2

EMV Defined

Near Field Communications (NFC)

Card brand mandates and incentives for EMV

Allegiance’s EMV plans

2

EMV Defined

EMVCo’s primary purpose since 1994 is to define a global standard for

credit and debit payment cards based on chip card technology.

― Goal is to ensure that standards for chip card-based payments are

globally interoperable

Data is more secure on a chip-embedded card that utilizes dynamic

authentication, rather than on a static mag-stripe card.

― Unlike a mag-stripe card that can be copied (“skimmed” or “cloned”),

chip technology combats counterfeiting by assigning a dynamic value

for each transaction.

Four main functions:

Card authentication to protect against counterfeit cards

Cardholder verification to protect against lost/stolen cards

Terminal authentication to prevent against “Trojan Horse” hacks

Transaction authorization and authentication using issuer-defined rules

4

Authentication and Authorization

— Online requires the transaction to be sent online for the issuer to authenticate

the card and authorize the transaction – just like mag-stripe transactions

— Offline is done between the chip card and terminal (there are various methods

defined by EMVCo)

Cardholder Verification Methods (CVMs):

— None (usually used for low value transactions)

— Offline PIN (entered and stored PIN are compared offline)

Online PIN (PIN is validated online – like PIN debit)

Signature Verification (requires physical signature comparison)

Visa and MasterCard mandate global interoperability, meaning POS solutions must

be able to support all card and cardholder authentication

— Mexican chip card will prompt for signature

— Canadian chip card will prompt for PIN

5

6

© 2012 VeriFone Systems, Inc.

41.1% of cards 76.7% of terminals

84.4% of cards 94.4% of terminals

20.6% of cards 75.9% of terminals

28.2% of cards 51.4% of terminals

14.5% of cards 68.1% of terminals

The U.S. is been in last place for EMV adoption. . and the

fraudsters know it!

6

7

Fraud on debit and credit cards fell by more than a quarter in 2009

Counterfeit card fraud —skimming and cloning—fell by over half

Fraud on lost and stolen cards is at its lowest level in 10 years

7

Source: The UK Card Association

A smart (chip) card is a device that includes a

secure, embedded integrated circuit chip

(ICC)

The ICC may include a microprocessor and

memory or just a memory chip

― Has the ability to read and write information to the chip

The microprocessor performs functions that validate, store, and

encrypt data

These functions are used to perform financial and other types of

transactions

The chip may be embedded in cards, key fobs, stickers, mobile

phones, etc.

How the chip functions is determined by the EMV and NFC standards

There are two primary types of smart (chip) “cards”:

Contact

— Chip is embedded in a card

— A contact card must be inserted into a smart card

reader

— When the card is inserted, the contact points on the

chip make contact with the card reader

Contactless

— The chip may be embedded in cards, key fobs, stickers,

mobile phones, etc.

— A contactless chip requires only close proximity to a

reader – less than 4 inches

— Both the chip and the reader have an antenna and they

use an RF (radio frequency) signal to communicate

9

NFC (Near Field Communications) is a

radio-based interaction protocol

compatible with existing contactless

payment standards

It uses the same radio frequency as

contactless chip cards, but is a more

interactive and multi-use technology

NFC chips can be embedded in mobile

phones and allow the phones to act as

either a card or a reader

10

NFC-enabled mobile phones will driving

the acceptance of NFC; however, there

are many other players required to push

this technology forward

Interest in NFC soared in 2011 as Google

introduced Google Wallet

Additionally, AT&T, Verizon Wireless, and

T-Mobile formed a joint venture called Isis

with a similar concept that has just

launched a two-city pilot

© 2012 VeriFone Systems, Inc.

11

There are many companies entering this technology space

Each of these companies brings their own interpretation of the

virtual wallet experience

Right now, companies and technologies are jockeying to become

the dominant players; however, NFC has emerged as one of the

technologies poised to promote consumer acceptance of virtual

wallets

© 2012 VeriFone Systems, Inc.

12

B E N E F I T S

C A R D H O L D E R

• Peace of Mind (fraud reduction)

• Never lose sight of their card

• Global interoperability (e.g. European

travelers will be able to use their chip cards

in the U.S. and vice versa)

• Will support payments via mobile devices

utilizing NFC as those solutions take hold

• Fewer fraud-related chargebacks due to

stolen cards/skimming

• Increase in international customer satisfaction

• Helps foster the adoption and integration of

other payment technologies such as

contactless and mobile (via NFC)

M E R C H A N T

13

Card Brand Mandates

© 2012 VeriFone Systems, Inc.

2012: TECH Innovation Program (TIP) - PCI validation relief for Level 1 and

Level 2 merchants that adopt dual-interfaced solutions in any year that at

least 75% of the merchant transactions originate from a chip enabled terminal

― Note: must be capable of actually processing EMV cards and NFC

contactless payments; merchants cannot just install “EMV ready”

equipment. . . .so, not really happening!

2013: Acquirer Chip Processing Mandate - Acquirers and processors must

demonstrate the ability to process EMV transactions and NFC contactless

payments

2015: Liability Shift from Issuer to Merchant - Merchants of any size, will

be liable for domestic and cross-border counterfeit fraud committed at the

point of sale if they are not using a compliant EMV & NFC POS solution

(Automated Fuel merchant liability shift in 2017)

15

16

A non-compliant merchant is liable for fraud that

occurs on any chip card used on a magnetic

swipe terminal, with the liability for the

chargeback belonging to the merchant.

A non-compliant issuer is liable for fraud that

occurs on any magnetic stripe card used on a

chip card-enabled terminal, with the liability for

the chargeback belonging to the issuer.

16

EMV is essentially a standard that dictates the interaction between a

smart (chip) “card” and a POS payment technology

The “chip” stores encryption data that is used during the transaction to

prove the card is authentic and prevent cloning of the card

EMV chips can be either contact or contactless and are read & write

capable

NFC (Near Field Communications) is a radio-based interaction

protocol

— NFC-enabled devices are driving interest in acceptance

The Card Brands have announced EMV incentives (carrots and

sticks) that encourage issuers, acquirers/processors and merchants

to adopt EMV

© 2012 VeriFone Systems, Inc.

17

Allegiance’s Plans

19

NOTE: VeriFone wireless to be

available once 3G solution on the

market

20

We are working to release applications for Retail and

Restaurant with support for credit, PIN debit, EBT and gift

card in December 2012

The terminals will be EMV capable, meaning that we will be

able to enable EMV remotely through a download once that

functionality is certified on our host and becomes available.

Beta targeted for May/June; typically runs 45 -60 days

Subsequent development to support ECS, DCC and

Lodging is being defined.

Legacy terminals will not be “upgradeable” (can’t add a PIN

pad)

© 2012 VeriFone Systems, Inc.

21

Encompass 4 and ISO 8583 message specifications are being

updated to support the requirements.

― Certification Note: EMV requires true end-to-end

certification: from the device, through the POS payment

app, up to the authorization host and then on to the card

networks.

Elavon NA development utilities like viaConex are being

updated to support the E4 revisions that include the U.S.

EMV/Contactless mandates

We are still defining our roadmaps for software solutions

VirtualMerchant will be enhanced, no delivery date defined

VirtualMerchant Mobile release dependent on

VirtualMerchant updates

No plans to add EMV to viaWarp

© 2012 VeriFone Systems, Inc.

22

23

We are exploring innovative security and mobile solutions, such as

mobile wallets, that will allow Allegiance and our partners to tap into

new revenue and growth initiatives as these technologies take hold in

the industry

We will take a “wait and see” approach to Pay-at-the-Table solutions in

the U.S.

– VeriFone and Ingenico have short range wireless models that are

compatible with our payment application; software components not

yet developed

End-to-end Encryption will be added as part of a secure terminal

solution, it will require a different process to inject the encryption keys

and sign the app, which may also differ based on encryption method

(i.e. VSP or Voltage)

– We are still defining functionality, process and delivery

method/timeline

23

24 © 2012 VeriFone Systems, Inc.

Chargeback liability shifts are just over two years away, now is the time to get ahead of the curve and ensure your payment hardware investment is capable of carrying you into the future.

Technology changes rapidly and Digital Wallet’s are emerging. Are you prepared to accept your customers payments?

Are you doing everything you can to protect both your customer and yourself ? Make sure your POS is capable of taking advantage of the latest security features such as EMV, card encryption & signed applications.