Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
Scribd Logo
Upload

Welcome to Scribd!

  • 85 views

    EMV 101 & Myths of EMV: Itai Sela Vice President B2 Payment Solutions

    Uploaded by

    rodrigoelbarbaro
    The document discusses EMV standards for chip-based credit and debit card payments. It provides an overview of EMV technology, addressing common myths and clarifying misunderstandings around EMV, PCI compliance, and certification testing requirements.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd

    EMV 101 & Myths of EMV: Itai Sela Vice President B2 Payment Solutions

    Uploaded by

    rodrigoelbarbaro
    85 views16 pages
    The document discusses EMV standards for chip-based credit and debit card payments. It provides an overview of EMV technology, addressing common myths and clarifying misunderstandings around EMV, PCI compliance, and certification testing requirements.

    Original Title

    emv-101-and-myths

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    The document discusses EMV standards for chip-based credit and debit card payments. It provides an overview of EMV technology, addressing common myths and clarifying misunderstandings around EMV, PCI compliance, and certification testing requirements.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Download as pdf or txt
    85 views16 pages

    EMV 101 & Myths of EMV: Itai Sela Vice President B2 Payment Solutions

    Uploaded by

    rodrigoelbarbaro
    The document discusses EMV standards for chip-based credit and debit card payments. It provides an overview of EMV technology, addressing common myths and clarifying misunderstandings around EMV, PCI compliance, and certification testing requirements.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Download as pdf or txt
    You are on page 1of 16

    EMV 101 & Myths of EMV

    Itai Sela
    Vice President
    B2 Payment Solutions
    Itai.sela@b2ps.com

    The EMV Universe 1


    EMVTM 101 – What is EMV?
     Name of the standards developed by Europay,
    MasterCard and Visa in 1993
     Currently owned by Visa, MasterCard, JCB and Amex
     Designed originally for “card present” contact chip
    card payment acceptance.
     Basis for chip migration by payment schemes in
    markets around the world

    EMV™ is a trademark owned by EMVCo LLC

    The EMV Universe 2


    EMV 101
     EMVCo manages, maintains and enhances the EMV
    Specifications to ensure global interoperability and
    acceptance of chip cards
     Also, is responsible for a type approval process for
    terminal compliance testing (EMV Level 1 and 2)
     Level 1 – Terminal hardware components
     Level 2 – EMV Kernel – Software (EMV Commands)
     Scheme Certification (Visa, MasterCard, Amex etc.)
     Level 3 – Payment application level

    The EMV Universe 3


    EMV 101
     EMV was designed to be a comprehensive toolbox that
    enables protection against:
     Counterfeit and skimming - through the use of cryptography
     Offline card authentication
     Online card authentication
     Lost or Stolen - through the use of offline PIN and/or online PIN
     Consumer delinquency through the use of offline risk
    management
     Secure offline transaction processing capability
     Over the years evolved to support “card not present” as
    well (CAP and DPA*)
    * CAP – Card Authentication Program (MasterCard), DPA – Dynamic Passcode Authentication (Visa)

    The EMV Universe 4


    EMV 101
     There are 3 main steps to an EMV transaction:
     Card Authentication – Card is genuine
     Offline
     Online
     Cardholder Verification – Card presented by its rightful owner
     Offline PIN (Plaintext/Encrypted)
     Online PIN
     Signature
     Amount Authorization
     Offline – using the Issuer counters and limits within the chip
     Online – using the Issuer host

    The EMV Universe 5


    EMV 101
    Type of Fraud
    Counterfeit Lost and
    Skimming Replay
    Card Stolen
    Security Method

    SDA ✔
    Offline

    DDA\CDA ✔ ✔
    EMV Toolbox

    Offline PIN ✔
    ARQC/ARPC ✔ ✔
    Online

    ATC Variance ✔ ✔

    Offline or Online PIN ✔

    The EMV Universe 6


    Myth #1: EMV = Old Technology
     EMV was developed in 1993 which makes it almost
    20 years old
     Why should a market implement a technology that is
    this old? Would we consider it obsolete?
     Maybe we should create a new technology to secure
    transactions moving forward

    The EMV Universe 7


    Reality #1: EMV Old Technology
     Modern cryptography is over 35 years old but we still
    use it
     EMV security relies on cryptographic functions –
    these evolve together with the evolution of
    cryptography
     In the early years of EMV the challenges have been
    with the implementations. Now with over 15 years
    of experience fewer issues occur
     There are over 1 Billion EMV Cards issued in the
    world

    The EMV Universe 8


    Myth #2: EMV = Chip & PIN
     Chip & PIN was the marketing brand used for the UK
    implementation of EMV
     PIN is one of the core EMV security features
     PIN only protects against lost and stolen fraud

    The EMV Universe 9


    Reality #2: EMV Chip & PIN
     There are EMV cards in the world today that don’t
    support PIN (Issuer, Brand and/or Market choice)
     It is up to the Issuer to decide if and when it is worth
    the investment to enable offline PIN as it requires an
    expensive infrastructure
     Canada 2010 – credit card Lost and stolen accounted
    for only 10% of card fraud*
     Once EMV is implemented there is no additional
    impact for the merchant to implement offline PIN at
    POS
    EMV = Chip & Choice
    *http://www.rcmp-grc.gc.ca/

    The EMV Universe 10


    Myth #3: PCI vs. EMV
     There are two ways to look at cryptography based
    security:
     Privacy/Secrecy (Encryption)
     Authenticity (Digital Signature)
     EMV is based on Authenticity
     PCI is based on Privacy

    EMV Cryptograms ≠ Encryption


     EMV data is not Encrypted

    The EMV Universe 11


    Reality#3: PCI & EMV
     To protect the “Card Not Present“ environment, card
    data must be kept secret in the “Card Present”
    environment
     PCI will continue to complement EMV as long as
    there isn’t a more widely adopted solution for “Card
    Not Present”
     PCI and EMV should be implemented together – Visa
    will waive PCI audits for the merchant if 75% of the
    transactions are EMV

    The EMV Universe 12


    Myth #4: EMV Certification is enough

    Interop Functional Purchase Refund Other Scripts Performance Destructive


    Trans

    Visa        
    MasterCard        
    Amex        

    The EMV Universe 13


    Reality#4:EMV Certification is NOT enough
     No performance testing – crucial with EMV
     Not enough negative or exception testing
     Customer specific testing not included
     Consult with your acquirer to receive the full EMV
    test requirements

    The EMV Universe 14


     Canadian Company located in the Greater Toronto
    Area
     We provide world class knowledge and training, POS
    development, products and services for EMV,
    Contactless, NFC, banking, e-commerce and card
    payments
     B2 is the exclusive distributor for the Collis Payment
    Products in Canada and the USA

    The EMV Universe 15


    Thank you
     For more information, visit

    www.b2ps.com
    www.collisamerica.com
    www.emv-usa.com
    www.actcda.com

    The EMV Universe 16

    You might also like