Mobile Contactless Payments and Data Privacy



Similar documents
What Merchants Need to Know About EMV

INTRODUCTION AND HISTORY

ACQUIRER OR ACQUIRING BANK A financial institution (often a bank) where a merchant has an account to process transactions and card payments

Inside the Mobile Wallet: What It Means for Merchants and Card Issuers

permitting close proximity communication between devices in this case a phone and a terminal.

EMV and Small Merchants:

The Impact of Emerging Payment Technologies on Retail and Hospitality Businesses. National Computer Corporation

A Guide to EMV. Version 1.0 May Copyright 2011 EMVCo, LLC. All rights reserved.

The Adoption of EMV Technology in the U.S. By Dave Ewald Global Industry Sales Consultant Datacard Group

EMV and Restaurants: What you need to know. Mike English. October Executive Director, Product Development Heartland Payment Systems

Figure 1: Attacker home-made terminal can read some data from your payment card in your pocket

MOBILE NEAR-FIELD COMMUNICATIONS (NFC) PAYMENTS

HSBC Visa Debit Card. Making the most of your card. HSBC Customer Service Centre. Go to hsbc.com.au/debit

Mobile Payment: The next step of secure payment VDI / VDE-Colloquium. Hans-Jörg Frey Senior Product Manager May 16th, 2013

EMV and Chip Cards Key Information On What This Is, How It Works and What It Means

The Canadian Migration to EMV. Prepared By:

Frequently asked questions - Visa paywave

U.S. Mobile Payments Landscape NCSL Legislative Summit 2013

We believe First Data is well positioned to take advantage of all of these trends given the breadth of our solutions and our global operating

welcome to liber8:payment

CREDIT CARD PROCESSING GLOSSARY OF TERMS

Opinion piece. The mobile wallet already exists! It s called mobile banking. By Simon Cadbury Head of Strategy & Innovation Intelligent Environments

EMV FAQs. Contact us at: Visit us online: VancoPayments.com

U.S. Bank. U.S. Bank Chip Card FAQs for Program Administrators. In this guide you will find: Explaining Chip Card Technology (EMV)

Mobile Near-Field Communications (NFC) Payments

Changing Consumer Purchasing Patterns. John Mayleben, CPP SVP, Technology and Product Development Michigan Retailers Association

Understand the Business Impact of EMV Chip Cards

Payment Card Industry (PCI) Data Security Standard. PCI DSS Applicability in an EMV Environment A Guidance Document Version 1

EMV Chip and PIN. Improving the Security of Federal Financial Transactions. Ian W. Macoy, AAP August 17, 2015

THE FIVE Ws OF EMV BY DAVE EWALD GLOBAL EMV CONSULTANT AND MANAGER DATACARD GROUP

American Express Contactless Payments

Euronet Software Solutions Integrated Credit Card System Improve your organization s marketability, profitability and revenue

Payments Transformation - EMV comes to the US

The Future is Contactless

Smart Cards for Payment Systems

Payments simplified. 1

OVERVIEW OF MOBILE PAYMENT LANDSCAPE

OVERVIEW OF MOBILE PAYMENT LANDSCAPE Marianne Crowe Federal Reserve Bank of Boston NEACH September 10, 2014

Merchant Services Payment Solutions for Your Business

A Guide to EMV Version 1.0 May 2011

Emerging Trends in the Payment Ecosystem: The Good, the Bad and the Ugly DAN KRAMER

Evolving Mobile Payments Industry Landscape

NFC technology user guide. Contactless payment by mobile

A Guide to Contactless Cards

Mobile Commerce. Deepankar Roy, Ph.D. National Institute of Bank Management, Pune, India

Fiscal Service EMV Education Series EMV-Compliant Point-of-Sale Card Acceptance for Federal Agencies. Fiscal Service / Vantiv July 27, 2015

Android pay. Frequently asked questions

BGS MOBILE PLATFORM HCE AND CLOUD BASED PAYMENTS

PCI DSS Compliance Services January 2016

How To Make Money From Mobile Payment On Wirecard

CANADA VS THE USA - THE CONTRAST AND LESSONS FOR MOBILE PAYMENTS

Chip Card (EMV ) CAL-Card FAQs

Preparing for EMV chip card acceptance

EMV/NFC/MOBILE PAYMENTS THE TIME IS NOW THE OPPORTUNITY IS HUGE

EFTPOS Merchant Facilities Quick Reference Guide (VX520/VX680)

NFC technology user guide. Contactless payment by mobile

The EMV Readiness. Collis America. Guy Berg President, Collis America

CITGO CHIP & MOBILE TM. Quick-Start Guide YOUR CUSTOMERS. are

MasterCard Contactless Reader v3.0. INTRODUCTION TO MASTERCARD CONTACTLESS READER v3.0

How Secure are Contactless Payment Systems?

THE APPEAL FOR CONTACTLESS PAYMENT 3 AVAILABLE CONTACTLESS TECHNOLOGIES 3 USING ISO BASED TECHNOLOGY FOR PAYMENT 4

MasterCard Special Edition

EMV in Hotels Observations and Considerations

toast EMV in 2015: How Restaurants Can Prepare for the New Chip-and-Pin Standard

EFTPOS Merchant Facilities Quick Reference Guide

FUTURE PROOF TERMINAL QUICK REFERENCE GUIDE. Review this Quick Reference Guide to. learn how to run a sale, settle your batch

Introductions 1 min 4

Friday, June 5, :15 p.m.

Tokenization: FAQs & General Information. BACKGROUND. GENERAL INFORMATION What is Tokenization?

Changing E-Commerce Trends

We make cards and payments work for people as a part of everyday life. We bring information to life

Payeezy SM Webinar: 15 Minutes to Apple Pay TM In-App Payments with Payeezy. Tom Eck First Data. October 2, 2014

Apple Pay. Frequently Asked Questions UK Launch

MOBILE PAYMENT IN THE EU: ROLE OF NFC. Gerd Thys Product Manager Clear2Pay Open Test Solutions (OTS)

Converge. Chip and PIN (EMV) Transaction Processing Addendum. Revision Date: February 2016

EMV and Restaurants What you need to know! November 19, 2014

Smart Card Security Access Modules in VeriFone Omni 3350 Countertop and Omni 3600 Portable Terminals

Credit card: permits consumers to purchase items while deferring payment

E-Commerce payment trends. Petr Polak Senior Sales Manager Czech Republic and Slovakia

EMP's vision is to be the leading electronic payments processing company in the emerging markets of Africa and the Middle East.

Making Cloud-Based Mobile Payments a Reality with Digital Issuance, Tokenization, and HCE WHITE PAPER

Enhancing Payment Card Security New Measures to be Phased in from 2 nd Quarter 2010 to 1 st Quarter 2011

WIRELESS - GPRS iwl250 POS SOLUTION

PayLeap Guide. One Stop

Latest and Future development of Mobile Payment in Hong Kong

EMV-TT. Now available on Android. White Paper by

EDUCATION - TERMS 101

Beyond the Hype: Mobile Payments for Merchants

1i. What other gaps or opportunities not mentioned in the paper could be addressed to make improvements to the U.S. payment system?

NFC technology user guide. Contactless payment by mobile

Preparing for The Fourth Pillar of Mobile Payments: Payments to Merchants and Retailers

Apple Pay. Frequently Asked Questions UK

The Future of Mobile Payment. Christopher Boone President & CEO, Cimbal Inc. E: chris@cimbal.com T: (650)

Flexible and secure. acceo tender retail. payment solution. tender-retail.acceo.com

Transcription:

Data Privacy Purpose We are on the cusp of the next major evolution in consumer payments. In the not too distant future, it is likely we will be making payments using our credit and debit cards embedded in our mobile phones. This will create some exciting new opportunities for both retailers and consumers, but as with all changes of this magnitude, there are some questions that need to be answered. The opportunities come about because of the ability to collect much more information at the point of sale, combining and processing that information to create a richer picture all in the one consumer device. Information associated with the payment transaction include the payment receipt, the shopping cart contents and location. This is valuable information in the right hands, but how do we stop this information falling into the wrong hands? This presentation considers in more detail the issue of data privacy with respect to mobile contactless payment. Some Background We have been using payments cards for well over half a century. Retailer issued credit cards have been used in the USA since the 1920s, but Diners Club is often credited with being the first scheme to issue plastic payment cards back in the 1950s, followed by American Express (1958), and then the pre-runner to Visa BankofAmeriCard (1958). The initial implementation was embossed plastic cards. The account information on the card was captured through taking a manual imprint of the card embossed data and submitting this information through the banks to initiate payment from the cardholder account back to the retailer. Since embossed cards, we have seen a relentless progression of evolution. At the beginning of the 1970s the card payment industry began to migrate from embossed cards to magnetic stripe. This enabled card information to be captured electronically and authorised and cleared for settlement using electronic online messages. From this point on, the payment card industry accelerated dramatically through removing the limitations of embossed cards. Magnetic stripe enabled the processing of an exponentially greater volume of transactions and significantly reduced the errors due to the manual handling of embossed data. The electronic capture of magnetic stripe also allowed the introduction of techniques for reducing fraud such as magnetic stripe data verification and PIN for cardholder verification. It can be argued that the subsequent developments in card technology, the introduction of EMV chip, and the capability for multi-application chip cards have not had nearly the same impact on www.cotignac.co.nz Page 1

growth as the advent of magnetic stripe. EMV chip has all been about combating ever more sophisticated attacks against magnetic stripe payment cards, and therefore reducing the costs due to fraud, while the concept of multiple applications on a chip embedded in a plastic card has struggled to gain traction and prove truly beneficial given the limitations of a plastic card and the lack of a user interface. Perhaps the most significant new growth opportunity for the payment card industry in more recent times has come about with the introduction of internet based shopping or e-commerce in the mid 1990s. The card industry was able to grab this opportunity by simply extending the card not present methods of mail order and telephone order (MOTO) to the web browser, albeit accompanied with the same inherent fraud risks. However, the advent of EMV chip has led the payment industry to a potential game changer and this is the ability to have a contactless interface between the chip and the acceptance device. This means the cardholder no longer has to place their payment card into physical contact with the terminal reader, but simply bring the chip within close proximity (i.e. within 4cm) of the reader. This is hugely significant because no longer do we need a plastic card conforming to ISO standard dimensions to swipe or insert into a reader. The chip with the payment application may be embedded into any personal device that is capable of talking to a contactless reader using a feature called Near Field Communications or NFC. The Next Evolution in Payment The ability to embed a credit or debit card payment application into a mobile phone has come about through the converging arrival of two technologies, each from different industries. The banking industry has delivered contactless chip card for payment with a goal to enabling a more convenient payment experience for consumers. In parallel, the telecommunications industry has evolved the mobile phone into what is popularly referred to as a smart phone. Smart phones are proving spectacularly successful with consumers, evidenced by the rapid growth of the Apple iphone and Google Android phone. Probably the most significant feature that has captured the imagination of consumers is the ability to make the device truly personal through easily adding and deleting all sorts of applications. A user has the ability to access an application store and select applications that can simply be downloaded across the mobile phone network and added to the smart phone. Applications that no longer suit the consumer can just as easily be deleted from the phone. This feature, coupled with a visually rich, intuitive user interface, the fact that the device is mobile, is always connected, and is always with the user, means the consumer now has a truly personal device that can be used for all sorts of lifestyle purposes. It seems obvious that one of those lifestyle purposes is to replace the physical leather wallet. Today the typical consumer uses the leather wallet to carry cash, one or more payment cards, numerous loyalty cards and reward coupons, and probably stores shopping card receipts and payment receipts. When at the point of sale, the consumer must remove from the leather wallet the www.cotignac.co.nz Page 2

selected payment card and loyalty card (if the consumer remembers or is reminded) for presentment to the terminal, and then return the cards plus any receipts back to the wallet. However, the experience will be quite different if all the customer s payment cards, loyalty cards, and reward coupons are embedded and stored in a mobile wallet on a smart phone that is able to use NFC to communicate with a contactless reader at the point of sale. The customer will have the ability to organise the cards in the mobile wallet, perhaps in order of priority. The phone will then be presented to the terminal reader, and the mobile wallet and reader will agree on which payment and/or loyalty applications will be used based on what is accepted by the retailer and the customer preferences set in the mobile wallet. At the conclusion of the transaction, the terminal can electronically return to the phone the results of the transaction such as payment receipt, shopping cart contents, loyalty earned and other information such as location, promotions and incentives. All this happens with one tap. Creating Opportunities It is this information resulting from the interaction between customer and retailer at the point of sale that can be collected and stored in the mobile phone that offers some exciting new opportunities for both customer and retailer. The opportunities arise if the customer is truly using their mobile phone as the primary method of conducting all payments, and the phone is collecting information resulting from all payment transactions in real time. This information may then be made available to multiple applications on the phone, and accessed remotely across the phone s network connections or via NFC. Consider the example of the benefits to a retailer where the retailer is better able to know and target their customer through highly focussed promotion. Assume a customer who has installed a particular retailer s application on their phone. The application tracks the behaviour of the customer at the retailer by recording the customer s purchases in terms of shopping card contents. The application is also able to alert the retailer when the customer is in the vicinity of the store using phone based location services. When the customer next comes within range of the retailer store, the application allows the retailer to instantaneously offer the customer an incentive to come into the store and make a purchase, based on past customer preferences as tracked by the retailer provided application on the phone. Conversely, the same technology allows customers to achieve benefits which might include, taking advantage of customised promotions, the ability to get the best deal through instant price comparisons, discover whether a particular product is available in the local vicinity, collect electronic receipts for both payment and shopping cart contents, and use such information to track spending and control budgets. These opportunities are all possible because the mobile phone is able to support applications that talk to the outside world, either via NFC to a point of sale terminal, across the mobile phone network (over the air) or across the internet, and collect and share transaction information via these connections. These applications can be provided by various parties all competing for the attention of the customer which could include mobile phone operators, handset manufacturers, or service www.cotignac.co.nz Page 3

providers. Applications might be mobile wallets, or service provider applications such as payment, retail, or transit. Threat All of these applications, from the various providers can potentially collect and share data. As a customer, we might download several retailer applications and enable each retailer to track our activity within their store, knowing full well that the information captured by each application may be used to influence our behaviour. But can we be sure that one application, whether it is a mobile wallet or one service provider s application, is not accessing the data particular to another application. There is a data privacy threat if the customer is not able to control access to information collected by applications on the phone. Potential examples of threats of unauthorised access and use of data could include -: - One application accessing another applications data (i.e. spend pattern, shopping basket data, location); - One service provider accessing the data resulting from the interaction between the customer and a competing service provider in the same industry to achieve competitive advantage; - A wallet provider obtaining a complete view of a customer s total retail behaviour across multiple payment instruments and/or multiple retailers. Mitigating the Threat Data privacy must be ensured by enforcing two key principles - Defining who is the owner of the data; - Ensuring that the owner of the data provides explicit permission for access to the data. The good news is that these principles are nothing new. We do this today in the physical world, and we need to ensure that these principles continue to be upheld for mobile contactless payments. The implementation can be achieved via a three pronged approach. 1. Technology chip technology allows the securing and protection of data and the provision of access control to data; 2. Standards setting minimum standards for the application of technology to ensure sufficient protection and access control 3. Regulation regulate to protect data and define ownership and who can have access There are challenges still to be addressed in ensuring data privacy in this space. Not least of all is that we are dealing with evolving technology that is still developing at speed, the technology does not respect international borders with global standards still evolving, and the technology is not yet well understood by industry regulators. To deal with this challenge requires global pan industry cooperation and agreement. www.cotignac.co.nz Page 4

However, the issue of data privacy must be addressed in order to ensure that both retailers and consumers continue to maintain trust in the integrity of our payment systems. www.cotignac.co.nz Page 5

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information