EMV as a stepping stone to Mobile Payment 2012 Payments Summit February 8-10, 2012 Salt Lake City, Utah

Page 2

Agenda

Overview

Contactless Specifications and Standards

Secure Devices

EMV card or mobile handset

Issuance

EMV compliant payment credentials delivery

Consideration to make

Embracing EMV and Mobile Payment at the same time

Page 3

Payment Specifications

AEIPS ExpressPay

Discover Zip

M/Chip PayPass

VSDC payWave

Page 4

Standards Beyond Payment

Used in payment cards, USIM, ePassports, mobile and authentication devices Defines standard set of API for a Secure Chip operating system Working in close collaboration with EMVCo

NEW Trusted Multi-Ownership The key factor of convergence

www.globalplatform.org The Standard of Managing Applications on Secure Chip Technology

Page 5

Financial Institution

Establish Business Relationship with suppliers

Define cost structure

Agree on SLA

Delivery to Cardholder Personalization EMV Data

Generation

Procurement of Cards or Space on Mobile Device Key

Management Procurement

Card Design

Select EMV Card Platform

EMV Applications

Payment Brand/EMV approved

Manufacturing SLA

Card Manufacturing

Wallet Visual Appearance

GlobalPlatform Secure Element

EMV Applications

Payment Brand/EMV approved

OTA Platform SLA

OTA Platform

Mobile Network Operator / SE owner

Secure Shipment

Consider using the same Operating System on Card and Mobile

TSM Vault

Page 6

Initialize the chip

Load Security Domain with issuer key

Card secured in transit

Financial Institution

EMV Application Keys Remain in control

by the issuer at all times

Platform Keys Transport/ Personalization Keys

Key Management

Card Manufacturing

Receive request to establish Virtual Card

Create Security Domain

Allow Issuer to take ownership by loading its SD key

OTA Platform

Mobile Network Operator / SE owner

Chip Transport Key

Streamlined Key Management activities GlobalPlatform compliance - Standardized Security Management

Key Vault TSM

Delivery to Cardholder Personalization EMV Data

Generation Delivery to Cardholder Personalization EMV Data

Generation Procurement Key Management

Page 7

Derive Unique Application Keys

Generate Additional EMV Data per Payment Application requirement

Contact Contactless

Generate Offline DA certificate data (optional)

Format Data for Secure Personalization

Financial Institution

EMV Configuration Profile

Application and Platform Keys

EMV Data Generation

Data Gen Service Provider

Derive Unique Application Keys

Generate Additional EMV Data per Payment Application requirement

Contactless Generate Offline DA certificate data (optional)

Generate Mobile specific data (optional)

Format Data for Secure Personalization using ECPS

Simplify Data Generation use the same EMV Data Format for card and mobile

Key Vault

Delivery to Cardholder Personalization EMV Data

Generation Delivery to Cardholder Personalization Key

Management Procurement EMV Data Generation

Page 8

Certified personalization Site

Only issuer owned chip can decrypt perso data

Financial Institution

Personalization

Personalization Service Provider

Certified OTA Credential Download

Only issuer owned SE can decrypt perso data

OTA Platforms

Mobile Network Operator / SE owner

Leverage EMV standards EMV CPS EMV Card Personalization Specifications

Encrypted Personalization

Data

TSM

Delivery to Cardholder Personalization EMV Data

Generation Delivery to Cardholder

EMV Data Generation

Key Management Procurement Personalization

Page 9

Delivered via mail/courier

Online or phone activation

Post Issuance Management Issuer Scripting through POS and ATM

Financial Institution

Activation Authorization Transaction Processing

Post Issuance Management

Delivery to Cardholder

Instantly available

Activation through mobile wallet

Post Issuance Management OTA at any time

Delivery to Cardholder Personalization EMV Data

Generation Personalization EMV Data Generation

Key Management Procurement Delivery to

Cardholder

Page 10

Card and Mobile Issuance

NFC Service Manager

NFC Enabler(s) SE Management

Financial Institution

TSM Service

Secure Element Issuer Cardholder Service Bureau

EMVData  Prep   Card Issuance

Page 11

EMV Cards and Mobile Payment - not that different Understanding EMV and contactless Payment

Similarities and differences - card and mobile Standardization

Leverage investment in EMV card issuance

EMV Key Management and Data Generation Personalization Services and Trusted Service Manager Issuing EMV cards and delivering payment credentials Over the Air

Thank you

Nick Pisarev Director, Product Management - Banking Mobile Security Giesecke & Devrient Direct: 1-703-480-2338 Mobile: 1-571-535-0521