EMV 101 & Myths of EMV EMV Universe 1 EMV 101 & Myths of EMV Itai Sela Vice President B2 Payment...
Transcript of EMV 101 & Myths of EMV EMV Universe 1 EMV 101 & Myths of EMV Itai Sela Vice President B2 Payment...
![Page 1: EMV 101 & Myths of EMV EMV Universe 1 EMV 101 & Myths of EMV Itai Sela Vice President B2 Payment Solutions ... SDA DDA\CDA ARQC/ARPC ATC Variance](https://reader030.fdocument.pub/reader030/viewer/2022020411/5ac2ee9b7f8b9a333d8b845d/html5/thumbnails/1.jpg)
1 The EMV Universe
EMV 101 & Myths of EMV
Itai Sela Vice President B2 Payment Solutions [email protected]
![Page 2: EMV 101 & Myths of EMV EMV Universe 1 EMV 101 & Myths of EMV Itai Sela Vice President B2 Payment Solutions ... SDA DDA\CDA ARQC/ARPC ATC Variance](https://reader030.fdocument.pub/reader030/viewer/2022020411/5ac2ee9b7f8b9a333d8b845d/html5/thumbnails/2.jpg)
2 The EMV Universe
EMVTM 101 – What is EMV?
Name of the standards developed by Europay, MasterCard and Visa in 1993
Currently owned by Visa, MasterCard, JCB and Amex
Designed originally for “card present” contact chip card payment acceptance.
Basis for chip migration by payment schemes in markets around the world
EMV™ is a trademark owned by EMVCo LLC
![Page 3: EMV 101 & Myths of EMV EMV Universe 1 EMV 101 & Myths of EMV Itai Sela Vice President B2 Payment Solutions ... SDA DDA\CDA ARQC/ARPC ATC Variance](https://reader030.fdocument.pub/reader030/viewer/2022020411/5ac2ee9b7f8b9a333d8b845d/html5/thumbnails/3.jpg)
3 The EMV Universe
EMV 101 EMVCo manages, maintains and enhances the EMV
Specifications to ensure global interoperability and acceptance of chip cards
Also, is responsible for a type approval process for terminal compliance testing (EMV Level 1 and 2)
Level 1 – Terminal hardware components
Level 2 – EMV Kernel – Software (EMV Commands)
Scheme Certification (Visa, MasterCard, Amex etc.)
Level 3 – Payment application level
![Page 4: EMV 101 & Myths of EMV EMV Universe 1 EMV 101 & Myths of EMV Itai Sela Vice President B2 Payment Solutions ... SDA DDA\CDA ARQC/ARPC ATC Variance](https://reader030.fdocument.pub/reader030/viewer/2022020411/5ac2ee9b7f8b9a333d8b845d/html5/thumbnails/4.jpg)
4 The EMV Universe
EMV 101 EMV was designed to be a comprehensive toolbox that
enables protection against:
Counterfeit and skimming - through the use of cryptography
Offline card authentication
Online card authentication
Lost or Stolen - through the use of offline PIN and/or online PIN
Consumer delinquency through the use of offline risk management
Secure offline transaction processing capability
Over the years evolved to support “card not present” as well (CAP and DPA*)
* CAP – Card Authentication Program (MasterCard), DPA – Dynamic Passcode Authentication (Visa)
![Page 5: EMV 101 & Myths of EMV EMV Universe 1 EMV 101 & Myths of EMV Itai Sela Vice President B2 Payment Solutions ... SDA DDA\CDA ARQC/ARPC ATC Variance](https://reader030.fdocument.pub/reader030/viewer/2022020411/5ac2ee9b7f8b9a333d8b845d/html5/thumbnails/5.jpg)
5 The EMV Universe
EMV 101 There are 3 main steps to an EMV transaction:
Card Authentication – Card is genuine Offline
Online
Cardholder Verification – Card presented by its rightful owner
Offline PIN (Plaintext/Encrypted)
Online PIN
Signature
Amount Authorization
Offline – using the Issuer counters and limits within the chip
Online – using the Issuer host
![Page 6: EMV 101 & Myths of EMV EMV Universe 1 EMV 101 & Myths of EMV Itai Sela Vice President B2 Payment Solutions ... SDA DDA\CDA ARQC/ARPC ATC Variance](https://reader030.fdocument.pub/reader030/viewer/2022020411/5ac2ee9b7f8b9a333d8b845d/html5/thumbnails/6.jpg)
6 The EMV Universe
EMV 101 EM
V T
oo
lbo
x
On
line
O
fflin
e
Type of Fraud
Security Method
Counterfeit Card
Skimming Replay
SDA
DDA\CDA
ARQC/ARPC
ATC Variance
✔
✔
✔
✔
✔
✔ ✔
Lost and Stolen
Offline PIN ✔
✔ Offline or Online PIN
![Page 7: EMV 101 & Myths of EMV EMV Universe 1 EMV 101 & Myths of EMV Itai Sela Vice President B2 Payment Solutions ... SDA DDA\CDA ARQC/ARPC ATC Variance](https://reader030.fdocument.pub/reader030/viewer/2022020411/5ac2ee9b7f8b9a333d8b845d/html5/thumbnails/7.jpg)
7 The EMV Universe
Myth #1: EMV = Old Technology
EMV was developed in 1993 which makes it almost 20 years old
Why should a market implement a technology that is this old? Would we consider it obsolete?
Maybe we should create a new technology to secure transactions moving forward
![Page 8: EMV 101 & Myths of EMV EMV Universe 1 EMV 101 & Myths of EMV Itai Sela Vice President B2 Payment Solutions ... SDA DDA\CDA ARQC/ARPC ATC Variance](https://reader030.fdocument.pub/reader030/viewer/2022020411/5ac2ee9b7f8b9a333d8b845d/html5/thumbnails/8.jpg)
8 The EMV Universe
Reality #1: EMV Old Technology
Modern cryptography is over 35 years old but we still use it
EMV security relies on cryptographic functions – these evolve together with the evolution of cryptography
In the early years of EMV the challenges have been with the implementations. Now with over 15 years of experience fewer issues occur
There are over 1 Billion EMV Cards issued in the world
![Page 9: EMV 101 & Myths of EMV EMV Universe 1 EMV 101 & Myths of EMV Itai Sela Vice President B2 Payment Solutions ... SDA DDA\CDA ARQC/ARPC ATC Variance](https://reader030.fdocument.pub/reader030/viewer/2022020411/5ac2ee9b7f8b9a333d8b845d/html5/thumbnails/9.jpg)
9 The EMV Universe
Myth #2: EMV = Chip & PIN
Chip & PIN was the marketing brand used for the UK implementation of EMV
PIN is one of the core EMV security features
PIN only protects against lost and stolen fraud
![Page 10: EMV 101 & Myths of EMV EMV Universe 1 EMV 101 & Myths of EMV Itai Sela Vice President B2 Payment Solutions ... SDA DDA\CDA ARQC/ARPC ATC Variance](https://reader030.fdocument.pub/reader030/viewer/2022020411/5ac2ee9b7f8b9a333d8b845d/html5/thumbnails/10.jpg)
10 The EMV Universe
Reality #2: EMV Chip & PIN There are EMV cards in the world today that don’t
support PIN (Issuer, Brand and/or Market choice)
It is up to the Issuer to decide if and when it is worth the investment to enable offline PIN as it requires an expensive infrastructure
Canada 2010 – credit card Lost and stolen accounted for only 10% of card fraud*
Once EMV is implemented there is no additional impact for the merchant to implement offline PIN at POS
EMV = Chip & Choice *http://www.rcmp-grc.gc.ca/
![Page 11: EMV 101 & Myths of EMV EMV Universe 1 EMV 101 & Myths of EMV Itai Sela Vice President B2 Payment Solutions ... SDA DDA\CDA ARQC/ARPC ATC Variance](https://reader030.fdocument.pub/reader030/viewer/2022020411/5ac2ee9b7f8b9a333d8b845d/html5/thumbnails/11.jpg)
11 The EMV Universe
Myth #3: PCI vs. EMV
There are two ways to look at cryptography based security:
Privacy/Secrecy (Encryption)
Authenticity (Digital Signature)
EMV is based on Authenticity
PCI is based on Privacy
EMV Cryptograms ≠ Encryption EMV data is not Encrypted
![Page 12: EMV 101 & Myths of EMV EMV Universe 1 EMV 101 & Myths of EMV Itai Sela Vice President B2 Payment Solutions ... SDA DDA\CDA ARQC/ARPC ATC Variance](https://reader030.fdocument.pub/reader030/viewer/2022020411/5ac2ee9b7f8b9a333d8b845d/html5/thumbnails/12.jpg)
12 The EMV Universe
Reality#3: PCI & EMV
To protect the “Card Not Present“ environment, card data must be kept secret in the “Card Present” environment
PCI will continue to complement EMV as long as there isn’t a more widely adopted solution for “Card Not Present”
PCI and EMV should be implemented together – Visa will waive PCI audits for the merchant if 75% of the transactions are EMV
![Page 13: EMV 101 & Myths of EMV EMV Universe 1 EMV 101 & Myths of EMV Itai Sela Vice President B2 Payment Solutions ... SDA DDA\CDA ARQC/ARPC ATC Variance](https://reader030.fdocument.pub/reader030/viewer/2022020411/5ac2ee9b7f8b9a333d8b845d/html5/thumbnails/13.jpg)
13 The EMV Universe
Myth #4: EMV Certification is enough
Interop Functional Purchase Refund Other
Trans
Scripts Performance Destructive
Visa
MasterCard
Amex
![Page 14: EMV 101 & Myths of EMV EMV Universe 1 EMV 101 & Myths of EMV Itai Sela Vice President B2 Payment Solutions ... SDA DDA\CDA ARQC/ARPC ATC Variance](https://reader030.fdocument.pub/reader030/viewer/2022020411/5ac2ee9b7f8b9a333d8b845d/html5/thumbnails/14.jpg)
14 The EMV Universe
Reality#4:EMV Certification is NOT enough
No performance testing – crucial with EMV
Not enough negative or exception testing
Customer specific testing not included
Consult with your acquirer to receive the full EMV test requirements
![Page 15: EMV 101 & Myths of EMV EMV Universe 1 EMV 101 & Myths of EMV Itai Sela Vice President B2 Payment Solutions ... SDA DDA\CDA ARQC/ARPC ATC Variance](https://reader030.fdocument.pub/reader030/viewer/2022020411/5ac2ee9b7f8b9a333d8b845d/html5/thumbnails/15.jpg)
15 The EMV Universe
Canadian Company located in the Greater Toronto Area
We provide world class knowledge and training, POS development, products and services for EMV, Contactless, NFC, banking, e-commerce and card payments
B2 is the exclusive distributor for the Collis Payment Products in Canada and the USA
![Page 16: EMV 101 & Myths of EMV EMV Universe 1 EMV 101 & Myths of EMV Itai Sela Vice President B2 Payment Solutions ... SDA DDA\CDA ARQC/ARPC ATC Variance](https://reader030.fdocument.pub/reader030/viewer/2022020411/5ac2ee9b7f8b9a333d8b845d/html5/thumbnails/16.jpg)
16 The EMV Universe
Thank you
For more information, visit
www.b2ps.com
www.collisamerica.com
www.emv-usa.com
www.actcda.com