Card-not-present & EMV Ryan W. Barnes Associate Director, - - PowerPoint PPT Presentation

card not present emv
SMART_READER_LITE
LIVE PREVIEW

Card-not-present & EMV Ryan W. Barnes Associate Director, - - PowerPoint PPT Presentation

Dec 29, 2022 166 likes •301 views

Card-not-present & EMV Ryan W. Barnes Associate Director, Consumer Product TSYS eCommerce Trends Growth Estimates General Purpose Card TXN $500 $434 $450 $385 Prepaid 0.4 2.7 $400 $339 $350 $297 $300 $259 $226

slide-1
SLIDE 1

Card-not-present & EMV

§ Ryan W. Barnes § Associate Director, Consumer Product § TSYS

slide-2
SLIDE 2

eCommerce Trends

$226 $259 $297 $339 $385 $434 $0 $50 $100 $150 $200 $250 $300 $350 $400 $450 $500 2012 2013 2014 2015 2016 2017 eCommerce Source: eMarketer, April 2013, Figure 154501, Federal Reserve Payments Study 5.8 5.7 0.4 18 41.3 2.7 0% 20% 40% 60% 80% 100% Debit Credit Prepaid CNP Card-present

Growth Estimates General Purpose Card TXN

slide-3
SLIDE 3

Fraud Rates

CNP vs. Card-present

Sources: 2013 Federal Reserve Payments Study

3.72 2.83 0.87 11.82 9.48

0.00 2.00 4.00 6.00 8.00 10.00 12.00 14.00

GP credit GP signature debit GP PIN debit and ATM

CNP (TXN) Card-present (TXN)

9.16 11.32 2.84 11.38 10.91

0.00 2.00 4.00 6.00 8.00 10.00 12.00

GP credit GP signature debit GP PIN debit and ATM

CNP (value) Card-Present (value)

Transactions Volume/Value

slide-4
SLIDE 4

Fraud Composition

Select examples from past EMV implementations

UK France Australia

Sources: UK Card Association; Annual Report of the Observatory for Payment Card Security, 2011; Australia Payments Clearing Association 0% 20% 40% 60% 80% 100% 2007 2008 2009 2010 2011 2012 CNP (%) Card-present (%) 0% 20% 40% 60% 80% 100% 2007 2011 Card-present CNP 0% 20% 40% 60% 80% 100% 2006 2007 2008 2009 2010 CNP Counterfeit

slide-5
SLIDE 5

3D Secure

UK Case: Card-not-present fraud

Sources: Financial Fraud Action 95.7 110.1 122.1 150.8 183.2 212.7 290.5 328.4 266.4 226.9 220.9 50 100 150 200 250 300 350 2001 2002 2003 2004 2005 2006 2007 2008 2009 2010 2011 £ Millions

slide-6
SLIDE 6

The Basic Problem

Strong EMV authentication measures do not translate in CNP environment Must authenticate via alternative means Factors of Authentication: The “Has”-”Knows”-”Is/Does” convention

§ Ownership factors § Knowledge factors § Inherence factors

slide-7
SLIDE 7

The Building Blocks

Ownership Knowledge Inherence

Static Token PII (ex. SS#) UN/PW/Security Questions Dynamic Token Account # Chip Mag Stripe PIN Signature Application Biometrics IP Address Cookies Account History IMEI, MEID (device) IMSI, CSIM (subscriber) Landline Phone Number P.O. Box

1) Signature Card Present

Mag Stripe Signature

2) EMV Card Present

Chip PIN

3) Pizza over the phone

Static Code Account #

4) Internet purchase – Fleece Jacket

UN/PW/Security Questions IP Address

5) Remote Login at work

Dynamic Token UN/PW/Security Questions

slide-8
SLIDE 8

Hard vs. Soft Considerations

Hard

  • Fraud reduction

Soft

  • Ease of purchase

Hard

  • Required investment
  • Maintenance/compliance
  • Reissuance due to data breach

Soft

  • Interchange loss à TXN

Abandonment

  • Interchange lossà consumer

reluctance to conduct eCommerce Hard

  • Fraud reduction

Soft

  • Ease of purchase
  • Business intelligence

Hard

  • Required investment
  • Maintenance/compliance

Soft

  • Transaction abandonment
  • Consumer reluctance/fear to conduct

eCommerce

Issuer Merchant Advantages

Disadvantages

slide-9
SLIDE 9

High or Low Traffic? Authenticate Each Transaction?

Merchant Logic

CNP Small Large High Low Low High Yes No Yes No Yes No Yes No Customer Account Portable Account Scope-setting “Card-based “checkout Customer Account Portable Account Scope-setting “Card-based “checkout Customer Account Portable Account Scope-setting “Card-based “checkout Customer Account Portable Account Scope-setting “Card-based “checkout

CNP

Small or Large Business?

slide-10
SLIDE 10

Categories of Approach

Ø Customer Account – A merchant-specific site or mobile application that requires login authentication and houses payment card information (ex. Amazon) Ø Portable Account – An account established for use at multiple e-merchants that houses payment card information (exs. PayPal, V.Me) Ø Scope Setting – Using data to determine level of authentication required (ex. “Device fingerprinting”) Ø “Card-based” checkout – Standard checkout procedure of entering card-based information (exs. Card#, address on file, static three-digit code)

slide-11
SLIDE 11

Summary Industry Implications

Ø eCommerce is growing fast, stealing share from brick-and-mortar Ø Past experience suggests heightened risk of CNP fraud as a result of EMV implementation Ø There likely is no “silver bullet” to address CNP fraud

Ø Myriad of solutions reliant on similar building blocks Ø Business considerations for merchants Ø Use cases

Ø Prognosticators: account for eCommerce concentration

slide-12
SLIDE 12

§ Smart Card Alliance

§ 191 Clarksville Rd. · Princeton Junction, NJ 08550 · (800) 556-6828 § www.smartcardalliance.org

Speaker Contact Information ryanbarnes@tsys.com