SEPA Security Certification Framework



Similar documents
Payments and Withdrawals with Cards in SEPA Applicable Standards and Certification Process

Paving the way for a SEPA wide Payment Solution. The OSCar Project June 2013

How To Improve Card Payment Protocol In Europe

EPC SEPA CARDS STANDARDISATION (SCS) VOLUME

Summary 4th Eurosystem Security Certification Forum

Or the. EPASOrg Annual Conference ISO card payment standards development. William VANOBBERGHEN, Secretary General, EPASOrg

ECB-RESTRICTED. Card payments in Europe a renewed focus on SEPA for cards

SEPA Cards Standardisation Volume v7.1 Bulletin Book 2 (Approved by the EPC Board on )

A Guide to EMV. Version 1.0 May Copyright 2011 EMVCo, LLC. All rights reserved.

Terms of Reference of the SEPA Cards Certification Management Body (SCCMB)

Requirements for an EMVCo Common Contactless Application (CCA)

Roadmap for the Single Euro Payments Area

Questions & Answers clarifying key aspects of the SEPA Cards Framework

SEPA Clients in A Secure Cloud Banking Environment IKRAM RAHIM. Master s Degree Project Stockholm, Sweden Master Thesis in Communication Systems

TERMS OF REFERENCE FOR THE SEPA COMPLIANCE OF CARD SCHEMES

Paving the way for a SEPA wide Payment Solution. The OSCar Project April 2014

4 PAYMENT CARD SECURITY IN THE CONTEXT OF EUROPEAN HARMONISATION

EPC SEPA CARDS STANDARDISATION (SCS) "VOLUME" BOOK 2

EPC SEPA CARDS STANDARDISATION (SCS) VOLUME

Credit Card Processing Overview

JTEMS - a technical community for the evaluation of payment terminals. Sandro Amendola, SRC Ingo Hahlen, BSI 11 th ICCC, Turkey

EC - Green Paper Towards an integrated European market for card, internet and mobile payments European Payments Council Response

welcome to liber8:payment

Il Ruolo della Tecnologia: l importanza delle scelte e l ottimizzazione dei costi SIAnet for SEPA! Giacomo BUICO Network Services Director

CardControl. Credit Card Processing 101. Overview. Contents

A Guide to EMV Version 1.0 May 2011

EMV and Small Merchants:

Rules. Procedure for the Security Certification of POI devices. Version April 2015 proc.cert.poi devices

EMV Frequently Asked Questions for Merchants May, 2014

EMV : Frequently Asked Questions for Merchants

Mobile Payments World. Consul4ng Overview 2013

ACQUIRER OR ACQUIRING BANK A financial institution (often a bank) where a merchant has an account to process transactions and card payments

Your Reference Guide to EMV Integration: Understanding the Liability Shift

What Merchants Need to Know About EMV

White Label Payment Olivier Sanrey

Payments Cards and Mobile Consul3ng Overview 2013

FREQUENTLY ASKED QUESTIONS ABOUT SEPA

The Adoption of EMV Technology in the U.S. By Dave Ewald Global Industry Sales Consultant Datacard Group

Index. 1-FLYPOS hardware/firmware Technology Overview 2-FLYPOS software architecture 3-Gateway/Acquirer Interface 4-Letters of Approval

Private Label Payment Systems. White Label Systems

for CONSUMERS Information on the SINGLE EURO PAYMENTS AREA

Payment Card Industry (PCI) Data Security Standard. PCI DSS Applicability in an EMV Environment A Guidance Document Version 1

Mobile Payment Solutions: Best Practices and Guidelines

Author: Trevor Day Briony Krikorian-Slade

The Canadian Migration to EMV. Prepared By:

NFC Application Mobile Payments

Bringing Mobile Payments to Market for an International Retailer

World-wide trends in innovation on the acquiring side

EMV mobile Point of Sale (mpos) Initial Considerations

ITU-T E.118. The international telecommunication charge card

Submission to the Reserve Bank of Australia. Strategic Review of Payments Innovation

INTRODUCTION AND HISTORY

Payments Package: Technical concerns

SETUP GUIDE. Thank you for your purchase of Hamilton products! In this handy guide, you will discover: ADDITIONAL REQUIREMENTS SETUP HOW IT WORKS

Visa Europe Our response to the European Commission s proposed regulation of interchange fees for card-based payment transactions

EMV and Restaurants: What you need to know. Mike English. October Executive Director, Product Development Heartland Payment Systems

Proposed name : CAPE ("Card Payments Exchanges" set of messages) The EPAS Consortium acting on behalf of the following organisations :

Suzanne Lynch Professor of Practice Economic Crime Utica College sl6-15 1

OT PRODUCTS AND SOLUTIONS EMV-IN-A-BOX

ICS Presents: The October 1st 2015 Credit Card Liability Shift: This Impacts Everyone!

)454 % 4HE INTERNATIONAL TELECOMMUNICATION CHARGE CARD

SNAP EBT Third Party Processor (TPP) List and Guidance to Retailers

The EMV Readiness. Collis America. Guy Berg President, Collis America

Credit and debit card payment processing. Proven daily in 20,000 parking terminals worldwide

Secure Payments Forum

THE FIVE Ws OF EMV BY DAVE EWALD GLOBAL EMV CONSULTANT AND MANAGER DATACARD GROUP

MasterCard PayPass. M/Chip, Acquirer Implementation Requirements. v.1-a4 6/06

Irmfried Schwimann. Acting Director 'Financial services and Health-related markets' European Commission, DG Competition. SEPA and competition

Answers to the Green Paper Towards an integrated European market for card, internet and mobile payments

PCI PA-DSS Requirements. For hardware vendors

In 2014 all ECB publications feature a motif taken from the 20 banknote. CARD PAYMENTS IN EUROPE A RENEWED FOCUS ON SEPA FOR CARDS

EMV FAQs. Contact us at: Visit us online: VancoPayments.com

Dates VISA MasterCard Discover American Express. support EMV. International ATM liability shift 2

12/4/2013. Regulatory Updates. Eric M. Wright, CPA, CITP. Schneider Downs & Co., Inc. December 5, 2013

PCI 3.1 Changes. Jon Bonham, CISA Coalfire System, Inc.

Payments Gateways Opportunities for Acquirers

THE ITALIAN BANKING ASSOCIATION Cards 2009 Cards Revolution. Payment cards between the PSD and SEPA

permitting close proximity communication between devices in this case a phone and a terminal.

EMV DEBIT ROUTING VERIFONE.COM

U.S. Smart Card Migration: Stripe to EMV Claudia Swendseid, Federal Reserve Bank of Minneapolis Terry Dooley, SHAZAM Kristine Oberg, Elavon

M/Chip Functional Architecture for Debit and Credit

Information about this New Guide

Meet The Family. Payment Security Standards

What is SEPA? Fact Sheet. Streamlining Payments in Europe

Euro Retail Payment Board

Contactless Security Controls in Place to Protect Payment Card Data

European Parking Industry Payments Landscape

FIME SECURITY OFFER. PCI PTS POI security evaluation process

ERPB FINAL REPORT MOBILE AND CARD-BASED CONTACTLESS PROXIMITY PAYMENTS

Visa Recommended Practices for EMV Chip Implementation in the U.S.

Payment Methods. The cost of doing business. Michelle Powell - BASYS Processing, Inc.

Mobile Near-Field Communications (NFC) Payments

Questions & Answers on Payment Statistics

Payment Card Industry Update and Cyber Risk Management

PCI and EMV Compliance Checkup

JTEMS A Community for the Evaluation and Certification of Payment Terminals

Payment Card Industry Data Security Standard (PCI DSS)

Fall Conference November 19 21, 2013 Merchant Card Processing Overview

Emerging Trends in the Payment Ecosystem: The Good, the Bad and the Ugly DAN KRAMER

EPC Version 2.0

Transcription:

www.epc-cep.eu SEPA Security Certification Framework Topic 7 for discussion 25 th COGEPS Ugo Bechis EPC - Cards Working Group Chair Cards Stakeholders Group Co-Chair Bruxelles, 10- October 20

SEPA Card Seciruty Standards: Ecosystem EPC & CSG International Bodies Market Initiatives Principles - Rules Security Standards Requirements Security Implementation & test methodology EPC CWG: SCF EPC: Resolutions TC68/SC2 (Security standardisation) ISO IEC/JTC1/SC27 (IT security) ISO TC68/SC 7 OSeC PCI Other CSG: Volume BoR 4

Card Security Requirements: Volume - chapter 5 Security Single set of Security Requirements for cards & terminals a common, single one, not in the competitive domain Volume BoR Chapter 5 - highlights: 5.2 Data Protection Requirements 5.3 Card Security Requirements 5.4 Terminal / POI Security Requirements 5.5 Payment Application Specific Requirements 5.5.2 Card Not Present - CNP 5.6 End-to-End Security Requirements Chapter 5 referrals to International Standards Bodies Spec.s 5

Cards Certification - CMB: Volume chapter 6 Certification The SEPA Certification Management Body A Framework document CMB Terms of Reference CMB Roles and procedures Volume Standards Requirements Volume Ch. 6 Volume Ch. 5 6

CMB - Certification Framework: Scope & roles CMB: EPC Resolution 23.6.2010, endorsed by CSG 14.9.2010 CMB Governance: Banks and Schemes + Retail for non security matters Scope: harmonise certification processes to 1 SEPA Security Certificate Roles: a) issuing SEPA rules for recognition of Certification Authorities & labs b) listing references for SEPA market certification implementation, c) light oversight, monitoring compliance of certification authorities/processes and acceptance of certificates d) monitoring the certification implementation by the market, e) support convergence of evaluation methodologies 7

EPC Plenary 27.9.20 2.d Resolution on CMB EPC Plenary resolved: CMB be set up as an EPC body, open to the 3 Sectors governance CMB role to be restricted to Certification processes only Standards Requirements & Spec.s to be addressed at Volume level Volume BoR chapter 5 to be extended to Common Criteria Protection Profiles OSeC Pilot outcome will feed Certification processes on POI CSG designated a representative to OSeC Steering Co. 8

SEPA Payments Security: an open issue Payments Security requires harmonized Self-Regulation & Regulation EPC and International Standards Bodies Self-regulation is impacted by some National Authorities regulatory requirements National Authorities (NCB s, other) different sources of legitimacy: > National laws > PSD adoption > Cards Oversight Framework Sources of legitimacy and ruling guidelines have to be harmonized 9

Volume referrals to International Standards Bodies ISO4217 - Currency Codes ISO7810 - Identification cards - Physical Characteristics ISO78 - Identification cards - Recording Technique ISO7812 - Identification cards - Identification of Issuers (IIN, BIN, PAN) ISO7813 - Identification cards - Financial Transaction Cards ISO7816 - Identification cards - Integrated Circuit Cards ISO7 14443 - Identification cards - Contactless Integrated Circuit Cards ISO/IEC4909 - Magnetic stripe data content ISO8583 - Financial transaction card originated messages - Interchange Message Specifications ISO20022 - Financial Services - Universal Financial Industry Message Scheme ICC - Integrated Circuit Card EMV - (Originally) Europay MasterCard Visa PCI - Payment Card Industry PCI DSS - PCI Data Storage Security ----------------------------------------------------------- CIR / SEPA Fast (Common Implementation Recommendations / SEPA Financial Application Specification for SCF Compliant EMV Terminals) CAS - Common Approval Scheme CCD - Common Core Definitions CPA - Common Payment Application PTS - PIN Transaction Security EPAS (Electronic Protocol Application Software) CAPE - Card Payment Exchanges (ISO20022), EPAS Acquirer and TMS protocols CCPAY - Card Clearing Payment Messages (ISO20022 change request) ATICA - Acquirer to Issuer Card Messages CCA - Common Contactless Application IFX - Interactive Financial exchange CEN/XFS - Extensions for Financial Services 10

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information