EMV On-Campus Post Liability Shift

Similar documents
Understand the Business Impact of EMV Chip Cards

EMV FAQs. Contact us at: Visit us online: VancoPayments.com

Payments Transformation - EMV comes to the US

What is EMV? What is different?

Introductions 1 min 4

EMV's Role in reducing Payment Risks: a Multi-Layered Approach

Practically Thinking: What Small Merchants Should Know about EMV

What Merchants Need to Know About EMV

EMV in Hotels Observations and Considerations

EMV and Restaurants What you need to know! November 19, 2014

THE FIVE Ws OF EMV BY DAVE EWALD GLOBAL EMV CONSULTANT AND MANAGER DATACARD GROUP

Payment Methods. The cost of doing business. Michelle Powell - BASYS Processing, Inc.

EMV EMV TABLE OF CONTENTS

Preparing for EMV chip card acceptance

PREVENTING PAYMENT CARD DATA BREACHES

EMV and Restaurants: What you need to know. Mike English. October Executive Director, Product Development Heartland Payment Systems

OpenEdge Research & Development Group April 2015

Emerging Trends in the Payment Ecosystem: The Good, the Bad and the Ugly DAN KRAMER

U.S. Smart Card Migration: Stripe to EMV Claudia Swendseid, Federal Reserve Bank of Minneapolis Terry Dooley, SHAZAM Kristine Oberg, Elavon

A Brand New Checkout Experience

A Brand New Checkout Experience

Changing Consumer Purchasing Patterns. John Mayleben, CPP SVP, Technology and Product Development Michigan Retailers Association

PAGE ONE Economics CLASSROOM EDITION. The Smart-Chip Credit Card: A Current Solution

EMV and Small Merchants:

Chip Card (EMV ) CAL-Card FAQs

A RE T HE U.S. CHIP RULES ENOUGH?

Heartland Secure. By: Michael English. A Heartland Payment Systems White Paper Executive Director, Product Development

DATA SECURITY, FRAUD PREVENTION AND COMPLIANCE

EMV FAQs for developers

THE ROAD TO U.S. EMV MIGRATION Information and Strategies to Help Your Institution Make the Change

The Canadian Migration to EMV. Prepared By:

Payment Card Industry (PCI) Data Security Standard. PCI DSS Applicability in an EMV Environment A Guidance Document Version 1

Cash 257 Merchant Services and Revenue Collection

How To Comply With The New Credit Card Chip And Pin Card Standards

CardControl. Credit Card Processing 101. Overview. Contents

CPIM Academy. Cash 257 Merchant Services and Revenue Collection

PCI and EMV Compliance Checkup

A Guide to EMV. Version 1.0 May Copyright 2011 EMVCo, LLC. All rights reserved.

Credit Card Processing Overview

U.S. Bank. U.S. Bank Chip Card FAQs for Program Administrators. In this guide you will find: Explaining Chip Card Technology (EMV)

Your Reference Guide to EMV Integration: Understanding the Liability Shift

EMV A Gated Parking Systems Perspective PIE March 18 th 2014

Card Acceptance Best Practices Playing it Safe at the Point of Sale

Chargelytics Consulting

OpenEdge Research & Development Group April 2015

toast EMV in 2015: How Restaurants Can Prepare for the New Chip-and-Pin Standard

EMV and Chip Cards Key Information On What This Is, How It Works and What It Means

EMV 101: What small businesses need to know

welcome to liber8:payment

Prevention Is Better Than Cure EMV and PCI

The Blurring of CP and CNP: Remaining Secure & Scalable in a Technology and Regulation Driven Landscape

EMV : Frequently Asked Questions for Merchants

EMV Frequently Asked Questions for Merchants May, 2014

Why You Should Adopt EMV Chip Card Technology

ACQUIRER OR ACQUIRING BANK A financial institution (often a bank) where a merchant has an account to process transactions and card payments

Fall Conference November 19 21, 2013 Merchant Card Processing Overview

INTRODUCTION AND HISTORY

Mitigating Fraud Risk Through Card Data Verification

Implication of EMV Migration for the U.S. Transportation Industry. May 1, Implication of EMV Migration for the U.S. Transportation Industry

Healthcare Payment Security Is Your Patient s Card Data Exposed? May 24, 2016

NEWS BULLETIN

PROTECT YOUR BUSINESS FROM LOSSES WHILE ACCEPTING CREDIT CARDS

Testimony of Scott Talbott, Sr. V.P. for Government Relations, Electronic Transactions Association (ETA)

Card Network Update Chip (EMV) Acceptance in the United States At-A-Glance

OpenEdge Research & Development Group May 2015

PCI Compliance Overview

Secure Payments Framework Workgroup

Electronic Payments Part 1

We believe First Data is well positioned to take advantage of all of these trends given the breadth of our solutions and our global operating

EMV and Encryption + Tokenization: A Layered Approach to Security

EMV Chip and PIN. Improving the Security of Federal Financial Transactions. Ian W. Macoy, AAP August 17, 2015

EMV: Preparing for the shift

How to Prepare. Point of sale requirements are changing. Get ready now.

Credit Card Processing, Point of Sale, ecommerce

SellWise User Group. Thursday, February 19, 2015

PCI DSS FAQ. The twelve requirements of the PCI DSS are defined as follows:

PayLeap Guide. One Stop

Frequently Asked Questions (FAQ) on HSBC Chip Credit Cards

The Adoption of EMV Technology in the U.S. By Dave Ewald Global Industry Sales Consultant Datacard Group

October 21, Rayburn House Office Building 2302 Rayburn House Office Building Washington, D.C Washington, D.C.

Keeping A Lid On Payment Fraud Joni Lovingood, CRM, CFE Corporate Property & Casualty Sales Specialist CUNA Mutual Group

How Secure are Contactless Payment Systems?

AUSTRALIAN PAYMENTS FRAUD DETAILS AND DATA

Data Security Basics for Small Merchants

Planning For EMV Technology. Your Guide to Making the Transition

Networks, Processors, and Issuers Payments Surveys (NPIPS)

Payment Card Industry Data Security Standards

EMV Acquiring at the ATM: Early Planning for Credit Unions

Mobile Near-Field Communications (NFC) Payments

University Policy Accepting and Handling Payment Cards to Conduct University Business

GLOSSARY OF MOST COMMONLY USED TERMS IN THE MERCHANT SERVICES INDUSTRY

FAQ on EMV Chip Debit Card and Online Usage

Effectively Managing Data Breaches

Session Title: Restaurants and Mobile Commerce

Apple Pay. Frequently Asked Questions UK

THE ROAD TO CONTACTLESS PAYMENTS

PCI Compliance : What does this mean for the Australian Market Place? Nov 2007

Figure 1: Attacker home-made terminal can read some data from your payment card in your pocket

EMV ADOPTION AND ITS IMPACT ON FRAUD MANAGEMENT WORLDWIDE

Target Security Breach

Transcription:

EMV On-Campus Post Liability Shift Don Smith VP Payments Product Management Higher One June 6, 2016 2016 Higher One Inc. d/b/a/ CASHNet. All rights reserved.

2 Agenda What is EMV and why are we moving in this direction? EMV Market Update Impact on Card Not Present Fraud Considerations for Your Campus Questions

Q: What is EMV?

4 EMV EMV = Europay MasterCard Visa Technical standards for a card with a smart chip and POS terminals and ATMs (different than PCI) Standards overseen by EMVCo (Amex, Discover, JCB, MC, UnionPay, and Visa) Accepted on 6/7 continents U.S. slow to adopt

5 Getting Familiar with POS Changes Dip card vs. Swipe Chip and signature vs. chip and pin Card stays in machine for transaction Most machines beep when transaction is done

Dipping the Card

Q: Why?

25% Portion of the world s transactions that occurred in the U.S. in 2014.* * Business Insider's "The US EMV Migration Report" (Nov 2015)

50% Portion of the world s card fraud that occurred in the U.S. in 2014.* * Business Insider's "The US EMV Migration Report" (Nov 2015)

10 Understanding Fraud Card Present Fraudsters purchase or steal card info (or steal card) Load card info onto card s mag stripe Go to unmanned machines for small amounts to test card info Try card at merchants that have gift cards (or other things) Card Not Present (CNP) Fraudsters purchase or steal card info Test it where merchants do real time processing Typically small amounts Once card number (and associated info) is verified, larger items will be purchased

11 Making Card-Present Fraud More Difficult Stolen Card: Card holder s card is stolen and the fraudster uses card to make purchases at POS Countermeasures: Look at signature on back of card Ask for Photo ID Input zip code Counterfeit Card: Fraudster has purchased stolen card number online and loaded it onto the magstripe of a fake card Countermeasures: Look at signature on back of card Ask for Photo ID Input last four digits of card or CVV into terminal as condition of transaction

12 EMV s Main Purpose EMV makes use of dynamic info at the POS Makes it very difficult to create a counterfeit card Can make it very difficult to use a stolen card (PIN) Dynamic data (exclusive to each transaction) is sent to issuing bank through payment rails to verify authenticity of card (Cryptographic Processing) Security can be enhanced by issuing bank requiring PIN at POS rather than signature

LIABILITY SHIFT

14 Liability Shift Credit card brands encouraging adoption as a means to fight POS cardpresent fraud Stopped short of a mandate Understand costs and logistics involved Realize changing consumer behavior is hard Issued Liability Shift Date of Oct. 1, 2015 Pertains to all merchants with exception of pay at the pump gas stations (Oct. 1, 2017) Think of Liability Shift as a start line vs. a finish line

15 What Does it Mean? Merchant liable for fraud if ALL three of following occur: 1. The payer wants to use an EMV card to make a purchase 2. The campus is unable to process an EMV transaction (and therefore processes a transaction using the card s magnetic strip) 3. The transaction is fraudulent

$4.5B Estimated counterfeit card fraud in U.S. for 2016.* *Aite Group

$1B Estimated amount of counterfeit card fraud in 2020.* *Aite Group

MERCHANT ADOPTION

44% Merchants thought they were going to be EMV ready by end of 2015.* *The Strawhecker Group

37% Merchants were accepting EMV as of Feb 17.* *The Strawhecker Group

20% Estimated portion of credit card transactions that are currently chip-on-chip.* *Aite Group

Q: Why so few?

24 Biggest Barriers Solutions more complex to develop Conversations more complicated with dynamic data elements Comprises software, hardware and processor Certification is more arduous Total solution in play for certification Card brands have different standards NFC add layer of certification Long certification queues Evaluation can take months and cost up to $100K Each change to system prompts new certification Large number of solutions seeking certification Devices are expensive Javelin Strategy and Research estimates it will cost $8.65B to implement EMV in the U.S; $6.75B on POS devices alone!

Small Merchant EMV Readiness 50% 40% 30% 20% 10% Small Merchants 0% Ready Plan to Upgrade No Plans to Upgrade What's EMV? *TD Bank Study 2015

For Merchants Who Don t Plan to Upgrade 45% 40% 35% 30% 25% 20% 15% 10% 5% 0% Small Merchants

27 Change in the Air? Many Non-EMV ready merchants reporting higher rate of chargebacks Higher volume with merchants who sell goods prized by fraudsters Gift cards Electronics Jewelry Many banks don t know if chargebacks are related to EMV or not Merchants don t have resources to research chargebacks B&R Supermarket Inc. and Grove Liquors LLC Oct Feb 2014: 4 Chargebacks Oct Feb 2015: 88 Chargebacks B&R and Grove Liquors filed a lawsuit against card networks Allege card networks knew merchants would be unable to comply with EMV Liability Shift Merchants unknowingly paying for more chargebacks than they should Set up banks for big payday

50% Merchants will accept EMV by end of June.* *The Strawhecker Group

90% Merchants will accept EMV by sometime in 2017.* * The Strawhecker Group

CARD NOT PRESENT

31 CNP Fraud Post EMV Experts have argued EMV causes spike in CNP fraud Fraudsters follow path of least resistance Easier to commit CNP fraud because dynamic element of chip not in play In the UK, brick and mortar fraud decreased 75% from 2004-2012 2015 report from Euro Central Bank on 2013 Data $1.44B in fraud; mostly CNP CNP fraud increased by 20.6% over previous year ATM fraud fell by 13.7% POS fraud fell by 7.9%

Canada Post EMV Implementation 133% Increase in CNP Fraud

33 Not All on EMV? Others argue not necessarily cause and effect Point to: Adoption of new technologies for payments Increase in merchant adoption of new online storefronts Increase in online payment volume over same period Improved techniques by fraudsters (more data breaches) These compound the increase of CNP fraud Argue EMV should still be implemented but also need new mitigation strategies for CNP fraud

35 In the U.S. emarketer Report 2013: $262 billion online sales 2017: $440 billion online sales (estimate) 13.8% compounded annual growth rate ACI Report Jan July 2014: 1/114 CNP transactions was fraud Jan July 2015: 1/86 CNP transactions was fraud Javelin Strategy & Research study in 2015 Account takeover and new account fraud to increase by 60% in next three years Will go from an estimated $5B in 2015 to $8B in 2018

CNP Expected to Double by 2018

Q: How can we protect ourselves from CNP fraud?

38 Pay Attention to New Developments 2016 will be an important year for the introduction and evaluation of new technologies Geolocation Biometrics Dynamic data elements (authorization) Tokenization Real time transaction analytics Behavioral analytics

39 Multi-Layered Approach EMV migration forum and Smart Card Allliance recommend a layered security approach that could include: Device authentication, such as confirming that the device used to make the payment is being used by the right consumer Multi-factor authentication, in which the credentials used to make the payment are checked against the address, phone number, and email address provided by the customer at check-out Tokenization, which replaces payment credentials with one-time codes Rigorously checking the identity of an online customer when they pick up merchandise reserved in a physical store

15% Cardholders who had a transaction declined because it looked like fraud.* *Javelin Strategy & Research. Overcoming False Positives

$118 B Lost sales from false positives. *Javelin Strategy & Research. Overcoming False Positives

$9 BB Actual ecommerce fraud in the U.S. in 2015. *Javelin Strategy & Research. Overcoming False Positives

43 Think Through Your Strategy Work with your payment software provider or processor to identify best strategy for your campus In-person Define EMV strategy and roll out plan Implement cashier security measures in the business office CNP Velocity limits CID/AVS Authentication Transaction reporting Mobile wallets Keep in mind fraud (CNP and CP) rates are low for most schools Stay abreast of new developments in technology Ensure your campus takes PCI seriously and work with a PCI certified QSA to document and test your environment

Q: Questions?

THANK YOU! Don Smith don.smith@cashnet.com www.cashnet.com/blog

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information