Enhancing Payment Card Security New Measures to be Phased in from 2 nd Quarter 2010 to 1 st Quarter 2011



Similar documents
Frequently Asked Questions (FAQ) on HSBC Chip Credit Cards

FAQ on EMV Chip Debit Card and Online Usage

Security enhancement on HSBC India Debit Card

EMV and Small Merchants:

MASTERCARD SECURECODE ISSUER BEST PRACTICES

EMV and Restaurants: What you need to know. Mike English. October Executive Director, Product Development Heartland Payment Systems

FAQ Credit Card (PIN & PAY)

Electronic Payments Part 1

What Merchants Need to Know About EMV

A RE T HE U.S. CHIP RULES ENOUGH?

EMV EMV TABLE OF CONTENTS

EMV FAQs. Contact us at: Visit us online: VancoPayments.com

ING Vysya Bank Forex Travel Card is a pre-paid foreign currency chip card that offers you a safe, secure and

Frequently asked questions - Visa paywave

THE FIVE Ws OF EMV BY DAVE EWALD GLOBAL EMV CONSULTANT AND MANAGER DATACARD GROUP

U.S. Bank. U.S. Bank Chip Card FAQs for Program Administrators. In this guide you will find: Explaining Chip Card Technology (EMV)

A Guide to EMV. Version 1.0 May Copyright 2011 EMVCo, LLC. All rights reserved.

What is EMV? What is different?

Credit Card PIN & PAY Frequently Asked Questions (FAQ)

ADVANTAGES OF A RISK BASED AUTHENTICATION STRATEGY FOR MASTERCARD SECURECODE

Payment Methods. The cost of doing business. Michelle Powell - BASYS Processing, Inc.

A: This will depend on a number of factors. Things to consider and discuss with a member of our ANZ Merchant Services team are:

Chip Card (EMV ) CAL-Card FAQs

SOLUTION BRIEF PAYMENT SECURITY. How do I Balance Robust Security with a Frictionless Online Shopping Experience for Cardholders?

Section 3.9 PCI DSS Information Security Policy Issued: June 2016 Replaces: January 2015

FREQUENTLY ASKED QUESTIONS

Card and Account Security. Important information about your card and account.

CA ArcotOTP Versatile Authentication Solution for Mobile Phones

ACQUIRER OR ACQUIRING BANK A financial institution (often a bank) where a merchant has an account to process transactions and card payments

NEWS BULLETIN

toast EMV in 2015: How Restaurants Can Prepare for the New Chip-and-Pin Standard

Be*PINWISE Cardholder FAQs

Arab Bank Cards User Guide

Elavon Payment Gateway- 3D Secure

Credit Cards CARD TRANSACTIONS AND YOU. Credit Cards. A consumer education programme by:

With the Target breach on everyone s mind, you may find these Customer Service Q & A s helpful.

e Merchant Plug-in (MPI) Integration & User Guide

Consumer FAQs. 1. Who is behind the BuySafe initiative? 2. Why should I use a PIN? 3. Do all transactions need a PIN?

Hang Seng Credit Card Benefits Directory

Mobile Near-Field Communications (NFC) Payments

welcome to liber8:payment

DIAMOND NAIRA VISA DEBIT CARD. Your Bank

Securing Internet Payments. The current regulatory state of play

Ambit Card Management Card Management Solution Suite

MasterCard SecureCode

How To Comply With The New Credit Card Chip And Pin Card Standards

Heartland Secure. By: Michael English. A Heartland Payment Systems White Paper Executive Director, Product Development

Platinum and Platinum Rewards Visa EMV Credit Cards Frequently Asked Questions (FAQ s)

OpenEdge Research & Development Group April 2015

Presentation Rundown. Introduction Product Overview Product Features Product Value Product Applications Question and Answer

Other Retail Payments Developments

What Issuers Need to Know Top 25 Questions on EMV Chip Cards and Personalization

Credit Card FAQ. PUBLIC Updated on 15Dec2014 Page 1 of 8

CREDIT CARD PROCESSING GLOSSARY OF TERMS

AUSTRALIAN PAYMENTS FRAUD DETAILS AND DATA

Target Security Breach

The Adoption of EMV Technology in the U.S. By Dave Ewald Global Industry Sales Consultant Datacard Group

Hong Leong Bank Connect Online Banking - FAQs. General

White paper. Biometrics and the mitigation of card-related fraud

Payment System Forum and Exhibition 2014 Sasana Kijang, Kuala Lumpur

Actorcard Prepaid Visa Card Terms & Conditions

Security in connection with card payments. Non-face-to-face transactions (e-commerce/mail and telephone order)

Hang Seng enjoy Card Benefits Directory

EMP's vision is to be the leading electronic payments processing company in the emerging markets of Africa and the Middle East.

Pima Federal Visa Credit Cards Frequently Asked Questions (FAQs)

Tokenization: FAQs & General Information. BACKGROUND. GENERAL INFORMATION What is Tokenization?

Transitions in Payments: PCI Compliance, EMV & True Transactions Security

Verified by Visa. Acquirer and Merchant Implementation Guide. U.S. Region. May 2011

Introductions 1 min 4

Global Bank Achieves Significant Savings and Increased Transaction Volume with Zero-Touch Authentication

Securing the Payments System. The facts about fraud prevention

Payments Transformation - EMV comes to the US

Streamline Cardholder Authentication. Avoid being the target of online fraud

Fraud Detection. Configuration Guide for the Fraud Detection Module v epdq 2014, All rights reserved.

Security in connection with card payments. Non-face-to-face transactions (e-commerce/mail and telephone order)

M/Chip Functional Architecture for Debit and Credit

Investec Credit Card Conditions Of Use

Virtual Payment Client Integration Reference. April 2009 Software version:

How Secure are Contactless Payment Systems?

MasterCard Special Edition

Chip & PIN is definitely broken. Credit Card skimming and PIN harvesting in an EMV world

Card Network Update Chip (EMV) Acceptance in the United States At-A-Glance

EMV and Chip Cards Key Information On What This Is, How It Works and What It Means

PCI DSS FAQ. The twelve requirements of the PCI DSS are defined as follows:

Credit Card Conditions of Use. Credit Guide.

PCI and EMV Compliance Checkup

PREVENTING PAYMENT CARD DATA BREACHES

PAYROLL CARD FREQUENTLY ASKED QUESTIONS

Thoughts on PCI DSS 3.0. D. Timothy Hartzell CISSP, CISM, QSA, PA-QSA Associate Director

PCI 3.1 Changes. Jon Bonham, CISA Coalfire System, Inc.

Figure 1: Attacker home-made terminal can read some data from your payment card in your pocket

Presentation Rundown. Introduction Product Overview Product Features Product Value Product Applications Question and Answer

PCI DSS 101 FOR CTOs AND BUSINESS EXECUTIVES

Mitigating Fraud Risk Through Card Data Verification

Realex Payments Integration Guide - Ecommerce Remote Integration. Version: v1.1

PLACE GROUP UK LONDON STUDENT HOUSING GROUP PAYMENT CARD INDUSTRY DATA SECURITY STANDARD COMPLIANCE STATEMENT PCI DSS (09) VERSION: 2009PCIDSSP4S01

The Webster Visa Prepaid Debit Card Frequently Asked Questions

Yes, your card will expire at a given date, which is printed on the front of your card.

SECTION: SUBJECT: PCI-DSS General Guidelines and Procedures

THE ROAD TO U.S. EMV MIGRATION Information and Strategies to Help Your Institution Make the Change

Transcription:

Enhancing Payment Card Security New Measures to be Phased in from 2 nd Quarter 2010 to 1 st Quarter 2011 On 5 th March 2010, The Association of Banks in Singapore announced key measures to adopt a holistic approach to further enhance the security for payment cards, giving cardholders in Singapore greater security and better protection against card fraud. This is in addition to the existing measures whereby banks and card issuers protect cardholders interests through robust fraud detection systems that monitor and detect unusual/suspicious card usage. As cardholders and consumers, it is important to ensure that you provide your bank with your current particulars, such as mobile phone number, email address and mailing address. The following FAQs explain the rationale and benefits of moving to chip-based payment cards as well as activation procedures, introduction of new alert measures for transactions and the new protocols for Card Not Present Transactions. (I) Replacing magnetic stripe-only cards with EMV chip cards 1. What is EMV? EMV is a global security standard for chip card technology. It enables chip cards to be accepted anywhere in the world. With the EMV Smart Chip, your card is better protected against fraudulent activities. 2. Why is there a need to replace my magnetic stripe card with a chip card? Chip cards are safer than magnetic stripe cards. A magnetic stripe card can be easily cloned. A chip card, however, contains a microprocessor chip that uses encryption to prevent its contents from being replicated. 3. What are the advantages of having the chip in my card? The chip card complies with the Monetary Authority of Singapore s enhanced standard of data security. Compared to a magnetic stripe card, a chip card is able to store more data that uniquely identifies the card and the cardholder. This makes it nearly impossible for fraudsters to decode or tamper with the card. 4. Does my magnetic stripe debit card also have to be replaced with a chip card? Yes. All credit, debit as well as prepaid cards would have to carry a chip. However, proprietary ATM cards issued by the banks do not need to be replaced at this time. 5. My current card already has a chip. Will I still be receiving a new card? No. You can simply continue using your existing chip card. 6. Do I have to pay for my new chip card? Page 1 of 6

No, customers do not need to pay for the new chip card. The cost of upgrading your magnetic stripe card to a chip card will be borne by the card-issuing bank. 7. What must I do with my current card once I receive the new chip card? Please destroy your old card by cutting it in half, to prevent unauthorised usage. 8. How do I use a chip card? Use your chip card in exactly the same way as your old magnetic stripe card. Present your chip card to the merchant sales staff who will insert your chip card into the chip card reader instead of swiping it at the point-of-sale terminal. 9. Can I use the chip card overseas? Yes. However, in some countries chip cards are not prevalent and not all terminals can accept chip cards. Your card transactions in these countries will revert to using magnetic stripe instead. 10. Can I use the chip card for online transactions as well as at ATMs? Yes (see Part IV for more information regarding online transactions). 11. What happens to my current PIN? Your current PIN will continue to apply to your replacement card. 12. Will there be any changes to my statement and payment due dates? No. 13. Are my reward points under the existing card affected in any way? No. In addition, you will continue to earn reward points in the same way as before. 14. What happens to GIRO, installment payment plans and recurring payment arrangements that are charged to my current card? All GIRO, installment payment plans and recurring payment arrangements will remain unchanged, as your replacement chip card will bear the same 16-digit credit card number as your current card. 15. I have credit cards with several banks. Will all these cards be replaced with new chip cards as well? Yes, banks are progressively sending replacement cards to customers. 16. When will my magnetic stripe card be replaced? Page 2 of 6

This depends on your bank s implementation timeline but we expect the exercise to be completed by Q1 of 2011. 17. Do I not need to safeguard my credit/debit card after it is converted to chip card? Yes. You will still need to safeguard your credit/debit card just like your cash. (II) Introducing first-usage alert and activation procedure for new/replacement cards 1. What do I do when I receive the new chip card? To prevent unauthorised use of your new card should the card be intercepted or stolen in the mail, your bank will advise you whether you have been issued an unactivated card or a live card : a) Unactivated Card you have to call your bank s hotline to activate it; b) Live Card no activation is required by you; a first usage alert will be sent to you via SMS, email or letter (on advice of your bank). (III) Transaction Alerts based on a pre-defined value threshold 1. What is a Transaction Alert? This is an added security measure introduced by the Monetary Authority of Singapore. You may opt in or opt out of this service based on the service agreement being provided by your bank. When a transaction exceeding a pre-defined value threshold is charged to your credit/debit card, your bank will be required to send you a Transaction Alert via SMS. Some banks may allow alternative modes, e.g. email or postal alerts. This alert serves as a fraud prevention measure and you should immediately contact the bank if the transaction is not authorised by you. 2. What is the threshold amount that will activate a Transaction Alert? The threshold amount may vary from bank to bank and with different card products. Your bank will inform you of the default threshold amount, and you may choose to change the threshold amount. 3. How will I receive my Transaction Alerts? You will receive Transaction Alerts by SMS, unless you have made alternative arrangements with your bank. Please ensure you have updated your contact information with your card issuer. Page 3 of 6

4. When will I receive Transaction Alerts? You will receive an alert: a) when you first use a new card or replacement card; b) when you make purchases above the pre-defined threshold amount; and c) If the bank detects any suspected fraudulent transactions. 5. Will I be charged for the Transaction Alerts? Banks will not be imposing a charge for Transaction Alerts. However, you should check with your service provider on whether you need to pay for overseas SMS in the event you are outside Singapore. 6. Can my supplementary cardholders receive Transaction Alerts? This depends on your bank. 7. Will I receive Transaction Alerts on my wireless devices when I leave the country? Alerts are sent via SMS. If you can receive SMS while overseas, you will receive the alerts. The time taken for the alert to reach you depends on your service provider and the service provider of the country you are in. If your mobile phone is unable to receive SMS at any time, the alert will be stored for a limited time in the same way as any other SMS. If you require more information on receipt/storage of SMS, please ask your service provider. 8. Can I change the threshold amount? Yes. Please contact your bank s Customer Service Hotline to give new instructions. 9. Can I opt out of this Transaction Alert service? If I opt out, can I sign up for it in future? Yes. Simply contact the bank s Customer Service Hotline with your instructions or contact your bank to check if you can log in your request via internet banking. 10. Can I register a pre-paid phone card for the Transaction Alert service? Yes. (IV) One-Time-Password (OTP) for Card Not Present Transactions 1. What is 3-D Secure? 3-D Secure (3DS) is an added layer of security for online credit and debit card transactions. When a Singapore cardholder makes a purchase at a merchant website that uses 3DS, the cardholder will be asked to enter a One-Time Password (OTP) before the transaction can be completed. 3DS was developed by VISA to improve the security of Internet payments and offered to customers as the Verified by Visa (VbV) service. This protocol has also been adopted by Page 4 of 6

MasterCard, under the name of MasterCard SecureCode, and JCB International as J/Secure. 2. How does 3DS work? 3-D Secure adds another authentication step for online payments. Merchants are encouraged to use 3-D Secure to achieve higher protection against fraud losses. When a merchant does not use 3-D Secure, it is liable for fraudulent transactions even if the transaction was appropriately authorised. The basic concept of the protocol is to tie the financial authorisation process with online authentication. This authentication is based on a three domain ( 3-D ) model. These three domains are: Acquirer Domain (the merchant and the bank to which money is being paid). Issuer Domain (the bank which issued the card being used). Interoperability Domain (the infrastructure provided by the credit card schemes to support the 3-D Secure protocol). When a customer enters his credit/debit card number during online shopping, a 3DS merchant will submit the account number to the directory server provided by the card scheme (VISA/MC/JCB) to check if the card issuer of the said account number is enrolled for 3DS. If yes, the Directory Server will send the URL of the card issuer s Access Control Server (ACS) to the merchant. The merchant s Server Plug-in will then submit an authentication request to the ACS through the cardholder s browser. The ACS will perform the authentication when the customer enters the 3DS password on his browser. The 3DS password may be static but in the Singapore context, the Monetary Authority of Singapore has mandated that the card issuer must provide cardholder with a One-Time Password (OTP) for added security, as a static password is vulnerable to other fraud scams such as phishing, man-in-the-middle attack, etc. 3. Why is there a need for an One-Time Password (OTP) to complete an online purchase? The OTP helps to protect against online fraud. It is a secure way to authenticate that the customer making the online purchase is the rightful owner of the credit card being used. 4. Do all on-line purchases require entering an OTP? No. This measure applies only to merchant websites that support the 3-D Secure authentication protocols. 5. How do I know if a merchant is a 3DS enabled merchant? The merchant website will display the logo of 3DS card schemes such as VISA s Verified-by- VISA, MasterCard SecureCode or JCB s J/Secure. 6. How do I receive the OTP from the bank? Page 5 of 6

When you make an online purchase using your credit/debit card, a pop-up message will appear on screen asking you to enter the OTP. The OTP will be sent to your phone via SMS. Some banks may provide the alternative options of using email, a hardware token or a mobile phone application that can generate an OTP. If you are already an Internet banking customer, you should already have your mobile phone number registered with the bank. If you are not an Internet banking customer, you will be required to register your mobile phone number with your bank. 7. Do I have to pay for this service? No. 8. When will the card issuing banks introduce 3DS? The Monetary Authority of Singapore requires all card-issuing banks to introduce 3DS from June 2010 unless they have obtained an extension. Please check with your banks for their implementation timeline. 9. Do I need to enrol for 3DS with my bank? No. Your bank will automatically enrol all its cardholders. 10. If I do not have my mobile phone registered with the bank, can I still make an Internet purchase? You will still be able to make purchases on merchant websites that have yet to embrace 3DS. For 3DS merchant websites, however, you will not be able to complete a transaction without an OTP. 11. How do I register my mobile number or obtain a hardware token from my bank? Please contact your bank. For security reasons, you may be required to complete a form to register your mobile number or apply for a hardware token. This may take a few days to process. We therefore advise that you register your mobile phone number as early as possible, to ensure that you will be able to make online purchases. 12. What should I do if I change my mobile phone number? As your mobile phone number will be the primary contact for your bank to send you an OTP or SMS alert, you will need to ensure your new mobile phone number is updated with your bank. 13. Can I opt out of the OTP service for online purchases? The OTP is required for online purchases through 3DS merchant websites. You may still make online purchases without the OTP through merchant websites that do not use 3DS. Page 6 of 6

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information