emv credit card security implementation
TRANSCRIPT
![Page 1: EMV Credit Card Security Implementation](https://reader031.vdocument.in/reader031/viewer/2022012915/61c6464063858f552637a203/html5/thumbnails/1.jpg)
EMV Credit Card Security Implementation
Presented By:
Mike Hughes, North American Strategic PartnershipsMoneris Solutions
![Page 2: EMV Credit Card Security Implementation](https://reader031.vdocument.in/reader031/viewer/2022012915/61c6464063858f552637a203/html5/thumbnails/2.jpg)
• U.S. EMV Migration Update
• Lessons learned from the Canadian EMV Migration
• EMV Upgrades: Roles and Responsibilities
• Value of End-2-End Encryption
• Key Functionalities for Parking
• EMV Use Cases
![Page 3: EMV Credit Card Security Implementation](https://reader031.vdocument.in/reader031/viewer/2022012915/61c6464063858f552637a203/html5/thumbnails/3.jpg)
Largest electronic payment processor in Canada, 6th largest in North America
![Page 4: EMV Credit Card Security Implementation](https://reader031.vdocument.in/reader031/viewer/2022012915/61c6464063858f552637a203/html5/thumbnails/4.jpg)
Source: USA Visa August 2016 Chip Update Infographic
![Page 5: EMV Credit Card Security Implementation](https://reader031.vdocument.in/reader031/viewer/2022012915/61c6464063858f552637a203/html5/thumbnails/5.jpg)
5
CAN V/MC
Domestic
Liability Shift
Mar 31st
2011
CAN AFD
Liability Shift
Mar 31st
2012
CAN Visa Intl.
Liability Shift
Oct 31st
2010
![Page 6: EMV Credit Card Security Implementation](https://reader031.vdocument.in/reader031/viewer/2022012915/61c6464063858f552637a203/html5/thumbnails/6.jpg)
6
![Page 7: EMV Credit Card Security Implementation](https://reader031.vdocument.in/reader031/viewer/2022012915/61c6464063858f552637a203/html5/thumbnails/7.jpg)
7 7
EMVCo sets the “Standards”, but it is the Brands who determine what, and how, these standards are “Implemented”.
Layers Management Functions Certification Entity
Level 1 - Physical Protocols between the chip card and the PED
EMVCo
Level 2 - Software (Kernel)
EMV application selection, EMV command set, and the EMV transaction steps
EMVCo
PED Payment Application
EMV command/response mgmt., encryption, communication protocols
Acquirer on behalf of brands
![Page 8: EMV Credit Card Security Implementation](https://reader031.vdocument.in/reader031/viewer/2022012915/61c6464063858f552637a203/html5/thumbnails/8.jpg)
8
![Page 9: EMV Credit Card Security Implementation](https://reader031.vdocument.in/reader031/viewer/2022012915/61c6464063858f552637a203/html5/thumbnails/9.jpg)
9
Visa Quick Chip enables deploying an online only configuration (zero floor limit)
Source: Visa September 2016 EMV Newsletter, Visa Quick Chip Implementation Steps
![Page 10: EMV Credit Card Security Implementation](https://reader031.vdocument.in/reader031/viewer/2022012915/61c6464063858f552637a203/html5/thumbnails/10.jpg)
Reducing PCI Scope
• End-to-End Encryption solutions manage all aspects of the transaction requiring clear-text account data (BIN lookup, PIN block, etc.), and…
• End-to-End Encryption prevents the release of clear-text account data into the merchant’s environment, thus…
• The “edge” of the Payment Entry Device (PED) becomes the boundary of the merchant’s Cardholder Data Environment (CDE) completely removing the POS from PCI PA-DSS compliance scope
![Page 11: EMV Credit Card Security Implementation](https://reader031.vdocument.in/reader031/viewer/2022012915/61c6464063858f552637a203/html5/thumbnails/11.jpg)
Effective 1 October 2012, Visa’s Technology Innovation Program (TIP) rewards U.S. merchants
that have invested in EMV technology by eliminating the PCI DSS validation requirement for any
year in which at least 75 percent of the eligible merchant’s Visa transactions originate from dual
interface EMV chip-enabled terminals.
Source: Visa Data Security Program Keeping Cardholder Data Safe
![Page 12: EMV Credit Card Security Implementation](https://reader031.vdocument.in/reader031/viewer/2022012915/61c6464063858f552637a203/html5/thumbnails/12.jpg)
• EMV Credit• PIN Debit / Interac• E2E Encryption• Hashing (Card-in/Card-Out)• Whitelisting of 3rd Party Cards
(unencrypted non-bankcard)• Use of Pin Pad for Non-Payment Data Entry
• Store and Forward• Tokenization / Recurring• Remote Download • Contactless Credit / Debit• Progress Tokens / Key Echoing• Card Reader Only Configuration
(No Pin Pad)
![Page 13: EMV Credit Card Security Implementation](https://reader031.vdocument.in/reader031/viewer/2022012915/61c6464063858f552637a203/html5/thumbnails/13.jpg)
13
• 20 VenTek International Pay Stations
• Solar Battery Powered
• Cellular Modem 3G or 4G Connection
![Page 14: EMV Credit Card Security Implementation](https://reader031.vdocument.in/reader031/viewer/2022012915/61c6464063858f552637a203/html5/thumbnails/14.jpg)
14
VenTek Paystation Internal Network
MonerisUX300
Secure CardReader
TAPReader
PINPad
VenTekAuxiliary
Control Unit(acting as Router)
VenTekC1100
PaystationController
CellularModem
(3G or 4G)
May also be Wi-Fior Ethernet
Paystation Cabinet
VenTek DataCenter
andMoneris
![Page 15: EMV Credit Card Security Implementation](https://reader031.vdocument.in/reader031/viewer/2022012915/61c6464063858f552637a203/html5/thumbnails/15.jpg)
15 https://youtu.be/BMAm7zCTij0
WMATA NEPP Pilot• 10 fare gates• 50 buses• 2 parking lanes• 2,000+ customers
![Page 16: EMV Credit Card Security Implementation](https://reader031.vdocument.in/reader031/viewer/2022012915/61c6464063858f552637a203/html5/thumbnails/16.jpg)
16
ICS Car Wash• 5,000+ U.S. Kiosks• EMV Certified in CAN and US• ISO and Proprietary Gift• Tokenization / Recurring
![Page 17: EMV Credit Card Security Implementation](https://reader031.vdocument.in/reader031/viewer/2022012915/61c6464063858f552637a203/html5/thumbnails/17.jpg)
• Direct Vs. Pre-Certified Solution
• Functionality and Future Proofing
• Physical and Environmental Impacts
• Cost, Timeline, and PCI Security