Claude Goetz Davis Wright Tremaine LLP

Similar documents
Evolving Mobile Payments Industry Landscape

EMERGING PAYMENTS AND PREPAID

Selecting a Secure and Compliant Prepaid Reloadable Card Program

Innovation and Emerging Payments/FinTech

REGULATORY COMPLIANCE SERVICES for Financial Institutions

Digital Payment Solutions TSYS Enterprise Tokenization:

OVERVIEW OF MOBILE PAYMENT LANDSCAPE

OVERVIEW OF MOBILE PAYMENT LANDSCAPE Marianne Crowe Federal Reserve Bank of Boston NEACH September 10, 2014

U.S. Mobile Payments Landscape NCSL Legislative Summit 2013

Android pay. Frequently asked questions

Google Payments Terms of Service Buyer (US)

Bringing Mobile Payments to Market for an International Retailer

Regulatory Practice Letter February 2014 RPL 14-05

ACI TOKEN MANAGER FOR MOBILE: TOKEN SERVICE PROVISION, HCE AND EMBEDDED SECURE ELEMENT IN THE CLOUD

Key Topics in Mobile Payments. Marianne Crowe Federal Reserve Bank of Boston m-enabling Summit June 10, 2014

FFIEC Authentication Guidance Examination in 2012: Are You Prepared?

Best practices for choosing and integrating a mobile payments platform. A GlobalOnePay White Paper

Perspectives on Financial Products Marketed to College Students

U.S. Mobile Benchmark Report

How To Protect Your Restaurant From A Data Security Breach

AYMENTS SYSTEM COUNCIL. The Role of Banks Relative to Non-Banks in Electronic Money Operations

Mobile Payments Applications and Challenges Jose Diaz Director, Business Development & Technical Alliances Thales e-security

Making Cloud-Based Mobile Payments a Reality with Digital Issuance, Tokenization, and HCE WHITE PAPER

Emerging Trends in the Payment Ecosystem: The Good, the Bad and the Ugly DAN KRAMER

CANADA VS THE USA - THE CONTRAST AND LESSONS FOR MOBILE PAYMENTS

Chair: Russell Schrader, Visa, Inc., San Francisco, California Vice Chair: Veronica K. McGregor, Jones Day, San Francisco, California

Payments simplified. 1

Friday, June 5, :15 p.m.

PREPARED STATEMENT OF SAMSUNG ELECTRONICS AMERICA. For the

Payeezy.com Security in Apple Pay In-App Development

Inside the Mobile Wallet: What It Means for Merchants and Card Issuers

Tokenization: FAQs & General Information. BACKGROUND. GENERAL INFORMATION What is Tokenization?

Are You Ready For PCI v 3.0. Speaker: Corbin DelCarlo Institution: McGladrey LLP Date: October 6, 2014

The State of Pay. A mobile revolution. semble.co.nz

Re: Big Data Request for Information

When it comes to payments today, the customer rules. Simple. Personal. Everyday.

Old National offers both Mobile Web and a Mobile App, so you can choose the best fit for your device type. Either solution enables you to:

Innovation in payments an overview

Student Loan Servicing and the CFPB

Building Customer Loyalty with Prepaid Cards

Apple Pay & The New Environment for Mobile Payment Apps

NBT Bank Personal and Business Mobile Banking Terms and Conditions

Security Trends and Client Approaches

Target Security Breach

Android Mobile Banking. How secure are mobile banking apps on the world's most popular smartphone

The U.S. REGULATORY LANDSCAPE for MOBILE PAYMENTS

MCX/CURRENTC. This payment app will be unique from other mobile payments options in that it is not device specific. Consumers

Mobile Financial Services

EMERGING PAYMENT PRODUCTS AND PAYMENT SYSTEMS

Transitions in Payments: PCI Compliance, EMV & True Transactions Security

Vendor Management: An Enterprise-wide Focus. Susan Orr, CISA CISM CRISC CRP Susan Orr Consulting, Ltd.

Getting Started with Apple Pay on the Authorize.Net Platform

Technology and Innovation in Financial Services

#socialmediarisk Social Media and Consumer Marketing for Financial Services Organizations

October 20, Subject: ETA s Comments on Proposed Virtual Currency Regulatory Framework

Legal Overview of China s Regulation on Payment Service by Non-Financial Institutions

21st Century. Way You Do Business

Government Crime Prevention Regulations. Richard Fraher VP & Counsel to the Retail Payments Office Federal Reserve Bank of Atlanta

MOBILE BANKING AGREEMENT AND DISCLOSURE ONLINE BANKING ADDENDUM

EMV and Chip Cards Key Information On What This Is, How It Works and What It Means

Welcome to Mobile Banking. Sunflower Bank Mobile Banking Personal User Guide

Mobile Check Deposit (MCD) User Agreement ( Agreement )

Analysis of Branded General Purpose Reloadable Prepaid Cards

Section 3.9 PCI DSS Information Security Policy Issued: June 2016 Replaces: January 2015

This is our best... YOUR best... Online Banking yet!

COMMENTARY. occ and fdic Guidance on Supervisory Concerns and Expectations Regarding Deposit Advance Products JONES DAY

The Impact of Emerging Payment Technologies on Retail and Hospitality Businesses. National Computer Corporation

Frequently Asked Questions: Identity Theft Red Flags and Address Discrepancies

Bank Secrecy Act, Anti-Money Laundering, and Office of Foreign Assets Control

An Employer s Guide to Payroll Cards

Preparing for EMV chip card acceptance

Cross-channel payment solutions ABI CARTE 2015, ROMA, 5 NOVEMBRE 2015 VINCENZO ROMEO EASTERN EUROPE & AFRICA INNOVATION DIRECTOR

The Path to Compliance: Selecting Another PIN Debit Network

Anti-Money Laundering Program and Suspicious Activity Reporting Requirements For Insurance Companies. Frequently Asked Questions

Social Media Payment Applications. June 6, 2011

UNITED STATES OF AMERICA FEDERAL TRADE COMMISSION

2015 REGULATORY CHALLENGES FOR FINANCIAL INSTITUTIONS E L L IOT T DAVIS D E COSIMO R I S K MANAG E MENT

Ensuring Consistent Consumer Protection for Data Security: Major Banks vs. Alternative Payment Providers

Read this first. Copyright

DATA SECURITY: EVERYTHING YOU NEED TO KNOW

Created on February 4, for CSBS

Bill Payments, Regulation and Compliance

prepaid Prepaid Launch the ideal prepaid card scheme for your business quickly and efficiently

Getting in the mobile game

Practically Thinking: What Small Merchants Should Know about EMV

EESTEL. Association of European Experts in E-Transactions Systems. Apple iphone 6, Apple Pay, What else? EESTEL White Paper.

Data Security Standard (DSS) Compliance. SIFMA June 13, 2012

What Are Mobile Payments?

Regulatory Practice Letter December 2012 RPL 12-24

Business Case for Voltage Secur Mobile Edition

Health Savings Account (HSA) State of Tennessee

MOBILE BANKING USER GUIDE

Understanding the Value of Tokens

21st Century Solution for Mobile Commerce:

How To Plan For A Mobile Payment System

11/24/2014. PCI Compliance: Major Changes in e-quantum/quantum Net

E-Commerce payment trends. Petr Polak Senior Sales Manager Czech Republic and Slovakia

Protecting Cardholder Data Throughout Your Enterprise While Reducing the Costs of PCI Compliance

REGULATORY COMPLIANCE. Dynamic Solutions. Superior Results.

Why Encryption is Essential to the Safety of Your Business

Transcription:

Prepaid Cards, New Technologies, and Emerging Payment Systems, Including Mobile Wallets, Virtual Currencies, and EMV Cards: New Opportunities and Overcoming Regulatory and Compliance Challenges Claude Goetz Davis Wright Tremaine LLP ACI Prepaid Card Compliance Conference September 30 th October 1 st, 2015 Chicago, Illinois

Mobile Devices are Changing Retail Payments Includes: Purchases, Bill payments, Charitable donations, Payments to another person, or Any other payments using a mobile phone Access points: Web page through mobile browser, SMS, or downloadable app on phone Payment: Charged to credit card, deducted from prepaid account, or withdrawn directly from bank account Source: Board of Governors of the Federal Reserve System, Consumers and Mobile Financial Services 2014 (March 2014) 2

Consumers Using Their Phones to Make Payments 30% Growth in consumer use of mobile payments 25% 20% 15% 10% 5% 23% 24% 24% 15% 17% 11% Mobile phone users reported using mobile payments Smartphone users reported using mobile payments 0% 2011 2012 2013 Source: Board of Governors of the Federal Reserve System, Consumers and Mobile Financial Services 2014 (March 2014) 3

How are Consumers Using Mobile Payments? Made payment via text message, 13% Transferring money from another person using a mobile phone, 39% Paid for parking, a taxi or public transit using mobile phone, 9% Paying bills, 66% Paying for product or service at store, 39% Online purchases, 59% Source: Board of Governors of the Federal Reserve System, Consumers and Mobile Financial Services 2014 (March 2014) 4

How are Consumers Using Mobile Payments? Growth in use of POS mobile payments services 18% 16% 14% 12% 10% 8% 6% 4% 2% 0% Share of smartphone users who reported making a POS purchase with their smartphone in the past 12 months 1% 6% 17% 2011 2012 2013 Source: Board of Governors of the Federal Reserve System, Consumers and Mobile Financial Services 2014 (March 2014) 5

Mobile Phones: Gateway to the Unbanked? Mobile phones, including smartphones, are prevalent among unbanked and underbanked 100% 90% 80% 70% 60% 50% 40% 30% 20% 10% 0% Cell Phone Usage Among Unbanked & Underbanked 50% Smartphones 64% Smartphones Unbanked Underbanked 69% 88% Source: Board of Governors of the Federal Reserve System, Consumers and Mobile Financial Services 2014 (March 2014) 6

Mobile Phones: Gateway to the Unbanked? High penetration among younger generations, minorities, and lowincome offers potential for expanding financial access 64% Smartphones Source: Board of Governors of the Federal Reserve System, Consumers and Mobile Financial Services 2014 (March 2014) 7

Point of Sale Innovations bought 8

Catalyst: Growth in Alternative Payment Providers In January 2014, it was estimated that APPs will account for 59% of online transactions and that e-wallets will equal cards in terms of market share in 2017 Peer-to-peer payment market expected to reach $17 billion in 2019 Growth of P2P Market, APPs for online transactions, e- wallets, mobile payments, Buy Buttons Source: The Clearing House, Ensuring Consistent Consumer Protection for Data Security: Major Banks vs. Alternative Payment Providers (August 2015) 9

Bank Secrecy Act FDIC Deposit Insurance Anti-Money Laundering Compliance Data breach/security State Privacy and Security Statutes OFAC Truth in Savings Act Truth in Lending Act / Reg Z Truth in Billing Electronic Fund Transfer Act / Regulation E OFAC Reg D State Money Transmitter Laws Regulation B Unfair, Deceptive or Abusive Acts and Practices Laws Card brand rules Durbin Amendment Regulation DD Reg CC Check 21 TISA/Reg DD Gift card Identity-Theft Red Flags Regulation II Gramm-Leach-Bliley Act E-SIGN Act Fair Credit Reporting Act Escheat Business of banking / Deposit-Taking 10

The Clearing House Diagnosis: An Uneven Playing Field in Data Privacy and Security Financial Institutions are subject to extensive regulatory, supervisory and enforcement scrutiny by their prudential regulators GLBA Interagency Guidelines More stringent implementing regulations and consequences Safety and soundness Banks ultimately bear customer service and fraud costs Alternative Payment Providers (APPs) provide products and services utilizing backbone of existing payment systems and avoid the reach of prudential regulators GLBA FTC Safeguards Rule Not subject to regular examinations, enforcement actions or oversight Lighter substantive requirements Lower odds of facing enforcement actions or sanctions Banks and APPs engaging in functionally similar activities should be subject to similar regulatory regimes. The Clearing House Source: The Clearing House, Ensuring Consistent Consumer Protection for Data Security: Major Banks vs. Alternative Payment Providers (August 2015) 11

Impact of Apple Pay on the Mobile Payments Market Apple Pay adoption a mixed story Recent Pymnts and InfoScout survey data show declines in use: Consumers that have tried Apple Pay: March 2015 15.1% of eligible iphone 6 & 6 Plus users June 2015 13.1% Consumers using Apple Pay in a store where its accepted: March 2015 48% of eligible iphone 6 & 6 Plus users June 2015 33% Consumer not using Apple Pay because they are not familiar with how it works: March 2015 31% of eligible iphone 6 & 6 Plus users June 2015 34% Source: Pymnts.com, available at http://www.pymnts.com/in-depth/2015/apple-pay-adoptionthe-falling-side-of-the-bell-curve/ (August 5, 2015). 12

Impact of Other Mobile Payment Technologies Non-Apple mobile payment solutions Samsung Pay / Loop Pay Android Pay Others Will mobile payment adoption rates significantly increase? In-store payment isn t a consumer pain point swiping works Tokenization and Host Card Emulation 13

How Tokenization Works TOKEN VAULT 1234 = 0001 2345 = 0002 3456 = 0003 4567 = 0004 1234 1234 1234 1234 0000 0000 0000 0001 Sensitive Value TOKEN SYSTEM Inert Token Tokenization is a data security technique that replaces sensitive data (e.g., credit card number) with surrogate data (token) that has no or little value. Tokenization limits the scope of where the sensitive data needs to be processed or stored. 14

Benefits of Tokenization Easier, cheaper and more secure Easier and Cheaper: Tokenization can be managed internally or outsourced Format interoperates with existing systems and applications Puts less technical overhead on infrastructure Reduces compliance obligations by allowing fewer systems to audit and lower security controls Continued 15

Benefits of Tokenization (cont d) Easier, cheaper and more secure More Secure: Reduces exposure by centralizing sensitive data in one location (token vault) Unlike encryption, tokens cannot be reversed without access to the token vault Reduces burden of encryption key management Provides data masking by default 16

Limitations of Tokenization Tokenization cannot be used on all types of data (e.g., emails, Internet transmissions, databases, files) Just like encryption, cannot protect data before it is tokenized (e.g., RAM scraper problem) or if a party is able to de-tokenize the data Similarly formatted tokens may not be distinguishable from the real data type Continued 17

Limitations of Tokenization (cont d) Tokens are not meaningful to third parties unless they have access to the token vault or are provided a means to associate the token back to the sensitive data Tokenization can result in duplicative tokens unless the token system is set up to prevent collision Tokens do not validate the underlying data or its source, and should be coupled with assurance methods to validate identity 18

How Host Card Emulation (HCE) Works Host Card Emulation (HCE) creates a software-based virtual smart card that does not rely on the device s Secure Element. First introduced in 2011 by SimplyTapp but popularized by Google s Android phone. 19

Use of Tokenization in HCE Tokenization may be used in conjunction with HCE Tokens can be used in place of the PAN on the device, or other sensitive data, to add an additional layer of security Google Wallet uses tokenization and does not store the PAN on the device or pass the PAN to the merchant 20

HCE Security Supplements The primary criticism of HCE is that it is not as secure as using the Secure Element. The following can be used to supplement the security of a HCE deployment: Encryption or tokenization of sensitive data stored on the device or in the cloud Use of tamper-proof software to stop all transactions if external changes are attempted Device fingerprinting to uniquely identify the authorized device and disallow any transactions from other devices 21

THANK YOU! Claude Goetz claudegoetz@dwt.com 212.603.6415 22

Disclaimer This presentation is a publication of Davis Wright Tremaine LLP. Our purpose in making this presentation is to inform our clients and friends of recent legal developments. It is not intended, nor should it be used, as a substitute for specific legal advice as legal counsel may only be given in response to inquiries regarding particular situations. Attorney advertising. Prior results do not guarantee a similar outcome. Davis Wright Tremaine, the D logo, and Defining Success Together are registered trademarks of Davis Wright Tremaine LLP. 2015 Davis Wright Tremaine LLP. 23

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information