-A-BOX

Significance of Tokenization in Promoting Cloud Based Secure Elements

EESTEL. Association of European Experts in E-Transactions Systems. Apple iphone 6, Apple Pay, What else? EESTEL White Paper.

INTRODUCTION AND HISTORY

Bringing Mobile Payments to Market for an International Retailer

EMV-TT. Now available on Android. White Paper by

E M V I M P L E M E N TAT I O N T O O L S F O R S U C C E S S, P C I & S E C U R I T Y. February 2014

Visa Recommended Practices for EMV Chip Implementation in the U.S.

Emerging Trends in the Payment Ecosystem: The Good, the Bad and the Ugly DAN KRAMER

SETUP GUIDE. Thank you for your purchase of Hamilton products! In this handy guide, you will discover: ADDITIONAL REQUIREMENTS SETUP HOW IT WORKS

Asian Payment Card Forum Growing the Business: Launching Successful Consumer Payments Products

How Secure are Contactless Payment Systems?

Training MIFARE SDK. Public. MobileKnowledge June 2015

MasterCard Contactless Reader v3.0. INTRODUCTION TO MASTERCARD CONTACTLESS READER v3.0

EMV Chip and PIN. Improving the Security of Federal Financial Transactions. Ian W. Macoy, AAP August 17, 2015

EMV and Restaurants What you need to know! November 19, 2014

Mobile Electronic Payments

American Express Contactless Payments

welcome to liber8:payment

Digital Payment Solutions TSYS Enterprise Tokenization:

The Canadian Migration to EMV. Prepared By:

EMV: A to Z (Terms and Definitions)

Tokenization: FAQs & General Information. BACKGROUND. GENERAL INFORMATION What is Tokenization?

How To Secure A Paypass Card From Being Hacked By A Hacker

Stronger(Security(and( Mobile'Payments'! Dramatically*Faster!and$ Cheaper'to'Implement"

Inside the Mobile Wallet: What It Means for Merchants and Card Issuers

Fiscal Service EMV Education Series EMV-Compliant Point-of-Sale Card Acceptance for Federal Agencies. Fiscal Service / Vantiv July 27, 2015

The State of Pay. A mobile revolution. semble.co.nz

EMV in Hotels Observations and Considerations

Mobile MasterCard PayPass Testing and Approval Guide. December Version 2.0

THE ROAD TO U.S. EMV MIGRATION Information and Strategies to Help Your Institution Make the Change

THE APPEAL FOR CONTACTLESS PAYMENT 3 AVAILABLE CONTACTLESS TECHNOLOGIES 3 USING ISO BASED TECHNOLOGY FOR PAYMENT 4

Unleashing the Power of Smart Payment

Mobile Payment Solutions: Best Practices and Guidelines

A Guide to EMV Version 1.0 May 2011

HCE, Apple Pay The shock of simplifying the NFC? paper

HCE and SIM Secure Element:

MOBILE NEAR-FIELD COMMUNICATIONS (NFC) PAYMENTS

THE FIVE Ws OF EMV BY DAVE EWALD GLOBAL EMV CONSULTANT AND MANAGER DATACARD GROUP

About Visa paywave for mobile

Bringing Security & Interoperability to Mobile Transactions. Critical Considerations

OpenEdge Research & Development Group April 2015

CONTACTLESS INTEROPERABILITY IN TRANSIT

The Adoption of EMV Technology in the U.S. By Dave Ewald Global Industry Sales Consultant Datacard Group

We believe First Data is well positioned to take advantage of all of these trends given the breadth of our solutions and our global operating

Security Requirements in the Era of Mobile communication The case of the financial industry

EMERGING PAYMENT PRODUCTS AND PAYMENT SYSTEMS

WIRECARD FUTURE OF PAYMENTS. MainFirst Insights to Go Web Conference January 22, 2015

Mobile Contactless Payments and Data Privacy

Credit Card Fraud The Contactless Generation Kristin Paget

Enhancing the Contactless Cards UAT. Enabling faster and efficient transactions.

permitting close proximity communication between devices in this case a phone and a terminal.

Latest and Future development of Mobile Payment in Hong Kong

OVERVIEW OF MOBILE PAYMENT LANDSCAPE

OVERVIEW OF MOBILE PAYMENT LANDSCAPE Marianne Crowe Federal Reserve Bank of Boston NEACH September 10, 2014

RF-Enabled Applications and Technology: Comparing and Contrasting RFID and RF-Enabled Smart Cards

Index. 1-FLYPOS hardware/firmware Technology Overview 2-FLYPOS software architecture 3-Gateway/Acquirer Interface 4-Letters of Approval

Card Technology Choices for U.S. Issuers An EMV White Paper

NACCU Migrating to Contactless:

NFC Hacking: The Easy Way

EMV and Chip Cards Key Information On What This Is, How It Works and What It Means

Grow with our omni-channel payment processing technologies and merchant services.

How To Protect A Smart Card From Being Hacked

toast EMV in 2015: How Restaurants Can Prepare for the New Chip-and-Pin Standard

Contactless Payments with Mobile Wallets. Overview and Technology

We make cards and payments work for people as a part of everyday life. We bring information to life

Flexible and secure. acceo tender retail. payment solution. tender-retail.acceo.com

The Impact of Emerging Payment Technologies on Retail and Hospitality Businesses. National Computer Corporation

Transcription:

NFC Application Mobile Payments Public MobileKnowledge June 2014

Agenda Introduction to payments Card based payments Mobile based payments NFC based payments mpos solutions NXP Product portfolio Successful use cases 2

Introduction to payments From barter to mpayments The transfer of an item of value from one party to another in exchange for the provision of goods, services or both or to fulfill a legal obligation Payments are frequently preceded by an invoice and result in a receipt Neolithic Age 10.000 years ago Lydia (Turkey) 7th Century BC United States 20th century Worldwide 21th century Exchanging To change coin, money and banknote Provisioning To transfer money from one account to another 3

Credit Card based payments Evolution of plastic money Embossed Credit Card Payment data raised or relief in metal Easy to clone, data cannot be updated, short live Magnetic Stripe Credit Card Payment data is stored by modifying the magnetic particles of the magnetic band Easy to clone, data cannot be updated, short live Chip Credit Card Payment data is stored in high-secure tamper resistant ICs Impossible to clone, data can be updated on-demand, long live Contactless Credit Card Payment data is stored in high-secure tamper resistant ICs and accessed wirelessly Impossible to clone, data can be updated on-demand, very long live Purchases are completed in a faster and more intuitive way 4

Credit Card based payments Payment transaction 3- Auth request (transaction info) 4- Auth request (transaction info) 6- Auth response 5- Auth response Acquirer Bank $$$ Payment Network $$$ Issuer Bank 2- Card and transaction info 7- Transaction result Settlement Bank 1- Present Card Merchant Cardholder Offline operation Online operation 5

Credit Card based payments Payment card schemes Global Payment Card Schemes Magnetic Stripe RuPay: Rupee Payment PBOC: People s Bank of China EMVCo: Europay Visa MasterCard EMV Fraud Reduction numbers Europe (EMV Continent) 36% overall drop in fraud over 5 years UK fraud drops 69% over five years Fraud basic point drops 25% in France US (only non-emv G20 Country) $6.1 billion fraud losses in 2012 Potential $44.8 billion fraud losses over the next 5 years EMV migrating costs estimated at $8.6 billion 6

Credit Card based payments EMV Specifications EMVCo is currently governed by Visa, MasterCard,Amex, Discover, JCB & CUP EMVCo books define debit, credit and prepaid payment systems for IC based transactions EMVCo Contactless books provide extension for contactless transactions EMVCo defines two certification levels: Level 1: physical, electrical and transport level interfaces Level 2: payment app selection and credit financial transaction processing VSDC M/Chip 4 Others PayWave PayPass Others EMVCo 1, 2, 3, 4 books EMVCo Contactless A, B, C, D books ISO 7816 1/2/3/4/5 specifications ISO 14443 EMVCo Contact IC Stack EMVCo Contactless IC Stack 7

Credit Card based payments EMV Transaction Flow Cardholder Application Selection Identify mutually supported Application Identifiers (AID) Card Authentication Method Static, Dynamic or Combined Data Authentication Merchant Acquirer Bank Payment Network Issuer bank Card Verification Method Online PIN, Offline PIN, Signature, no CVM Card risk analysis Online / Offline transaction Validation by the card of the online processing Completion and script processing by IC POS risk analysis Online / Offline transaction Online Transaction authorization (optional) Offline operation Online operation 8

Credit Card based payments EMV Transaction Flow Cardholder Application Selection Identify mutually supported Application Identifiers (AID) Card Authentication Method Static, Dynamic or Combined Data Authentication Merchant Acquirer Bank Payment Network Issuer bank Card Verification Method Online PIN, Offline PIN, Signature, no CVM Card risk analysis Online / Offline transaction Validation by the card of the online processing Completion and script processing by IC POS risk analysis Online / Offline transaction Online Transaction authorization (optional) Sensitive Data is exchanged among entities through public networks Hardware and Software (POS, Routers, Firewalls, ) can be corrupted Offline operation Online operation 9

Credit Card based payments Payment Card Industry Security Standard Council The PCI Security Standard Council is focused on the security of the payment industry ecosystem The PCI Data Security Standard applies to entities that store, process or transmit cardholder data or authentication data 10

Credit Card based payments Summary Credit card payments and mobile payments have a lot in common Payments ecosystem is composed by the following entities The cardholder, the merchant, the issuer bank, the acquirer bank and the payment network Chip and PIN cards provide the most secure and convenient credit card solution EMVCo is the international standard for chip based credit cards. PCI Security Standard Council is in charge of the security of the whole ecosystem 11

Introduction to mobile payments Mobile payment schemes and market status Payment services performed from or via a mobile device Mobile payments adoption forecast Up to 20% of current retailing payments come from mobile channels. By 2020, 50% of transactions will be performed by a mobile phone. Four primary models for mobile payments Premium SMS based transactions Direct Mobile Billing Mobile web payments Near Field Communication (NFC) 12

NFC based payments The technology in a nutshell Payment data stored in our mobile device NFC enabled mobile devices used as payment cards Proximity communication and difficult to spy (2cm) Transactions are carried out in the same way No impact on security Compatible with current standardized infrastructure (POS) Advantages of a NFC phone compared to a card Processing power & memory Connectivity User interface Battery EMV Application Activation User Interface for Wallet applications Describes how to enable/disable payments applications from Wallet apps 13

NFC based payments Card Emulation configurations The NFC device can emulate a card using: Secure Element: high secure and tamper resistant microcontroller in the device, Widely deployed solution Form factors: usd, ese, UICC Host Processor: main processor of the device where the OS and applications reside The NFC Controller forwards each APDU according to its Routing Table App Processor (Host) HCI / NCI NFCC HCI / SWP NFC - WI SE 14

NFC based payments Secure Element based payments A specific IC to handle and store sensitive data Non-Volatile Memory Security CPU Crypto co-processors Protected through cryptographic keys Only authorized entities can access the SE Protected against tampering & attacks Secure IC validated by third parties certification, i.e. Common Criteria Same family of product as used in payment cards, e-passports Proven secure mass market products 15

NFC based payments Secure Element based payments - Specs GlobalPlatform specs define the management of multi secure applications and the messaging for the personalization, security key management and application loading on the SE Specs are independent of the final applications EMVCo is the standard for secure chip based payments Payments applications are certified together with the hardware and software on top of which they are executed JCOP 16

NFC based payments Secure Element based payments - Ecosystem Physical flow Logical flow MNO/Retailer Customer Silicon Manufacturer OEM Secure Element Manufacturer SE-TSM OEM MNO Service Prov SP-TSM Service Provider ese UICC usd 17

NFC based payments Card instantiation and selection procedure Activate / Deactivate Payments applets Update PPSE with new instantiated AID AAUI (Wallet) PPSE AID: 2PAY.SYS.DDF.01 MMPP Instance 1, Prio: 23 AID: A000000004101001 MMPP Instance 2, Prio: 21 AID: A000000004101002 Select 2PAY.SYS.DDF.01 A000000004101001, 3; A000000004101002, 2; A000000003201001, 1; TSM Creates and maintains instances of mobile payments applets Create applet Instance VMPA Instance 1, Prio: 30 AID: A000000003101001 VMPA Instance 1, Prio: 1 AID: A000000003201001 Secure element Select A000000003201001 18

NFC based payments HCE based payments Sensitive information is stored in the Host Processor or in the Cloud More memory available via host versus secure element Application/service providers and end users get (more) control Versus ese / UICC models under control of OEM s / MNO s It may accelerate the deployment of NFC services (Simpler ecosystem) more-simple-but-less-secure card emulation Endorsement of HCE payments by VISA and MasterCard EMV Payment Tokenization Specification (March 2014) Certification, a big job ahead 19

NFC based payments HCE based payments - Tokenization Token Merchant Tokenization: replacement of sensitive data with a unique identifier that cannot be mathematically reversed. PCI mandates PAN s not to be stored on non PCI DSS compliant devices Cardholder Auth Request Token Auth Response Token + Last4digPAN Acquirer Bank Must be monitored in real time, which forces always online authentication at POS Auth Request Token Auth Response Token + Last4digPAN Payment Network De-tokenization Token Service Provider Auth Request Token + PAN Auth Response PAN Issuer bank 20

NFC based payments HCE based payments - Ecosystem SE-TSM? Mobile Application Manager SP-TSM? HCE/cloud-based payments platform Issuer bank Traditional eco-system Payment Network Mobile Application HCE/cloud based payments Cardholder Merchant Acquirer Bank 21

NFC based payments SECE vs HCE Advantages of the SECE It is a provable secure solution Fully standardized Specs and Certification processes validated Well-known ecosystem Works with Offline POS infrastructure Meets timing requirements for POS redemption Advantages of the HCE It does not require specific hardware Issuer centric business model Ideal for small service providers Bigger memory capacity Full support of Android s API 22

mpos Solutions

mpos solutions Market status and forecast mpos adoption is expected to increase to 38 million by 2017, with a forecast CAGR of 42.7% largely driven by retailing sector By 2017, the adoption of mpos terminals over standard POS terminals will be 46% as opposed to the 17% in 2012. mpos proximity payment value $Billions 6 5 4 3 2 1 0 2012 2013 2014 2015 2016 2017 2018 Source: Payment Cards & Mobile 24

mpos solutions mpos system architecture Mobile is revolutionizing the traditional retail market Consumers and merchants increasingly interact in-store using tablets and/or integrated tablet systems mpos devices require a connection with another mobile device, be it a handset, tablet, or PDA. MagStripe HW Contact reader IC Contactless reader IC MAIN CONTROLLER UNIT PMU Secure Bat Battery Display Keypad Ext Memory SRAM, Flash 25

mpos solutions Specifications and Certifications mpos terminal requirements to be EMV Certified Contact & Contactless Level 1, Level 2 mpos terminal requirements to be PCI Certified PCI Data Security Standard (DSS) PCI Payment Application (PA) Data Security Standard (DSS) PCI Pin Transaction Security (PTS) PCI Pin Transaction Security (PTS) for Point of Interaction (PoI) PCI Point to Point Encryption (P2PE) Certification is completed by independent labs according to Visa and MasterCard Partner programs 26

NXP Portfolio for Mobile Payments

Mobile NFC ICs NFC Controllers + Secure Element NFC Controllers PN547 EMVCo 2.0 compliant 50% smaller footprint 50% power consumption reduction Cortex M0 uc SWP interface supported Largest operating range PN65T Stacked IC solution including PN547 and Smart MX2 (P61N1M3) JCOP3.0 28

NFC Reader ICs Low cost RF front-end IC NFC compatible with FeliCa, NFC-IP1, ISO/IEC14443 A & B support Full NFC device (Read/Write, Card Emulation, full P2P) Dedicated booster for EMVco (VISA, MASTERCARD) RF compliant Highest RF output power front-end IC paired with intelligent low power card detection Support of all major 13.56 MHz standards NFC-Ready device (Read/Write, P2P Passive Initiator) EMVco (VISA, MASTERCARD) RF compliant without dedicated booster 29

Successful Use Cases

ISIS Mobile Wallet Secure Element based Mobile Wallet Joint Venture among AT&T, T-Mobile and Verizon Wireless Submit payment and loyalty information in only one tap Visa, MasterCard, Amex, Barclaycard US and Discover Network SIM/UICC is used as the Secure Element Users can remotely suspend their account in case of loss Commercial launch in the United States 31

Bankinter & BRC Mobile Wallets HCE based Mobile Wallet Spain-based Bankinter bank together with Spanish Seglan company has developed a HCE solution for EMV payments Risk assessment' process performed by Fraunhofer AISEC laboratory Bank Royal of Canada has introduced an NFC mobile payments service that stores customer s cards details in the cloud Its EMV-enabled Secure Cloud service uses the Secure Element to store tokens. 32

Google Wallet Moving from SE to HCE based Wallet Google Wallet version 1.0 Released in September 2011 Google, MasterCard, Citibank and NXP joined the project All credit card information stored in the SE Google Wallet version 1.5 Released in August 2012 Support for all major credit cards: Visa, American Express, Cards data stored in Google s highly secure servers A virtual card ID is stored in the SE, which is used for transactions Google Wallet version HCE Released in March 2014 Google goes HCE and ends support for physical SE 33

Conclusion

Mobile Payments Summary Mobile payments market share to significantly increase in the incoming years NFC based payments are compliant with traditional card based ecosystem Well-known ecosystem defined for many years Mobile devices provide new features EMVCo is the international standard for NFC mobile payments Two main configurations are available: SE and HCE based payments Mobile devices to be used also as mpos devices NXP is offering the widest portfolio in the market Successful mobile payment applications are already in the market 35

MobileKnowledge Thank you for your attention www.themobileknowledge.com We are a global competence team of hardware and software technical experts in all areas related to contactless technologies and applications. Our services include: Application and system Design Engineering support Project Management Technological Consulting Advanced Technical Training services We address all the exploding identification technologies that include NFC, secure micro-controllers for smart cards and mobile applications, reader ICs, smart tags and labels, MIFARE family and authentication devices. For more information Eric Leroux eric.leroux@themobileknowledge.com +34 629 54 45 52 36

NFC Application Mobile Payments Gorka Hernando (Speaker) / Eric Leroux (Host) Thank you for your kind attention! Please remember to fill out our evaluation survey (pop-up) Check your email for material download and on-demand video addresses Please check NXP and MobileKnowledge websites for upcoming webinars and training sessions www.nxp.com/products/related/customer-training.html www.themobileknowledge.com/content/knowledge-catalog-0 37