qsecure presentation at rsa 2011

Introducing Dynamic Data in Payment Transactions without Changing the Existing Infrastructure

RSA ConferenceFebruary 2011San Francisco

Daniel Chatelain, Vice PresidentOperations & Strategic AlliancesWebsite: www.qsecure.com

QSecure, Inc. Proprietary and Confidential 2February 2011

Data Breach Epidemic


The Problem: Large and Costly

• January 2009

• Heartland Payment Systems

• Over 100M accounts compromised

• Too costly to issue new cards


Interesting Data Points

• 86% of cards stopped being used within 24 hours after 1st use*

• Fraudsters do not stick to one particular industry in 71% of the cases*

• Every transaction is relying on static data

• Fraud attacks are getting more and more sophisticated

• Fraud not limited to ecommerce but also very real at ATMs and POSs

* Ethoca Report on Fraud – Feb 2011


True cost of Payment Fraud

The negative effects of fraud involve all participants in the card value chain.

In general, only the issuer’s fraud losses are widely tracked and shared

Note: opportunity costs include lost revenues due to fraud at time of card application and of increasing compliance costs driven by fraud regulations and laws


Market closest in Europe to the US market

Payment cards are now 100% EMV since 2004

UK fraud rate was 9 basis points for 2009 compared to 18 bp in 2001. Counterfeit represents 18% and is down 52% from 2008

At a high level, numbers demonstrate that EMV deployment starts bearing fruit

Market Update – Fraud in the UK

Source: APACS in the UK

£ millions

CNP Counterfeit L&S0

50

100

150

200

250

300

350

20052006200720082009


In the US, decrease of fraud in 2009 due essentially to card reissuance (Heartland data breach)

In the US, increase of fraud in the first half of 2010

In the US, hack of merchant payment network to get magstripe data information

ATM skimming with camera to capture PIN getting slick with technology improvement (less frequent but high impact)

Market Update – Fraud in the US

2003

2004

2005

2006

2007

2008

2009

0

2

4

6

8

10

12

Fraud Rate

Source: MasterCard Global Risk Conference 2010

BasisPoints


Who is QSecure?

• Silicon Valley startup VC funded in 2005 ($32M raised)

• Broad patent portfolio on the technology and business applications

• Pilot test programs in development with major issuers

• Focusing on reducing fraud for the financial industry on Card Present and Card Not Present Fraud


The Ideal Solution

• Prevents Fraud

• Without changing existing infrastructure

• Without changing customer behavior

• That can scale

• And remains affordable


• The Display-Only Card• Secure On-Line Payment Card• Dynamic CVV2• Dynamic 3D Secure Code• Dynamic Home Banking Code (OTP)• Additional Secure Card Code (OTP)• Event based or time based

• The SmartStripe-Only Card• Secure Card-Present Payment Card• Dynamic MagStripe

• The Combo Card• Secure Card-Present and On-Line Card

The Resulting Card Products – What you see


The SmartStripe Solution – What you don’t see

• Convenient, compatible and secure credit cards with SmartStripe technology• Dynamic cryptography on the magstripe makes each

transaction unique• No impact on existing acceptance infrastructure

• Backend platform authenticates unique number on the magstripe• Integrates into existing issuer processes• No change to other transaction network processes


Why QSecure Works for Issuers?

• Only the card is upgraded, with issuer in full control

• Each card and transaction is unique (no keys stored in card)

• Card information stored by merchants, acquirers or service bureaus can not be used fraudulently (including PIN data)

• Quickly identify fraud sources, no need to block and reissue cards

• Increase market share through greater cardholder trust

• Card are EMV compatible


Why QSecure Works for Others?

• Cardholders• No change in cardholder behavior• Card data is safe• It is like getting a new card for each transaction

• Merchants• No need to change existing acceptance infrastructure• Fraud stopped in real time before goods or services are lost• Limits their financial exposure • No negative impact on business• Enhances PCI DSS compliance efforts


One Secure Card for One Application or Many

Other Bank Channels

CustomerService

Online Banking

Card PresentInteraction

POSATM

Card Not PresentInteraction

MOTOInternet

3D Secure

PaymentAuthorization Server

Banking Host

QSecureAuthorizationServer


One Secure Card for One Application or Many

Other Banking Channels

CustomerService

Online Banking

Card PresentTransactions

POSATM

Card Not PresentTransactions

MOTO 3D Secure

PaymentAuthorization Server

Banking Host

QSecureAuthorization

Server

QCS

PersoBureau

Internet


The Display Only Card

• Up to 6 Digit Display on the back of the card

• Unique cryptogram provided each time the button is pressed (CVQ) – data good for only one transaction or a period of time

• Thin, flexible battery embedded in card with up to 3 year life


The Display Only Card• Key Benefits

– Prevents Card Not Present transactions fraud• eCommerce and MOTO with Dynamic CVV2

• 3D Secure if 3D Secure used by issuer

– No change to the existing merchant checkout process

– Dynamic data associated with each transaction

– Can be used as an OTP Authentication Token as well• For Home Banking Interaction (event based or time based)

• For IVR/Customer Service Interaction


Our Value Proposition

• Passed security requirements from Cartes Bancaires and Visa Europe to issue Display cards in Europe

• Independent of card manufacturing and personalization bureau for cost effectiveness

• A full solution compatible with existing issuance systems

• An expertise to enable card issuers in their implementation

• We are in PRODUCTION already with our display products

• A pilot program in the box to get started easily


Summary• Largest threat to financial transaction network is static

data payment transactions

• QSecure’s SmartStripe technology solves the problem with no change to acceptance infrastructure

• Solution in production today with display cards and in late stage of development with the SmartStripe

• QSecure platform offers complete solution from front end card to backend authorization

• We have pilot programs “in a box” available if interested


Thank You

Daniel Chatelain, Vice PresidentOperations & Strategic AlliancesWebsite: www.qsecure.com

We look forward to doing business with you

qsecure presentation at rsa 2011

Economy & Finance