PREVENTING PAYMENT CARD DATA BREACHES

Similar documents
Prevention Is Better Than Cure EMV and PCI

EMV and Small Merchants:

EMV and Restaurants: What you need to know. Mike English. October Executive Director, Product Development Heartland Payment Systems

Payments Transformation - EMV comes to the US

CONTACTLESS INTEROPERABILITY IN TRANSIT

Mitigating Fraud Risk Through Card Data Verification

What Merchants Need to Know About EMV

Heartland Secure. By: Michael English. A Heartland Payment Systems White Paper Executive Director, Product Development

MOBILE PAYMENT SECURITY: BLE OR NFC

EMV and Restaurants What you need to know! November 19, 2014

U.S. Smart Card Migration: Stripe to EMV Claudia Swendseid, Federal Reserve Bank of Minneapolis Terry Dooley, SHAZAM Kristine Oberg, Elavon

EMV's Role in reducing Payment Risks: a Multi-Layered Approach

Emerging Trends in the Payment Ecosystem: The Good, the Bad and the Ugly DAN KRAMER

How to Prepare. Point of sale requirements are changing. Get ready now.

Card Acceptance Best Practices Playing it Safe at the Point of Sale

EMV : Frequently Asked Questions for Merchants

EMV EMV TABLE OF CONTENTS

What is EMV? What is different?

EMV Frequently Asked Questions for Merchants May, 2014

Understand the Business Impact of EMV Chip Cards

welcome to liber8:payment

Credit Card Processing, Point of Sale, ecommerce

Card Network Update Chip (EMV) Acceptance in the United States At-A-Glance

Preparing for EMV chip card acceptance

PCI and EMV Compliance Checkup

Visa Recommended Practices for EMV Chip Implementation in the U.S.

Payment Card Industry (PCI) Data Security Standard. PCI DSS Applicability in an EMV Environment A Guidance Document Version 1

Transitions in Payments: PCI Compliance, EMV & True Transactions Security

EMV and Chip Cards Key Information On What This Is, How It Works and What It Means

THE ROAD TO U.S. EMV MIGRATION Information and Strategies to Help Your Institution Make the Change

Chip Card (EMV ) CAL-Card FAQs

PCI 3.1 Changes. Jon Bonham, CISA Coalfire System, Inc.

Protecting Cardholder Data Throughout Your Enterprise While Reducing the Costs of PCI Compliance

A Guide to EMV. Version 1.0 May Copyright 2011 EMVCo, LLC. All rights reserved.

EMV ADOPTION AND ITS IMPACT ON FRAUD MANAGEMENT WORLDWIDE

OpenEdge Research & Development Group April 2015

Payment Methods. The cost of doing business. Michelle Powell - BASYS Processing, Inc.

The need for a secure & trusted payment instrument in e-commerce. Ali AlMeshal

Enhancing Payment Card Security New Measures to be Phased in from 2 nd Quarter 2010 to 1 st Quarter 2011

What Issuers Need to Know Top 25 Questions on EMV Chip Cards and Personalization

Effectively Managing Data Breaches

E2EE and PCI Compliancy. Martin Holloway VSP Sales Director VeriFone NEMEA

Introductions 1 min 4

Implication of EMV Migration for the U.S. Transportation Industry. May 1, Implication of EMV Migration for the U.S. Transportation Industry

Section 3.9 PCI DSS Information Security Policy Issued: June 2016 Replaces: January 2015

A RE T HE U.S. CHIP RULES ENOUGH?

EMV and Encryption + Tokenization: A Layered Approach to Security

A Guide to EMV Version 1.0 May 2011

CardControl. Credit Card Processing 101. Overview. Contents

U.S. Bank. U.S. Bank Chip Card FAQs for Program Administrators. In this guide you will find: Explaining Chip Card Technology (EMV)

Credit Card Processing Overview

Acceptance to Minimize Fraud

Your Reference Guide to EMV Integration: Understanding the Liability Shift

The Adoption of EMV Technology in the U.S. By Dave Ewald Global Industry Sales Consultant Datacard Group

Key Steps to Meeting PCI DSS 2.0 Requirements Using Sensitive Data Discovery and Masking

EMV FAQs. Contact us at: Visit us online: VancoPayments.com

Securing the Payments System. The facts about fraud prevention

Secure Payments Framework Workgroup

FAQ EMV. EMV Overview

Testimony of Scott Talbott, Sr. V.P. for Government Relations, Electronic Transactions Association (ETA)

Android pay. Frequently asked questions

FAQ on EMV Chip Debit Card and Online Usage

THE FIVE Ws OF EMV BY DAVE EWALD GLOBAL EMV CONSULTANT AND MANAGER DATACARD GROUP

American Express Contactless Payments

EMV FAQs for developers

AIS Webinar. Payment Application Security. Hap Huynh Business Leader Visa Inc. 1 April 2009

Solutions For Higher Education: Reducing Compliance Scope Across Campus With PCI Validated P2PE

Frequently Asked Questions

How To Spot & Prevent Fraudulent Credit Card Activity

Stronger(Security(and( Mobile'Payments'! Dramatically*Faster!and$ Cheaper'to'Implement"

Guide to Data Field Encryption

mobile payment acceptance Solutions Visa security best practices version 3.0

Initial Roadmap: Point-to-Point Encryption Technology and PCI DSS Compliance

CITGO CHIP & MOBILE TM. Quick-Start Guide YOUR CUSTOMERS. are

Understanding the Role of Hardware Data Encryption in EMV and P2PE from the CEO s Perspective

Fraud Protection, You and Your Bank

White Paper: Are there Payment Threats Lurking in Your Hospital?

PCI Training for Retail Jamboree Staff Volunteers. Securing Cardholder Data

EMV in Hotels Observations and Considerations

Becoming PCI Compliant

Transcription:

NEW SCIENCE TRANSACTION SECURITY ARTICLE PREVENTING PAYMENT CARD DATA BREACHES DECEMBER 2014 UL.COM/NEWSCIENCE

NEW SCIENCE TRANSACTION SECURITY OVERVIEW From research on the latest electronic transaction security technologies to comprehensive strategies for reliable mobile payment solutions, UL s New Science advances are helping to support compliance, interoperability and security for the latest transaction technology implementations. UL is working with customers across the industry, conducting stateof-the-art trials; analyzing and assessing the security, functionality and interoperability of new and existing technologies; and enhancing implementation processes and developing unique migration architectures to help transition disparate systems to a new platform. NEW SCIENCE TRANSACTION SECURITY 2

WHY PREVENTING PAYMENT CARD DATA BREACHES MATTERS Payment card data breaches became a hot topic in the U.S. in 2013, highlighted by the Target and Neiman Marcus incidents, in which 40 million 1 and 350,000 2 cards, respectively, were compromised. However, while these two incidents dominated the spotlight, in the same year there were more than 600 security breaches in the U.S., 3 resulting in $6.8 billion in card fraud losses. 4 There were an additional $6.5 billion in card fraud losses in other countries in 2013. 5 Understandably, preventing payment card data breaches has become a top priority for the payments industry, particularly in the U.S. CONTEXT A payment card data breach is the result of one or more hackers gaining access, often on a large scale, to information stored on debit or credit cards with the goal of selling this information on the black market or directly performing fraudulent transactions. 6 When a particular merchant is compromised, all consumers who used their payment cards at that merchant s retail locations are at risk. 7 This is broadly what occurred in the Target and Neiman Marcus incidents. In both cases, malware strains designed to take advantage of system vulnerabilities circumvented security, enabling backdoor access to consumer card data. 8 EMV cards have achieved a high level of adoption largely because they have helped decrease counterfeit fraud by 60 to 80 percent. Currently, the U.S. accounts for almost 50 percent of annual card fraud globally, which is comparatively high, given that 27 percent of card transactions occur in the U.S. 9 One contributing factor is that the U.S. is the last of the G20 countries to migrate to EMVbased credit and debit cards, 10 and the predominant credit and debit cards currently in use in the U.S. employ magnetic stripe (magstripe) technology, which was introduced to the mass market in the early 1970s 11 long before the Internet and mobility transformed the payments industry. EMV cards were first introduced in 1994 12 and were later adopted by most of the world, including 19 of the G20 nations. 13 These cards use an embedded chip to generate a unique encrypted code for each transaction, allowing the issuer to accurately confirm the authenticity of the card, while reducing the risk of fraud, unauthorized access to information and duplicate cards. 14 EMV cards have achieved a high level of adoption largely because they have helped decrease counterfeit fraud by 60 to 80 percent in countries where EMV cards have become the standard. 15 By the end of 2013, there were more than 2.37 billion EMV cards issued globally, 16 of which 17 to 20 million were issued in the U.S. 17 3

Driven by the major credit card brands, the U.S. is now in the process of migrating to EMV, with liability to card fraud mandated to shift to merchants by October 1, 2015 if they do not have EMV-enabled payment devices. 18 However, EMV is a digital transaction protocol that introduces a cryptographically secured means of determining the authenticity of credit and debit cards, helping these cards avoid being cloned by hackers. 19 Despite this protection, which goes beyond what is provided by magnetic stripe technology, EMV itself is unable to prevent the installation of malicious software that could lead to a commercial data breach, such as what occurred at Target and Neiman Marcus. 20 WHAT DID UL DO? UL conducted a comprehensive risk analysis of payment card fraud scenarios. From our study of data breaches, we understand that the type of card data that is obtained tends to include Track 2 data (the cardholder s account, encrypted PIN plus other discretionary data 21 ) of every card that was swiped at the compromised point-of-sale (PoS) device, along with the encrypted PIN data for every card transaction that was PIN-based. Although we believe it is extremely unlikely for the encryption to be broken, which would provide access to the actual PIN numbers, we have seen that stolen card data can be used to create counterfeit copies of the original cards. Whether these cards can be used in fraudulent transactions depends on two considerations: the kind of card that is compromised and the usage environment where the fraudulent card is used. These two considerations became the parameters for our risk analysis. 22 By itself, EMV technology is unable to prevent the installation of malicious software that could lead to a commercial data breach. We assessed the potential for fraud across different scenarios that are based on crossreferencing payment card technologies with acceptance environments. The specific payment card technologies we examined included magstripe and PIN, magstripe and signature, and EMV. The different acceptance environments included a magstripe PoS terminal, an EMV PoS terminal and an ATM machine for card-present transactions, as well as an Internet-based payment for card-not-present (CNP) transactions. This process yielded a robust set of scenarios, for which we then conducted risk assessments. 23 4

Payment card fraud risk assessment scenarios 24 Magstripe + Signature Compromised Card Magstripe + PIN EMV Attempted usage environment Magstripe PoS 1 2 3 EMV PoS 4 5 6 ATM 7 8 9 Internet (CNP) 10 11 12 Scenarios No fraud possibilities Conditional possibilities Unconditional possibilities Not a valid scenario Risk assessment insights Scenario 1: A swipe and PIN transaction is compromised, and fraud is attempted at magstripe PoS device that only requires a signature Unconditional fraud possibilities In this scenario, the ability for a criminal to commit fraud depends on the card type and issuer rules. As the PIN has not been compromised, signaturebased or no-cvm required (without the 3- or 4-digit code that is imprinted on the physical card but excluded from the magnetic stripe) transactions are at risk with issuers that allow their debit cards to be authorized either using a signature or without a PIN or signature (no CVM, for lowticket transactions). 26 Scenario 2: A swipe and PIN transaction is compromised, and fraud is attempted at a magstripe PoS device Conditional fraud possibilities This is the most likely form of fraud resulting from large-scale PoS compromise. In this scenario, a hacker is able to clone (i.e., create a copy) the compromised card to use in card-present situations using his or her 5

own signature. An issuer would have no way of telling the difference between a transaction with the genuine card or with the cloned card. The issuer would be liable for the fraud but may seek to shift liability to the merchant that was the source of the card data compromise. Acquirers can take additional measures to limit exposure to this kind of fraud. For example, PoS software can be modified to require merchants to enter the last four digits of the embossed primary account number (PAN) prior to authorization, as this would make it more difficult for a criminal to create cloned cards using compromised card data; although, this measure can be overcome because it has become relatively easy to obtain embossing equipment. Another fraud mitigation method is to ask customers for photo- ID to check against the name on the supplied card, but this can slow the transaction time, adding cost to the merchant while inconveniencing customers. 25 Scenario 3: An EMV-card transaction is compromised, and fraud is attempted at a magstripe PoS device Conditional fraud possibilities We assessed the potential for fraud across 12 different scenarios that were created by cross-referencing key payment card technologies with common acceptance environments. In this scenario, the ability to commit fraud is determined by the issuer of the card. The issuer will be able to detect that, based on the PoS entry mode data element in Field 55 (authorization data in the magstripe used by an acquirer to create a clearing message), the card is used in a magstripeonly terminal. Since this was originally an EMV card, this transaction may fall under the EMV liability shift regime (depending on region). The issuer may choose to decline the transaction, in which case no fraudulent transaction can take place. If the issuer chooses to approve the transaction, the fraud can occur and local liability shift rules will determine whether issuer or acquirer is liable for fraud. 27 Scenario 4: A swipe and PIN transaction is compromised, and fraud is attempted at EMV-compliant PoS device Unconditional fraud possibilities Here, the same rationale as Scenario 1 applies, with the assumption that the EMV-compliant PoS device is still capable of reading a magstripe card. Depending on the CVM requirements on a debit or credit card, transactions with a fraudulent card can potentially be authorized. 28 Scenario 5: A swipe and signature transaction is compromised, and fraud is attempted at EMV-compliant PoS device Conditional fraud possibilities 6

This case follows the same rationale as Scenario 2, in which the fraudulent card can be successfully used by the hacker, even though the PoS device is EMV-compliant. 29 Scenario 6: An EMV-card transaction is compromised, and fraud is attempted at EMV-compliant PoS terminal No fraud possibilities The ability to commit fraud in this scenario depends on regional fallback rules (the backup protocols, if any, that are authorized when the primary mode does not work). To an EMV-compliant PoS device, the fraudulent card will look like an EMV card in which the chip is damaged. In this case, the service code on the magstripe Track 2 would indicate the presence of a chip that the PoS device is unable to read, so the transaction may qualify for fallback under appropriate rules. If fallback is not allowed, the fraudulent transaction will be rejected. However, if fallback is allowed, the issuer will authorize the transaction if sufficient funds are available in the account. During the initial stages of EMV migration in the U.S., if fallback is allowed, Scenario 6 should be colored orange to indicate the potential for risk. 30 If the U.S. had already migrated to EMV, the consequences of the reported large-scale card compromises would have been less severe. Scenario 7: Magstripe and signature at an ATM Not a valid scenario There is no signature at an ATM. 31 Scenario 8: A swipe and PIN transaction is compromised, and fraud is attempted at an ATM Conditional fraud possibilities Generally, a cloned card is unable to be used to commit fraud at an ATM machine, as this would require a correct PIN number to be entered. However, criminals can use social engineering and phishing techniques to obtain PIN numbers 32, and it is also possible for criminals to obtain identity information to change the PIN numbers of cloned cards. 33 Scenario 9: ATM usage of a compromised EMV card No fraud possibilities With a cloned EMV card, criminals will not be able to duplicate the information contained in the EMV chip. An EMV-enabled ATM will return an invalid transaction on a duplicated card. 34 7

Scenarios 10, 11 and 12: Internet, CNP usage of a compromised card Conditional fraud possibilities In theory, the data that are stolen from cards by compromising a PoS device cannot be used for CNP internet purchases. This is because a compromised PoS device only gives access to magstripe Track 2 data, which do not contain the so-called security code (referred to as CVV2 or CVC2 data) printed on the signature panel of the card. 35 However, experience has shown that under certain circumstances, fraud can be successfully committed with the data gathered through a large-scale PoS compromise: In some cases, a web-based merchant that accepts card payments does not require entry of a security code to complete a transaction. In these cases, compromised card data can successfully be used for fraudulent purchases. Since the merchant does not require all the data it is supposed to (the CVC2 security code), the merchant will be liable for any losses. Some issuers do not validate the value of the CVC2 data, which means compromised card data can be used for CNP purchases. In this case, the issuer will be liable for any losses. A statistical attack vector exists with a large-scale PoS compromise. Because the CVC2 security code is a three-digit numerical value, there are 1,000 possible combinations. Most issuers allow three subsequent CVC2 validation attempts before fraud is suspected and authorization is declined, which yields a 0.3 percent per card success rate for fraudulent CNP transactions. When the data from millions of payment cards are stolen, there is a large statistical chance of committing fraud in CNP environments (the 0.3 percent hit rate would yield 3,000 usable cards out of one million compromised). In this case, the issuer would be liable for transaction fraud, but would likely seek to shift liability to the merchant where the large-scale PoS compromise took place. 36 Preventing large-scale data breaches The EMV transaction protocol takes place between an EMV-compliant card (debit or credit) and an EMV-compliant PoS device or ATM. By using EMV, PoS devices and/or card issuers will always be able to detect attempted card cloning. However, for reasons of backwards compatibility, non-emv compliant cards can be used on EMV-compliant 8

acceptance infrastructures. Similarly, EMV-compliant cards are usable on magstripeonly acceptance devices. Because of this, merchants that have EMV-enabled their PoS acceptance infrastructures can still be a source of card data compromise in case a hacker gains access to PoS software code and can still unknowingly acquire card fraud (see Scenarios 4, 5, and 6). That said, if the U.S. had already migrated to EMV, the consequences of large-scale card compromises, such as the ones recently reported, would have been less severe (see Scenario 6). 37 Beyond EMV compliance, UL believes that the Payment Card Industry (PCI) standards play a vital role in the process of preventing data breaches. PCI Data Security Standard (DSS) controls (a set of technical and operational requirements designed to protect cardholder data 38 ) have been designed to prevent and/or detect a large-scale compromise. To commit such fraud, criminals need a point of ingress to allow for the wide-scale delivery of a compromise, a known vulnerability in the system to allow for the compromise and a point of egress for the exfiltration of the collected data. These points are directly addressed by the PCI DSS requirements, and although compliance is not an absolute guarantee of prevention of such a compromise, we believe that data breaches are far more likely to have resulted from a lack of rigor around one or more of the PCI DSS controls. 39 If hackers were to attempt to collect card data directly from a PoS device, this form of compromise could largely be mitigated through the use of encryption on all cardholder data at the point of interaction (POI) at the PIN Entry Device itself before the data are passed into a PC-based PoS system. Specifically, compliance with the PCI Point-to-Point Encryption (P2PE) requirements, or even just the correct use of Secure Reading and Exchange of Data (SRED)-approved POI devices, would help remove all cardholder data from the PoS environment. This is likely the largest single step retailers can take to protect their customers card data. 40 The combination of PCI and EMV compliance will provide a robust framework against card fraud in both the card-present and CNP domains. IMPACT As the U.S. payments industry transitions from magstripe to EMV cards, a large number of potential security risks will be mitigated. EMV compliance will help ensure that the card account information that flows through a PCI-compliant acquiring infrastructure is genuine and can be authenticated, and an acquiring infrastructure that is compliant with applicable and up-to-date PCI standards should provide sufficient end-to-end protection against card account compromise. UL believes that the combination of PCI and EMV compliance will provide a robust framework against card fraud in both the card-present and CNP domains. During this time of transition in the U.S., we will continue to closely monitor existing and emerging security threats, identify gaps and formulate proactive risk mitigation strategies to help ensure payment security. 41 9

SOURCES 1 Riley, M. et al., Missed Alarms and 40 Million Stolen Credit Card Numbers: How Target Blew It, BloombergBusinessweek, 13 Mar. 2014. Web: 25 June 2014. http://www.businessweek.com/articles/2014-03-13/target-missedalarms-in-epic-hack-of-credit-card-data. 2 Roman, J., Neiman Marcus Downsizes Breach Estimate, BankInfo Security, 23 Feb. 2014. Web: 25 June 2014. http://www.bankinfosecurity.com/neimanmarcus-downsizes-breach-estimate-a-6532. 3 The Path to Payment Security, CardConnect, 2014. Web: 13 June 2014. http://www.cardconnect.com/uploads/documents/payment_security_ White_Paper.pdf. 4 Heggestuen, J., Here s What Will Change When the US Switches Over to the New EMV Chip on Credit Cards, Business Insider, 21 Apr. 2014. Web: 13 June 2014. http://www.businessinsider.com/what-will-change-when-the-usswitches-over-to-the-new-emv-chip-on-credit-cards-2014-4#ixzz33nz5vvox. 5 Ibid. 6 Bron, M., Prevention Is Better Than Cure, UL, 2014. White paper, 27 May 2014. 7 Ibid. 8 Kepes, B., Target and Neiman Marcus Just the Tip of the Iceberg More Retail Security Breaches to Come, Forbes, 23 Jan. 2014. Web: 26 June 2014. http://www.forbes.com/sites/benkepes/2014/01/23/target-and-neimanmarcus-the-tip-of-the-iceberg-more-retail-security-breaches-to-come/. 9 Dahiya, R., Preparing for EMV Cards, Independent Banker, 28 May 2014. Web: 13 June 2014. http://independentbanker.org/2014/05/preparingfor-emv-cards/. 10 EMV: FAQ, Smart Card Alliance, 2014. Web: 26 June 2014. http://www. smartcardalliance.org/pages/publications-emv-faq#q2. 11 Halliday, S.G., Introduction to Magnetic Stripe & Other Card Technologies, High Tech Aid, 24 Apr. 1997. Web: 26 June 2014. http://www.hightechaid.com/ tech/card/intro_ms.htm. 12 Urken, R. K., Why Your Credit Card Needs an International Upgrade: The EMV Chip, Daily Finance, 8 Aug. 2012. Web: 13 June 2014. http://www.dailyfinance. com/2012/08/08/why-your-credit-card-needs-an-international-upgrade-theemv-chi/. 13 EMV: FAQ, Smart Card Alliance, 2014. Web: 26 June 2014. http://www. smartcardalliance.org/pages/publications-emv-faq#q2. 14 Tips for Preventing a Data Breach in Your Business Prepare for EMV Acceptance, Worldpay, Spring 2014. Web: 13 June 2014. http://www.worldpay. us/merchant-advisor/spring-2014/tips.html. 15 EMV Chip + Fingerprint Technology Combine on SmartMetric Card to Fight Fraud, Marketwired, 4 Feb. 2014. Web: 12 June 2014. http://www. marketwired.com/press-release/emv-chip-fingerprint-technology-combineon-smartmetric-card-to-fight-fraud-otcqb-smme-1875519.htm. 16 EMV Resources, EMV Connection, 2013. Web: 13 June 2013. http://www.emvconnection.com/emv-resources/. 17 EMV: FAQ, Smart Card Alliance, 2014. Web: 26 June 2014. http://www. smartcardalliance.org/pages/publications-emv-faq#q2. 18 Morea, D., EMV in the U.S.: Putting It Into Perspective for Merchants and Financial Institutions, First Data Corporation White paper, 2011. Web: 26 June 2014. http://www.firstdata.com/downloads/thought-leadership/emv_us.pdf. 19 Bron, M., Interview, UL, 5 June 2014. 20 Bron, M., Prevention Is Better Than Cure, UL, 2014. White paper, 27 May 2014. 21 Padilla, L., Track Format of Magnetic Stripe Cards, ACME Technologies, 14 July 2010. Web: 26 June 2014. http://www.acmetech.com/documentation/ credit_cards/magstripe_track_format.html. 22 Bron, M., Prevention Is Better Than Cure, UL, 2014. White paper, 27 May 2014. 23 Ibid. 24 Ibid. 25 Ibid. 26 Ibid. 27 Ibid. 28 Ibid. 29 Ibid. 30 Ibid. 31 Ibid. 32 What Should You Know About the Switch to EMV? Welch ATM, 2014. Web: 12 Nov. 2014. http://www.welchatm.com/what-should-you-know-about-theswitch-to-emv.html. 33 Bron, M., Interview, UL, 7 Nov. 2014. 34 Krebs, B., Replay Attacks Spoof Chip Card Charges, Krebs on Security, 27 Oct. 2014. Web: 12 Nov. 2014. http://krebsonsecurity.com/2014/10/replay-attacksspoof-chip-card-charges/. 35 Bron, M., Prevention Is Better Than Cure, UL, 2014. White paper, 27 May 2014. 36 Ibid. 37 Ibid. 38 Payment Card Industry (PCI) Data Security Standard, PCI Security Standards Council, Oct. 2010. Web: 27 June 2014. https://www.pcisecuritystandards.org/ documents/pci_dss_v2.pdf. 39 Bron, M., Prevention Is Better Than Cure, UL, 2014. White paper, 27 May 2014. 40 Ibid. 41 Ibid. 10

TRANSACTION SECURITY ARTICLES MOBILE PAYMENTS SECURING HCE MOBILE PAYMENT SECURITY: BLE OR NFC SECURE PAYMENTS BIOMETRICS FOR PAYMENTS TRANSIT TICKETING CONTACTLESS INTEROPERABILITY IN TRANSIT NEXT GENERATION TRANSIT TICKETING 11

To learn more, explore the New Science advances in Indoor Air Quality, Transaction Security, Sustainable Energy, Workplace Health & Safety and Fire Safety. Watch our videos, read our journals, articles and case studies, scroll through our galleries and meet our experts. VISIT US ON UL.COM/NEWSCIENCE NEWSCIENCE@UL.COM +1 847.664.2040 New Science Transaction Security cannot be copied, reproduced, distributed or displayed without UL s express written permission. V.17. UL, the UL Logo and NEW SCIENCE are trademarks of UL LLC 2014.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information