1 / 41

The Payment Device – An Exploration Into New Technologies and Methodologies

The Payment Device – An Exploration Into New Technologies and Methodologies. Chris Lomax Head of Marketing - EMEA. Agenda. Focus on Security Contactless Solutions Internet Communications SEPA Next Generation Consumer Devices. Focus on Security. Sources of Point of Card Fraud.

kirby-robbins
Download Presentation

The Payment Device – An Exploration Into New Technologies and Methodologies

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. The Payment Device – An Exploration Into New Technologies and Methodologies Chris Lomax Head of Marketing - EMEA

  2. Agenda • Focus on Security • Contactless Solutions • Internet Communications • SEPA • Next Generation Consumer Devices

  3. Focus on Security Sources of Point of Card Fraud • Card Fraud • Transaction logs and database hacks • Device and line tapping • Data Communications

  4. Card Fraud • Protecting Customers • In 2005 UK Card Fraud, excluding Card Not Present reduced by 28% (£98M). Chip and PIN / EMV • In 2005 UK Card Fraud, Card Not Present increased by 21% (£33M) • US - “Credit card fraud (28%) was the most common form of reported identity theft….” - 2004 Federal Trade Commission

  5. Transaction Logs or Database Hack ePOS software can contain mag-stripe data. "01/01/05 18:26:04",">> ATV1Q0<CR>" "01/01/05 18:26:04","<< <CR><LF>OK<CR><LF>" "01/01/05 18:26:05",">> ATE0V1<CR>" "01/01/05 18:26:05","<< <CR><LF>OK<CR><LF>" "01/01/05 18:26:52",">> <STX>D4.99999599999999991100119911QR8408403141932620 07055999Y103954@D5473500000000014=051210199998888777 76<FS><FS><FS>100<FS><FS><FS>Phantom Auto Parts Huntsville AL<FS><FS><FS>000<ETX>N <CR><LF>Content- Type: x-VISA-II/x-auth<CR><LF>" "01/01/05 18:26:53",">> Connected ssl.pgs.wcom.net 443" "01/01/05 18:26:54","<< <STX>E4.A001199115103900VITAL8051705182654APPROVAL 862445 0513722502322 0000123456789 <FS> <FS>000<ETX>;"

  6. Tapping A device is inserted into a payment device orattached to the line and card information is collected and either later retrieved or immediately transmitted Surface mount assembly, with removable storage media Wireless device transmitting dataover a range of 200m

  7. Street Prices Contributed by AmbironTrustWave 2005

  8. Proactive Industry Stance • PCI – Payment Card Industry Standards • Physical Security of Pin Accepting devices – PCI PED • Data Center Security – PCI DSS • Internet and Wireless Communication Standards

  9. December 2004 1 January 2004 2006 VISA-PED approval of all newly deployed POS PED devices Completion date for old VISA PED process certifications Next Scheduled Review Process 1 October 2004 July 2010 PCI PED process required for ALL new devices All installedPEDs must be Visa PED or PCI Approved 2004 2005 2006 PED Certification Timeline Approved devices list found at www.visa.com/PIN

  10. PCI Data Security Standard All merchants Must Comply

  11. MasterCard IP-Enabled POS Security • Security standards for IP-Enabled POS devices - Encryption of transaction data between POS device and acquire • Vendors and acquirers required to provide compliant solutions • MasterCard introducing Internet Protocol POS Terminal Compliance Testing Program • Acquirer responsible for obtaining MasterCard approved solution • MasterCard Reference documents: • Internet/IP-Enabled POS Terminals, Security Guidelines – Oct 05 • Internet/IP-Enabled POS Terminals, SSL/TLS Implementation Guidelines – Oct 05

  12. Timelines 1st April 06 • Acquirers ensure new wireless and IP-enabled terminals are submitted for evaluation and approval 1st Sept 06 • All newly deployed wireless and IP-enabled terminals support encryption and comply with mandate 3rd Jan 07 • Acquirers must upgrade all non-compliant wireless and IP-enabled terminals

  13. Security Leadership VeriFone has lead representation on industry security forums defining and driving many security features and innovation Powerful products engineered specifically to meetthe most demanding security requirements: • Terminal hardware • Software architecture • Communications security

  14. VeriFone Security Model POS Terminal Hardware • Application separation assured by secure memory management unit • EMV Level 1 Certified hardware • High security for PIN entry with DES, 3DES, RSA and AES • PED certifications: Infogard, TNO and T-Systems • Tamper evident mechanisms • Tamper proof mechanisms • Security PED fence / mesh

  15. Application separation by multi-application OS – Verix V EMV Level 2 certified VeriShield digital certification for files and applications TLS 1.0 and SSL 3.0 (RSA, MD5, SHA-1, 3DES, RC4) Full client and server side mutual authentication - addresses WiFi and GPRS security weaknesses Client digital certificate authentication (SSL VPN) VeriFone Security Model POS Terminal Software

  16. Future Threat – AntiVirus • The threat from software viruses is no longer confined to the PC market • The IP-enabled terminal market is growing at a rapid pace • Although no immediate risks are evident utilising cost effective, secure and efficient Internet communications may have future risks • Hackers are always working to be malicious or to steal • Before viruses existed for personal computers no one had virus protection

  17. Preventative Measures • Industry’s first anti-virus security for POS terminals • Aims at minimising business impact from potential future unknown risks • Leverages on the McAfee malware detectionengine for embedded systems

  18. Agenda • Focus on Security • Contactless Solutions • Internet Communications • SEPA • Next Generation Consumer Devices

  19. Contactless Technology in Payments • Transponders (sub $1.00 COGS) • Low Bandwidth, no read/write • Automated Toll collection systems • Mobile Speed Pass • Contactless Chip Cards ($2-$3) • 1356 MHz ISO 14443 A & B • more security and complex applications • MIFARE, MasterCard, Amex • FeliCa (14443 C non-ISO) • Proprietary Sony protocol popular in ASPAC • Not fully accepted as international standard (with controls)

  20. Near Field Communication (NFC) • Next stage technology migration for contactless • Developed and endorsed by all key constituents (Phillips, Sony, Nokia, MasterCard…) • Key to enabling personal devices to become payment devices • Merchants still need ISO 14443 readers (today’s can be SW upgraded)

  21. Merchant Value Proposition

  22. VeriFone’s Market Commitment Roadmap to leverage emerging opportunities • Multi-Lane, Consumer facing • Unattended Environments • Integrated with Handover Devices • Peripheral to Countertop Devices

  23. Agenda • Focus on Security • Contactless Solutions • Internet Communications • SEPA • Next Generation Consumer Devices

  24. Internet and the IP Revolution • IP has changed how business is conducted • E-Commerce • Entertainment/Movies/Music • Telecom industry • Payment industry • Via IP & IP technologies, it is now possible to have ACCESS to services that were not previously accessible • We are no longer bound to “traditional” transaction networks • We can leverage the “Internet” to provide services to customers around the globe

  25. The IP Value Proposition • Faster, Better, Cheaper • Long term infrastructure cost reduction through multiple advanced communications options • More secure transactions • Improved merchant retention viabest use of new technologies • Potential for multiple new businessmodels • Rapid time to market • Verifone is well positioned in this space

  26. IP Based Payment In Action And the list goes on and on….

  27. Local Area Network (LAN) Metropolitan Area Network (MAN) Bandwidth (Mb/s) 4G 100 WIMAX 10 WI-FI Wide Area Network (WAN) 1 3G - EDGE/WCDMA/CDMA2000 1x EV 2.5G - GPRS/CDMA2000 1X 0.1 2G - GSM/CDMA/TDMA Bluetooth 0.01 0.01 0.1 1 10 100 Personal Area Network (PAN) Mobility (Km) Wireless Industry Technologies

  28. Enablers And Facilitators • Internet revolution - mass adoption of Broadband • Low cost IP connectivity • Always-on high speed transactions • Eliminate need for dedicated dial-up lines and low speed private networks • Wireless connectivity - IP everywhere • Mobile payments – WiFi and GPRS • No fixed cabling – dynamic stores layout • Standardised platforms • Multi-application support • Credit • Debit • Pre-Authorised / Pre-Paid Debit • Loyalty • Gift Card • Mobile top-up • etc

  29. IP Enabled - Value Added Services Internet meets POS browser based services • Complementary to terminal based payment applications • Web hosted applications • Reduce time to market for new applications • No limit to number of applications at point of sale • Software development costs are reduced • No terminal migration issues

  30. IP Enabled - Value Added Services

  31. Enhanced Communication Leadership • The first modular design with multiple communications options • The first Ethernet solution • The first CDMA solution • The first Wi-Fi solution • The first Micro-Browser solution • The first SSL based security solution • And we keep raising the bar…

  32. Agenda • Focus on Security • Contactless Solutions • Internet Communications • SEPA • Next Generation Consumer Devices

  33. SEPA and Payment Terminals • Single European Payments Area (SEPA) • The objective of SEPA is for a single market payments area • Open, competitive market • Coherent legislation and regulation • Preventing fraud • Standardisation • It covers retail payment instruments: • Cash (the €uro notes and coins are already in circulation) • Direct debits and bank giros • ATM cash transactions • Credit and debit cards • SEPA standards are to be implemented • Starting in 2008 through to 2010

  34. SEPA Card Framework (SCF) • The Framework is aimed at building an environment in which there are no technical, legal or commercial barriers to stand in the way of cardholders, banks and merchants choosing and using SCF compliant payment and ATM access card products • Approved Framework published 8 March 2006 as version 2

  35. Implications for Terminal Solutions • Single security standard • Endorse the use of PCI PED • Or one standard approval across all SEPA region • Elimination of multiple national standards – GIE CB, UK CC, ZKA, C-TAP, SAKO-I….. • Standardised cardholder interface process • The keying / transaction sequence to be standardised • Display language based on card issuer ISO code • European Payments Council (EPC) to provide SEPA Governance • EPC membership to be open to vendors (associate members) • Standards Working Groups • Out of Scope • Standard host interface message • All data elements already in most national / proprietary formats • Forcing this will delay implementation • Encourage gradual migration to a standard interface • No TMS, or File Transfer standards needed

  36. Agenda • Focus on Security • Contactless Solutions • Internet Communications • SEPA • Next Generation Consumer Devices

  37. Evolution of the PIN Pad • Today’s PIN pad has evolved to tomorrow’s “client-facing terminal” • Enhanced communications allowsindividualized messaging to each client • Content Driven Grab attention with animations or video with Screen Savers, Videos, Banners, Pop-ups and multi-media content and commercial images to uplift your brand

  38. Content Evolution What content?

  39. Present your message brilliantly • Move away from the limitations of static images and leverage the same attention-getting dynamic messaging you used on television, plasma displays, digital signage, the Web and in print right where the consumer is • Reinforce Brand image using • Special Promotions • Screen Saver • Customised product • Revenue Generation Potential • Communicate with the consumer without slowing transactions using video and animations

  40. VeriFone - Track Record of Innovation • Innovative payment transaction solutions • Value added services at the point of sale • Superior insight into customer needs VeriFone Wins Frost & Sullivan 2005 Product Line Strategy Leadership Award Frost & Sullivan, founded in 1961, is recognized as a global marketing research and solution leader, with offices located worldwide.

  41. Questions

More Related