emv for merchants

EMV FOR MERCHANTS

EMV 101History, What is EMV, Types of Transactions, and Fraud Trends

EMV HISTORYHistory

• The EMV acronym originally referred to the

founding organizations from 1994 – Europay,

MasterCard and Visa. Today the EMV trademark

is owned by all of the equity owners of EMVCo:

MasterCard, Visa, JCB, American Express, China

UnionPay and Discover.

Today

• Within the payments industry, “EMV” has often

been used to refer to the original EMV Contact &

EMV Contactless Specifications. When used in

this manner, EMV refers to payment chip cards

that contain an embedded microprocessor, a

type of small computer that provides strong

security features and other capabilities not

possible with traditional magnetic stripe cards.

W. Capra Consulting Group 3

WHAT IS EMV?

EMV – Technical standards for cards and terminals that also impact end-to-end payment process.

EMV uses an embedded microchip in the card to

authenticate both the card (Card Authentication Method)

and the cardholder (Cardholder Verification Method)


W. Capra Consulting Group

International standard defining interoperability

of secure transactions

• Introduces dynamic data specific to the

transaction

• Devalues transaction data, reducing the risk of

counterfeit fraud

World-wide adoption, including U.S. neighbors

Canada and Mexico

• Affecting U.S. multi-national retailers

Enabler of future payment types

• Contactless, Mobile

Chip & PIN ≠ EMV

5

WHAT IS EMV?


Chip on card uses cryptography to provide

security

Utilizes 2 forms of cryptography

• Digital signatures – ensures data is authentic

• Encryption – ensures PIN data is kept confidential

Digital signature devalues the data

• Even if data is intercepted, signature cannot be

replicated

Encryption is only used to protect the PIN

• EMV does not encrypt all transaction data

6

WHAT IS EMV?

HOW WIDESPREAD IS EMV ADOPTION?


A DIFFERENT VIEW


EMV CARD-PRESENT TRANSACTIONS


GLOBAL FRAUD TREND

Counterfeit Fraud

Volume(Visa only)

Europe(Liability Shift

in 2005)

Asia Pacific(Liability Shift

in 2006)

U.S.(Liability Shift

in 2015)

- 56%

- 52%

+ 307%

2011

2004

U.S.

$…

ROW

$5.9

B

U.S.

$5.1T

ROW

$16.

5T

U.S. and

Rest of

World Sales

Volume

2012

U.S. and Rest

of World

Fraud

Volume

2012


Source: Vantiv, and Bureau of the Fiscal Service; http://fms.treas.gov/cas/EMV_Merchant_101.pdf

http://fms.treas.gov/cas/EMV_Merchant_101.pdf

U.S. LEADS THE WORLD IN FRAUD


WHAT’S DIFFERENT WITH EMV?


Current U.S. Standard

• Confidential data

stored on magnetic

stripe

• Authentication is via

PIN or signature

• Susceptible to

skimming

• No data is “written”

to magnetic stripe

Current Global

Standard

• EMV terminals read,

write data during

transaction

• Multiple methods for

authentication

• Dynamic authorization

MARKET DRIVERS FOR EMV

Counterfeit, Lost and Stolen Fraud Losses

• Currently, Issuers are liable for counterfeit fraud-related losses

• When EMV cards are issued, liability for counterfeit fraud will shift to merchant if the merchant is not EMV enabled

• When used with a PIN, also protects against lost and stolen fraud. Most card brands assign fraud liability based on the least secure party to the transaction


Global Interoperability of Chip Cards and

Payment Devices

• Worldwide standard used by all countries

• Support for international commerce

Contactless and Mobile Payment Schemes

• Demand for new and trending form factors

› NFC (Near-Field Communications)

› BLE (Bluetooth Low Energy)


MARKET DRIVERS FOR EMV

MYTHS: EMV AND DATA BREACHES

Myth: EMV would have prevented the recent high-profile breaches

• Although EMV would have lessened the aftermath of the recent breaches, it would not have prevented them from happening

• Even with EMV in place, a portion of the card-related data can still be unencrypted, or transmitted, in plain text

• The benefits of the EMV standard would only have kicked in after the breach occurred, by preventing the reproduction of cards from the stolen data

Myth: EMV is powerless related to the growing CNP fraud and should be skipped as we move towards an e-commerce consumer environment

• EMV does not have much impact on CNP fraud, but in-store purchases on cards is expected to reach $7.1 trillion in 2017

• Skipping over EMV will leave cards vulnerable and drive fraud to that payment channel, much as criminals are targeting the U.S. because it is the only major country without EMV

Source: https://www.bai.org/bankingstrategies/print.aspx?id=9242b7f7-b2ec-46a8-bf9e-686f2668a00f


https://www.bai.org/bankingstrategies/print.aspx?id=9242b7f7-b2ec-46a8-bf9e-686f2668a00f

Myth: EMV isn’t worth the time and cost associated with the technology implementation and consumer education efforts

• Security solutions have to be viewed as worth the investment in order to stop fraudsters and protect customers

• For example, Target experienced significant stock price decreases and lower sales as a result of its December 2013 breach

• For some companies, the damage to the brand’s reputation could be worse than the financial costs of a security issue.

• With the introduction of EMV cards in the UK, fraud losses from counterfeit cards fell more than 63% between 2004 and 2010

• Card fraud resulting from lost or stolen cards dropped more than 61%.


MYTHS: EMV AND DATA BREACHES

WHO IS PARTICIPATING IN THE CHANGE?


Payment Brands & Debit

Networks

• Brands have affirmed

October 2015 fraud

liability shift

• Debit EMV framework in

place

• Brands have cross

licensed each other’s

Common Debit

Applications

• Visa and MC also

working together on

Encryption, tokenization

and other security topics

Acquirers

• Investments already

made in their back

end; ready to support

EMV Apr 2013

• Still need to develop

POS specs and

complete front end

changes

• Constrained on

resources for

merchant testing &

certification

Issuers

• Chip card issuance has

begun

• Card manufacturers

seeing significant

increase in orders from

issuing banks

• Customers can request

cards now; most issuers

will replace as cards

expire

• 5000+ issuers and 1 billion

cards; migration is

accelerating but will take

time

Merchants

• Several large

merchants have had

active projects for

over one year

• More interest and

activity due to recent

breaches

• Average time from

start to certification is

18 months, assuming

acquirer, tech

vendors are ready

and no testing

bottlenecksW. Capra Consulting Group 18

WHO IS PARTICIPATING IN THE CHANGE?

WOULD YOU LIKE TO LEARN MORE ABOUT HOW EMV WILL IMPACT

YOU?



221 N LaSalle St #1325

Chicago, IL 60601

(312) 873 -3300

www.wcapra.com

http://www.wcapra.com/

W. CAPRA SERVICES


Retail

Technology

Provide project

leadership, retail

technology

expertise,

architecture

guidance,

deployment

management,

process

improvement

and operational

strategies

through a full

lifecycle

methodology

Payments

Provide

merchants the

best

opportunity to

construct a

right sized

payment offer

that meets the

retailer’s

business

objectives while

minimizing total

cost

Data

Security

Provide

merchants

retail specific

security best

practices to

ensure

consumer data

and credit card

data is

protected

without

impacting your

day to day

business

Back Office

Provide

operational

guidance

around retail

inventory and

workforce

management

to insure

inventory

margins and

labor cost are

in line with

established

goals.

20

W. CAPRA EMV EXPERIENCE


Engagement Verticals

Advisory Currently engagedGrocery, Petro C-Store,

Pharmacy & QSR

Education Currently engaged Petro C-Store & QSR

Strategy Currently engagedGeneral Retail, Petro C-Store,

QSR, and Private Label Issuer

Planning Currently engagedGeneral Retail, Petro C-Store &

QSR

Delivery Currently engagedGeneral Retail, Petro C-Store

and QSR

Leadership

EMF: W. Capra has multiple resources attend and

participate in the EMF

MAG: W. Capra consistently provides educational

content and sessions

to the MAG and its members

NACS: W. Capra has multiple resources attend and participate in theworking committees

W. Capra has recently been, or is currently, engaged

in all phases of EMV delivery in the U.S.

21

emv for merchants

Services