emv presentation
TRANSCRIPT
8122019 Emv Presentation
httpslidepdfcomreaderfullemv-presentation 18
1242011
1
EMV Credit Card ParkingTechnology for 2012
What are the various stakeholderobligations to ensure its proper
implementation
Glenn Caldwell
copy COPYRIGHT ndashPARKING amp TRAFFIC CONSULTANTS
In the beginning there was the cardnext there was fraud (its not just about fraud)
Source EMVCo
Fraud History 1980 ndash present
bull Around the world bank card fraud losses to Visa and MasterCar d alone haveincreased from $110 million in 1980 to an estimated $163 billion in 1995
bull The Australian Institute of Criminology has revealed that fraud accounted for5715 cents of every $1000 transacted using credit an d charge cards in 2009
ndash This is an increase of 55 percent since 2006
bull The Australian Crime Commission 2011 report found that in 2010 593819fraudulent credit card transactions occurred scamming Aussies out of awhopping $145854208
bull 10 of Australians says they have been a victim of credit card fraud over thepast 5 years which is relatively low compared to some other countries
ndash America and UK - 27
ndash China and Singapore ndash 15
ndash Germany ndash 8
ndash Dubai - 7
Who are the people we can thank forEMV
bull Albert Gonzalez ndash one of 11 men chargedwith the largest credit card security breachrecorded in 2008 46 million customers
were affected
bull Database driven fraud (rather thanskimming) via ldquoWardrivingrdquo
bull 3 massive attacks
bull TJX Retailers
bull 7 elevenbull Heartland payment systems
copy COPYRIGHT ndash PARKING amp TRAFFIC CONSULTANTS
Recent Changes in fraud behaviour
bull Most common form of identity theft
bull Petrol Pump fraud on the increase as criminals continue to find new areas ofweakness Internet security and PCI are making it increasingly harder forcriminals and they are now moving into new territory Unattended credit card
New Credit Card Skimming Scam Hits RB PQ Ga s StationsNew Credit Card Skimming Scam Hits RB PQ Ga s StationsNew Credit Card Skimming Scam Hits RB PQ Ga s StationsNew Credit Card Skimming Scam Hits RB PQ Ga s StationsNovember 10 2011November 10 2011November 10 2011November 10 2011
New generation of card skimmers sold online hit ColoradoNew generation of card skimmers sold online hit ColoradoNew generation of card skimmers sold online hit ColoradoNew generation of card skimmers sold online hit ColoradoNovember 8 2011November 8 2011November 8 2011November 8 2011
copy COPYRIGHT ndashPARKING amp TRAFFIC CONSULTANTS
The Parking Journey ndash
Managing cash fraud a priority
983107983151983145983150 983151983150983148983161 983107983151983145983150 +
983123983149983137983154983156 983139983137983154983140
983107983151983145983150 +
983107983154983141983140983145983156 983107983137983154983140(983151983142983142983148983145983150983141)
983107983151983145983150 + 983107983154983141983140983145983156
983107983137983154983140 (983119983150983148983145983150983141) +983117983151983138983145983148983141 983120983137983161983149983141983150983156
(983141983085983139983151983149983149983141983154983139983141 983151983154991260983139983137983154983140 983150983151983156983152983154983141983155983141983150983156991261)
983107983151983145983150 +
983107983154983141983140983145983156
983107983137983154983140
(983119983150983148983145983150983141
983120983107983113)
983107983151983145983150 +
983107983154983141983140983145983156
983107983137983154983140 (983120983107983113
983152983148983157983155
983109983117983126)
983107983137983155983144
983142983154983137983157983140
983107983154983141983140983145983156
983139983137983154983140 983142983154983137983157983140
983110983157983156983157983154983141
983110983154983137983157983140
copy COPYRIGHT ndash PARKING amp TRAFFIC CONSULTANTS
8122019 Emv Presentation
httpslidepdfcomreaderfullemv-presentation 28
1242011
2
What is EMV
bull EMVreg is a global standard for credit and debit payment cards based on chip cardtechnology As of end-2010 there were more than 124 billion EMV compliantchip-based payment cards in use worldwide
EMV chip-based payment cards also known as smart cards contain an
embedded microprocessor a type of small computer The microprocessor chipcontains the information needed to use the card for payment and is protectedby various security features Chip cards are a more secure alternative totraditional magnetic stripe payment cards
bull EMVCo manages maintains and enhances the EMVreg Integrated Circuit CardSpecifications for chip-based payment cards and acceptance devices includingpoint of sale (POS) terminals and ATMs EMVCo also establishes and administers
testing and approval processes to evaluate compliance with the EMVSpecifications
Source -EMVCo
Key advantages of EMV
bull More secure than encoded magnetic stripe
bull A unique digital signature of each new transaction is produced in thechip proving authenticity in an offline mode and prevents use offraudulent cards
bull Can be used to secure online transactions through cryptograms
bull Supports enhanced cardholder verification methods
bull Configuration of the card can be changed AFTER it has been issued
bull Contactless (Tap amp Go) ndashupgradeable
bull Offline transactions
copy COPYRIGHT ndash PARKING amp TRAFFIC CONSULTANTS
We have a General Direction ndash But noreal ldquoDirectiverdquo
Proliferation of EMV POS terminals for attended ndash
yet little progress for unattended
copy COPYRIGHT ndashPARKING amp TRAFFIC CONSULTANTS
EMV ImplementationEMV ImplementationEMV ImplementationEMV Implementation
ProgramProgramProgramProgram
EMV ImplementationEMV ImplementationEMV ImplementationEMV Implementation
ProgramProgramProgramProgram
The AcquirerThe AcquirerThe AcquirerThe Acquirer(your Bank)(your Bank)(your Bank)(your Bank)
The equipmentThe equipmentThe equipmentThe equipment
manufacturermanufacturermanufacturermanufacturerCard ReaderCard ReaderCard ReaderCard Reader
manufacturermanufacturermanufacturermanufacturer
Card Issuers (VisaCard Issuers (VisaCard Issuers (VisaCard Issuers (VisaMasterCard AMEX)MasterCard AMEX)MasterCard AMEX)MasterCard AMEX)
The MerchantThe MerchantThe MerchantThe Merchant
(Councils Car park(Councils Car park(Councils Car park(Councils Car park
owners)owners)owners)owners)
The GatewayThe GatewayThe GatewayThe GatewayProvider(s)Provider(s)Provider(s)Provider(s)
Key stakeholders ndash No one entity has ALL theknowledge It is an informal consortium ofspecialist experts
The ParkingThe ParkingThe ParkingThe Parkingequipment providerequipment providerequipment providerequipment provider
Governing bodiesGoverning bodiesGoverning bodiesGoverning bodies
EMV CO PCI SecurityEMV CO PCI SecurityEMV CO PCI SecurityEMV CO PCI SecurityStandards CouncilStandards CouncilStandards CouncilStandards Council
copy COPYRIGHT ndash PARKING amp TRAFFIC CONSULTANTS
EMV - An Overview
983107983137983154983140 983124983141983154983149983145983150983137983148983107983137983154983140 983124983141983154983149983145983150983137983148
The EMV Credit Card
bull EMV ldquoSMART CARDrdquo is personalised by the card issuer and certifyingauthority
bull Superior levels of security is achieved by employing Public KeyCryptography
ndash Asymmetric rather than ldquosharedrdquo
983109983117983126 983116983141983158983141983148 2
983107983141983154983156983145983142983145983141983140
983123983151983142983156983159983137983154983141 983115983141983154983150983141983148
983109983117983126 983116983141983158983141983148 1
copy COPYRIGHT ndash PARKING amp TRAFFIC CONSULTANTS
8122019 Emv Presentation
httpslidepdfcomreaderfullemv-presentation 38
1242011
3
How it works ndash (summarised)
983107983137983154983140 983105983139983156983145983151983150 983105983150983137983148983161983155983145983155983124983154983137983150983155983137983139983156983145983151983150 983139983141983154983156983145983142983145983139983137983156983141 (983124983107)991252983119983142983142983148983145983150983141
983137983152983152983154983151983158983137983148983105983157983156983144983151983154983145983162983137983156983145983151983150 983122983141983153983157983141983155983156983107983154983161983152983156983151983143983154983137983149
(983105983122983121983107)991252983119983150983148983145983150983141 983137983157983156983144983151983154983145983162983137983156983145983151983150983105983152983152983148983145983139983137983156983145983151983150 983105983157983156983144983141983150983156983145983139983137983156983145983151983150983107983154983161983152983156983151983143983154983137983149
(983105983105983107)991252983119983142983142983148983145983150983141 983140983141983139983148983145983150983141
983124983141983154983149983145983150983137983148 983105983139983156983145983151983150 983137983150983137983148983161983155983145983155
983124983141983154983149983145983150983137983148 983140983141983139983145983140983141983155 983151983150 983159983144983137983156 983145983156 983145983155 983143983151983145983150983143 983156983151 983137983155983147 983156983144983141 983139983137983154983140
983124983141983154983149983145983150983137983148 983122983145983155983147 983105983155983155983141983155983155983149983141983150983156 983080983119983152983156983145983151983150983137983148983081
983141983143 983110983148983151983151983154 983148983145983149983145983156983155
983107983137983154983140 983112983151983148983140983141983154 983126983141983154983145983142983145983139983137983156983145983151983150
983145983141 983123983145983143983150983137983156983157983154983141 983120983113983118 983118983151 983107983126983117
983119983142983142983148983145983150983141 983108983137983156983137 983105983157983156983144983141983150983156983145983139983137983156983145983151983150983123983156983137983156983145983139 983108983137983156983137 983105983157983156983144983141983150983156983145983139983137983156983145983151983150 (983155983137983149983141 983147983141983161) 983108983161983150983137983149983145983139 983108983137983156983137 983105983157983156983144983141983150983156983145983139983137983156983145983151983150 (983150983141983159 983115983141983161 983141983137983139983144 983156983145983149983141)
983105983152983152983148983145983139983137983156983145983151983150 983123983141983148983141983139983156983145983151983150 983078 983122983141983137983140983145983150983143983108983141983156983141983154983149983145983150983141 983159983144983145983139983144 983137983152983152983148983145983139983137983156983145983151983150 983159983145983148983148 983138983141 983157983155983141983140 (983126983145983155983137
983117983137983155983156983141983154983107983137983154983140) 983122983141983137983140 983137983152983152983148983145983139983137983156983145983151983150 983140983137983156983137
983124983141983154983149983145983150983137983148
983126983141983154983145983142983145983139983137983156983145983151983150
983154983141983155983157983148983156983155
copy COPYRIGHT ndashPARKING amp TRAFFIC CONSULTANTS
How it Works (continued)
983119983150983148983145983150983141 983120983154983151983139983141983155983155983145983150983143 (983145983142 983154983141983153983157983145983154983141983140)
(983107983137983154983140 983113983155983155983157983141983154 983149983137983161 983159983137983150983156 983156983151 983155983141983150983140
983157983152983140983137983156983141983155 983156983151 983156983144983141 983139983137983154983140 983152983151983155983156
983145983155983155983157983137983150983139983141)
983107983151983149983152983148983141983156983145983151983150 983137983150983140 983123983139983154983145983152983156
983120983154983151983139983141983155983155983145983150983143 (983157983152983140983137983156983141983155 983137983154983141
983137983152983152983148983145983141983140)
983124983154983137983150983155983137983139983156983145983151983150 983145983155 983139983151983149983152983148983141983156983141983140
983137983155 983105983152983152983154983151983158983141983140 983151983154 983108983141983139983148983145983150983141983140
copy COPYRIGHT ndash PARKING amp TRAFFIC CONSULTANTS
Key Terms
bull CAT UPT - Cardholder Activated TerminalUnattended Payment Terminal
bull UnattendedUnattendedUnattendedUnattended
bull Card not presentCard not presentCard not presentCard not present
bull PAN ndashPr imary Account Number
bull No CVMNo CVMNo CVMNo CVM ndashndashndashndash No Customer Verification MethodNo Customer Verification MethodNo Customer Verification MethodNo Customer Verification Method
bull EMV level 1EMV level 1EMV level 1EMV level 1
bull EMV level 2EMV level 2EMV level 2EMV level 2
bull 2 key triple des encryption2 key triple des encryption2 key triple des encryption2 key triple des encryption---- K1 = K2 K1=K3 Data Encryption standard
bull Cryptograms ndash AAC TC ARQC ARPC
bull Digital Signaturebull PCI-DSS
bull PA-DSS
bull PCIPCIPCIPCI ndashndashndashndash PTS (31)PTS (31)PTS (31)PTS (31)
bull Chip amp PIN
bull RSA Public Key Cryptography
copy COPYRIGHT ndashPARKING amp TRAFFIC CONSULTANTS
Liability Shift
The Liability ShiftThe Liability ShiftThe Liability ShiftThe Liability Shift applies to the party (IssuerAcquirer) for all losses related tofraud incurred by card payment transactions that are non-EMV compliant
Eg Mastercard ldquoAn acquirer operating a magstripe-only terminal will be liablefor any counterfeit fraud that is conducted at that terminal using acounterfeit card that was originally issued with a chip The principle is thatthe fraud would have been prevented if the terminal had been chip-capablerdquo
Possible Eg Floor limits A terminal has a floor limit set to $20 Yet decides to goonline for a $19 transaction despite the card having an offline limit of $10
ndash Floor limits Lost amp Stolen cards Counterfeit cards OnlineofflineInsufficient funds (offline restrictions applied to each card to reduce
this) $100 (greater or lesser than)
bull The liability parameters must be verified by your AcquirerThe liability parameters must be verified by your AcquirerThe liability parameters must be verified by your AcquirerThe liability parameters must be verified by your Acquirer
Mastercardndash An introduction to chip
copy COPYRIGHT ndash PARKING amp TRAFFIC CONSULTANTS
Liability Shift
bull The Liability shift is already in place ndash We are just waiting on deadlines
until the penalties start applying
bull PenaltiesPER TRANSACTION PER TERMINAL
bull Whatrsquos in it for the card schemes
bull Whatrsquos in it for the merchant
copy COPYRIGHT ndashPARKING amp TRAFFIC CONSULTANTS
SimpleIsnrsquot It
8122019 Emv Presentation
httpslidepdfcomreaderfullemv-presentation 48
1242011
4
The Complex Dialogue that is EMV amp PCI
PCI ndashDSS
bull PCI security standards are technical and operational requirements set by thePCI Security Standards Council (PCI SSC ) to protect cardholder data The
standards apply to all entities that store process or tran smit cardholder datandash with guidance for software developers and manufacturers of applicationsand devices used in those transactions
Source PCI Security Standards Council
PCI -Terms
bull The PCI DSSThe PCI DSSThe PCI DSSThe PCI DSS applies to all entities that store process andor transmitcardholder data It covers technical and operational system componentsincluded in or connected to cardholder data If you are a merchant who
accepts or processes payment cards you must comply with the PCI DSS (theorganisation)
bull The PAThe PAThe PAThe PA----DSSDSSDSSDSS is for software developers and integrators of paymentapplications that store process or transmit cardholder data as part ofauthorization or settlement when these applications are sold distributed orlicensed to third parties
bull The PCI PTSThe PCI PTSThe PCI PTSThe PCI PTS (formerly PCI P ED) is a set of security r equirements focused oncharacteristics and management of devices used in the protection ofcardholder PINs and other payment processing related activities Therequirements are for manufacturers to follow in the design manufactureand transport of a device to the entity that implements it Most r elevant is
the new standard ndash PCI-PTS (31) for payment terminals with no PIN entry(October 2011)
PTS= PIN Transaction Security
Source PCI Security Standards Council
PCI and EMV
bull However EMV by itself does not protect the confidentiality of or inappropriate accessHowever EMV by itself does not protect the confidentiality of or inappropriate accessHowever EMV by itself does not protect the confidentiality of or inappropriate accessHowever EMV by itself does not protect the confidentiality of or inappropriate accessto sensitive cardholder datato sensitive cardholder datato sensitive cardholder datato sensitive cardholder data Current EMV acceptance and processing environments
may process both EMV and non-EMV transactions (such as magnetic stripe or primaryaccount numbers (PAN) These non-EMV transactions do not have the same fraud-reduction capabilities of EMV transactions and consequently require additional
protection
bull In addition it is important to note that in EMV environments the PAN is not kept
confidential at any point in the transaction indeed it is necessary for the PAN to beprocessed by the point-of-sale terminal in the clear in order to complete critical stepsin the EMV transaction process The expiry date and other c ardholder data are also
transmitted in clear-text
bull The potential for these transaction types andor data elements to be exposed and
used fraudulently within both the face-to-face channel and the card-not-present
channel are the reasons why it is necessary to implement PCI DSS in todayrsquos EMVacceptance environment(s)
bull By design PCI DSS does not distinguish between underlying transaction securitymechanisms but instead seeks to protect the PAN and other sensitive authentication
data Both PCI and EMV are essential elements in the fight against fraud and dataexposure Together they provide the greatest level of security for cardholder datathroughout the entire transaction process
Source PCI Security Standards Council
Deadlines
VISA timeline
bull All new unattended payment terminals must be EMV from April 2012
bull All existing unattended transactions must change over to EMV by January
2014
MasterCard Timeline
bull All Unattended payment terminals must be EMV by April 2013
What if your bank is not ready to process EMV transactions in time forVisa mandate April 2012
What if the Merchant is not ready
bull Do you have budget deadlines that need to be submitted for 2012 ndash 2013
bull Need to get estimates for credit card upgrades including full scope of works
copy COPYRIGHT ndashPARKING amp TRAFFIC CONSULTANTS
Upgrades of current equipment
Off street
bull New EMV card readers installed (separate to a coding unit)
bull No PIN - Good News
On-street
bull New card readers
bull New CPU
bull New software
Other Changes
bull Gateway configuration
Only the equipment provider can provide a definitive answer
copy COPYRIGHT ndash PARKING amp TRAFFIC CONSULTANTS
8122019 Emv Presentation
httpslidepdfcomreaderfullemv-presentation 58
1242011
5
EMV Terminals ndash local options
All in one card reader ndash Level 1 amp 2
eg Hypercom
Open architecture solution ndash level 1
eg Magtek I-65
What is the difference and does it really matter
bull Answer speak to your bank Check for PCI Certification
copy COPYRIGHT ndashPARKING amp TRAFFIC CONSULTANTS
Key issues
bull Parking Equipment Upgrade Costs
bull What are the penalties for non-compliancebull Does the bank have a say in regards to the merchants choice of
equipment supplier
bull In light of the announcements recently from Visa and MC if amerchant has recently bought equipment that is not EMV enabled ndashbut the upgrade costs are high ndash what can they do
bull What are the equipment providers obliged to sell in the currentenvironment
bull For all new equipment ndash if it is ldquoEMV compliantrdquo but not ldquoEMV
enabledrdquo then what is involved in complete the process Is there anyadditional costs to the customer
bull Contactlesswhen is it going to roll out
copy COPYRIGHT ndash PARKING amp TRAFFIC CONSULTANTS
What is the business case for Shifting to EMV
Considerations
bull What is the true value of the liability shift
bull What is the real financial incentive
bull Capital upgrades ndash cost
bull Risk management factors (reduced fraud)
bull Compliance to current standards
bull Future proof
bull How old is the current equipment
copy COPYRIGHT ndashPARKING amp TRAFFIC CONSULTANTS
Stakeholder Collaboration ampConsultation
bull Suppliers to work with Third Party Certifiers + Banks + Acquirers
bull Merchants to determine what PCI obligations they may have
bull Gateway providers to assist as required
bull Organisations (eg Witham Labs) are available to assist with PCIcompliance
bull Acquirers must demonstrate leadership and direction
copy COPYRIGHT ndash PARKING amp TRAFFIC CONSULTANTS
ImplementationWhat are the responsibilities for each
stakeholder in regards to the roll out ofEMV
Stakeholders
1 COUNCILS amp CAR PARK OWNERS (THE MERCHANT)
2 BANKS (THE ACQUIRER)
3 PARKING EQUIPMENT PROVIDERS (SUPPLIERS)
4 GATEWAY PROVIDERS
copy COPYRIGHT ndash PARKING amp TRAFFIC CONSULTANTS
8122019 Emv Presentation
httpslidepdfcomreaderfullemv-presentation 68
1242011
6
The Merchant
bull Councils
bull Car park operators
bull Car park owners and managers
bull Universities
bull Hospitals
copy COPYRIGHT ndashPARKING amp TRAFFIC CONSULTANTS
The MerchantWho can you trust for the best advice
bull Your team ndash internal stakeholders
bull Must be your preferred bank
bull Get technical advice
bull Ensure they are ldquopart of the t eamrdquo
copy COPYRIGHT ndash PARKING amp TRAFFIC CONSULTANTS
Your bank ndash how they can help
bull Provide written advice regarding the changes to unattended transactions
ndash Timeframes
ndash Fines
ndash Liability shifts
bull How does this apply to transactions above and below $100
bull In what way does it include lost stolen and counterfeit cards
ndash Technical direction
bull Provide advice on PCI and EMV standards
bull Review current credit card payment solutions
bull Assist with the assessment of future upgrades and capital purchases ( canyou get them to sit on the panel)
bull Project manage the EMV certification process with the gateway providerssuppliers and independent certification agencies (eg Witham Labs andFIME)
copy COPYRIGHT ndashPARKING amp TRAFFIC CONSULTANTS
The Supplier
bull Understand EMV technical requirements
bull Develop a technical roadmap that includes contactless
bull Organise gateway partners and major banks
bull Develop or acquire EMV terminal hardware + software
bull Futureproof to include Contactless
copy COPYRIGHT ndash PARKING amp TRAFFIC CONSULTANTS
EMV Certification Process
983107983141983154983156983145983142983161983145983150983143983137983143983141983150983139983161
(983141983143 983110983113983117983109)
983124983144983141
983106983137983150983147
983124983144983141
983111983137983156983141983159983137983161
983152983154983151983158983145983140983141983154
983124983144983141
983123983157983152983152983148983145983141983154
983123983157983152983152983148983145983141983154 983140983141983158983141983148983151983152983155 983156983141983139983144983150983145983139983137983148
983152983154983151983140983157983139983156
983123983157983152983152983148983145983141983154 983149983137983150983137983143983141983155 983109983117983126
983139983141983154983156983145983142983145983139983137983156983145983151983150 983137983150983140 983120983107983113 983142983151983154
983137983152983152983148983145983139983137983138983148983141 983152983137983161983149983141983150983156 983155983151983148983157983156983145983151983150983155
983123983157983152983152983148983145983141983154 991251 983143983137983156983141983159983137983161 983152983154983151983158983145983140983141983154 991251
983105983139983153983157983145983154983145983150983143 983138983137983150983147 983141983155983156983137983138983148983145983155983144983141983155 983137
983159983151983154983147983145983150983143 983143983154983151983157983152
983109983117983126 983156983141983155983156983145983150983143 983139983151983149983149983141983150983139983141983155 991251
983140983137983156983137 983148983151983143983155 983137983154983141 983139983154983141983137983156983141983140
983105983148983148 983140983137983156983137 983137983150983140 983148983151983143983155 983137983154983141
983155983157983138983149983145983156983156983141983140 983156983151 983137983150 983109983117983126
983139983141983154983156983145983142983161983145983150983143 983138983151983140983161 983142983151983154 983158983141983154983145983142983145983139983137983156983145983151983150
983107983137983154983140 983123983139983144983141983149983141 983145983155983155983157983141983155 983148983141983156983156983141983154 983151983142
983137983152983152983154983151983158983137983148
copy COPYRIGHT ndashPARKING amp TRAFFIC CONSULTANTS
Put IT in writing
bull EMV status of current equipment
ndash Are the reader EMV level 1 compliant at least
bull What is the end-to-end upgrade to EMV
ndash What will it cost
ndash When will it be ready
ndash Which banks and gateway providers is this compatible with
bull Overseas EMV certification (eg Europe) next steps
ndash Local gateway and banking partners (SPECIFIC DATA FIELDS MUST BEACCOMODATED BY THE BANK)
ndash Local testing for MasterCard and Visa
ndash Letters of Approval for local solutions
ndash Relevant PCI compliance
copy COPYRIGHT ndash PARKING amp TRAFFIC CONSULTANTS
8122019 Emv Presentation
httpslidepdfcomreaderfullemv-presentation 78
1242011
7
Gateway Providers
bull There are a variety of gateway providers that have varying depths ofplatforms They are the link between the merchant and the acquirer
bull The banks do not have the capacity to develop a new in terface every time anew merchant comes along with a new device OR there are new bankingrequirements that affect interface architecture
bull The gateway provider becomes a partner to the bank in that they take onboard the banking mandates on their behalf
Key Roles
1 ndash An Aggregator and interface provider that develops the technology tofacilitate merchant transactions
2 ndash And when required ndash educate merchants
bull The gateway provider may decide to become involved in technology and
develop a plug and play terminal for the unattended (or attended) market
copy COPYRIGHT ndashPARKING amp TRAFFIC CONSULTANTS
The Acquirer (The Bank)
bull Likely to NOT be EMV ready for unattended transactions
bull Currently handling EMV for ATTENDED transactionshoweverbull Need to update system (in some instances) to handle the extra data
elements relating to unattended transactions
bull Please do not send out the relationship manager to ldquorelayrdquo questionsand answers Get one of the technical people to be included inclient meetings
copy COPYRIGHT ndash PARKING amp TRAFFIC CONSULTANTS
The Merchant (Part 2) ndash Dorsquos and Donts
bull Establish a working groupworking groupworking groupworking group that includes internal staff (operations financecontracts etc) plus representatives from the bank
bull DO NOT GET INTO THE BUSINESS OF STORING CREDIT CARD DATA ndashou tsourcethis to your providers
bull Ensure you have contracts in place to cover parking equipment maintenancebanking gateway processes These contracts must stipulatebull PCI certification is current and relevant to the applications being used and
covers the process end-to-endbull Relevant technology has EMV certification (Levels 1 amp 2)bull Card Scheme approval of the solutionbull Liability shifts are clearbull Upgrade costs are well definedbull No increases in merchant fees
bull Any current EMV architecture is relevant and will contribute to a futureupgrade
bull Back of office management systems and reporting will continue withminimal disruption to transaction history Credit Card History can be trackedon back office systems (with the permission of the card holder only)
bull YOU MUST WORK WITH YOUR BANK AS THE PRIMARY PARTNER IN THE PROCESSTHEY MUST UNDERSTAND THE ENTIRE SITUATION ON A TECHNICAL AND RISKMANAGEMENT LEVEL
copy COPYRIGHT ndashPARKING amp TRAFFIC CONSULTANTS
Budget Implications
bull Forecasting cost to upgrade in 2012 ndash 2013
bull Local Councils ndash procurement guidelines and ldquoexceptional circumstancesrdquo
bull Do your current contracts with your suppliers cover EM V retrofitting andmaintenance
copy COPYRIGHT ndash PARKING amp TRAFFIC CONSULTANTS
Conclusion
bull EMV solutions must be ldquoend to endrdquo for it work EM V ldquocompliantrdquo solutionsdo not necessarily stack up
bull Unattended ndash No CVM ndash No PIN ndash Online (Floor limit = 0)
bull The Acquirer is ultimately responsible for verifying the EMV and P CIcompliance for the merchants facilities Merchant cannot be expected toknow if a transaction is EMV or not and is securely transmitted
bull Acquirers must assist with project management of the EMV certificationprocess
bull Any claims made by suppliers must be put in writing with technicaldiagrams and specifications and verified by the bank
bull Your bank is expected to have a clear vision and roadmap for EMV andcontactless in the unattended space ndashincluding liability rules fines and
technical aspects of EMV for both MasterCard and Visa
bull A Working group is essential to ensure a united position on various issuesand that the journey is a lot smoother
bull The merchant (Council car park owners) must be given a chance to upgrade
their current facilities with sufficient time to allow for budgetingprocurement and implementation
copy COPYRIGHT ndashPARKING amp TRAFFIC CONSULTANTS
Contactless ndash how does it fit into the
picturebull AMEX ndash latest developments ndash commence rolling out chip cards
before XMAS
bull Mag stripe for HOW LONG Currently used as a fall back
bull Contact ndashTHEN ndash Contactless How and EMV solution easily bridgesthe gap to introduce contactless
bull Benefits of contactless Transit systems ndash reduce read errors andmaintenance Near Field communication Faster transactions
copy COPYRIGHT ndash PARKING amp TRAFFIC CONSULTANTS
8122019 Emv Presentation
httpslidepdfcomreaderfullemv-presentation 88
1242011
8
Next Steps
bull Other options in the meantime
ndash Pay by phone ndash Coin only For some meters with low revenue
bull Expected increases in ldquoCard not presentrdquo fraud due to EMV
bull Develop a consistent message on what
ndash Parking Association role PAA steering g roup
Regular updates on changes to PCI and EMV for unattended
ndash Councils to work together
copy COPYRIGHT ndashPARKING amp TRAFFIC CONSULTANTS
for more informationvisit us at parkingconsultantscomparkingconsultantscomparkingconsultantscomparkingconsultantscom
subscribe to
for the latest in parking industry
news
copy COPYRIGHT ndash PARKING amp TRAFFIC CONSULTANTS
8122019 Emv Presentation
httpslidepdfcomreaderfullemv-presentation 28
1242011
2
What is EMV
bull EMVreg is a global standard for credit and debit payment cards based on chip cardtechnology As of end-2010 there were more than 124 billion EMV compliantchip-based payment cards in use worldwide
EMV chip-based payment cards also known as smart cards contain an
embedded microprocessor a type of small computer The microprocessor chipcontains the information needed to use the card for payment and is protectedby various security features Chip cards are a more secure alternative totraditional magnetic stripe payment cards
bull EMVCo manages maintains and enhances the EMVreg Integrated Circuit CardSpecifications for chip-based payment cards and acceptance devices includingpoint of sale (POS) terminals and ATMs EMVCo also establishes and administers
testing and approval processes to evaluate compliance with the EMVSpecifications
Source -EMVCo
Key advantages of EMV
bull More secure than encoded magnetic stripe
bull A unique digital signature of each new transaction is produced in thechip proving authenticity in an offline mode and prevents use offraudulent cards
bull Can be used to secure online transactions through cryptograms
bull Supports enhanced cardholder verification methods
bull Configuration of the card can be changed AFTER it has been issued
bull Contactless (Tap amp Go) ndashupgradeable
bull Offline transactions
copy COPYRIGHT ndash PARKING amp TRAFFIC CONSULTANTS
We have a General Direction ndash But noreal ldquoDirectiverdquo
Proliferation of EMV POS terminals for attended ndash
yet little progress for unattended
copy COPYRIGHT ndashPARKING amp TRAFFIC CONSULTANTS
EMV ImplementationEMV ImplementationEMV ImplementationEMV Implementation
ProgramProgramProgramProgram
EMV ImplementationEMV ImplementationEMV ImplementationEMV Implementation
ProgramProgramProgramProgram
The AcquirerThe AcquirerThe AcquirerThe Acquirer(your Bank)(your Bank)(your Bank)(your Bank)
The equipmentThe equipmentThe equipmentThe equipment
manufacturermanufacturermanufacturermanufacturerCard ReaderCard ReaderCard ReaderCard Reader
manufacturermanufacturermanufacturermanufacturer
Card Issuers (VisaCard Issuers (VisaCard Issuers (VisaCard Issuers (VisaMasterCard AMEX)MasterCard AMEX)MasterCard AMEX)MasterCard AMEX)
The MerchantThe MerchantThe MerchantThe Merchant
(Councils Car park(Councils Car park(Councils Car park(Councils Car park
owners)owners)owners)owners)
The GatewayThe GatewayThe GatewayThe GatewayProvider(s)Provider(s)Provider(s)Provider(s)
Key stakeholders ndash No one entity has ALL theknowledge It is an informal consortium ofspecialist experts
The ParkingThe ParkingThe ParkingThe Parkingequipment providerequipment providerequipment providerequipment provider
Governing bodiesGoverning bodiesGoverning bodiesGoverning bodies
EMV CO PCI SecurityEMV CO PCI SecurityEMV CO PCI SecurityEMV CO PCI SecurityStandards CouncilStandards CouncilStandards CouncilStandards Council
copy COPYRIGHT ndash PARKING amp TRAFFIC CONSULTANTS
EMV - An Overview
983107983137983154983140 983124983141983154983149983145983150983137983148983107983137983154983140 983124983141983154983149983145983150983137983148
The EMV Credit Card
bull EMV ldquoSMART CARDrdquo is personalised by the card issuer and certifyingauthority
bull Superior levels of security is achieved by employing Public KeyCryptography
ndash Asymmetric rather than ldquosharedrdquo
983109983117983126 983116983141983158983141983148 2
983107983141983154983156983145983142983145983141983140
983123983151983142983156983159983137983154983141 983115983141983154983150983141983148
983109983117983126 983116983141983158983141983148 1
copy COPYRIGHT ndash PARKING amp TRAFFIC CONSULTANTS
8122019 Emv Presentation
httpslidepdfcomreaderfullemv-presentation 38
1242011
3
How it works ndash (summarised)
983107983137983154983140 983105983139983156983145983151983150 983105983150983137983148983161983155983145983155983124983154983137983150983155983137983139983156983145983151983150 983139983141983154983156983145983142983145983139983137983156983141 (983124983107)991252983119983142983142983148983145983150983141
983137983152983152983154983151983158983137983148983105983157983156983144983151983154983145983162983137983156983145983151983150 983122983141983153983157983141983155983156983107983154983161983152983156983151983143983154983137983149
(983105983122983121983107)991252983119983150983148983145983150983141 983137983157983156983144983151983154983145983162983137983156983145983151983150983105983152983152983148983145983139983137983156983145983151983150 983105983157983156983144983141983150983156983145983139983137983156983145983151983150983107983154983161983152983156983151983143983154983137983149
(983105983105983107)991252983119983142983142983148983145983150983141 983140983141983139983148983145983150983141
983124983141983154983149983145983150983137983148 983105983139983156983145983151983150 983137983150983137983148983161983155983145983155
983124983141983154983149983145983150983137983148 983140983141983139983145983140983141983155 983151983150 983159983144983137983156 983145983156 983145983155 983143983151983145983150983143 983156983151 983137983155983147 983156983144983141 983139983137983154983140
983124983141983154983149983145983150983137983148 983122983145983155983147 983105983155983155983141983155983155983149983141983150983156 983080983119983152983156983145983151983150983137983148983081
983141983143 983110983148983151983151983154 983148983145983149983145983156983155
983107983137983154983140 983112983151983148983140983141983154 983126983141983154983145983142983145983139983137983156983145983151983150
983145983141 983123983145983143983150983137983156983157983154983141 983120983113983118 983118983151 983107983126983117
983119983142983142983148983145983150983141 983108983137983156983137 983105983157983156983144983141983150983156983145983139983137983156983145983151983150983123983156983137983156983145983139 983108983137983156983137 983105983157983156983144983141983150983156983145983139983137983156983145983151983150 (983155983137983149983141 983147983141983161) 983108983161983150983137983149983145983139 983108983137983156983137 983105983157983156983144983141983150983156983145983139983137983156983145983151983150 (983150983141983159 983115983141983161 983141983137983139983144 983156983145983149983141)
983105983152983152983148983145983139983137983156983145983151983150 983123983141983148983141983139983156983145983151983150 983078 983122983141983137983140983145983150983143983108983141983156983141983154983149983145983150983141 983159983144983145983139983144 983137983152983152983148983145983139983137983156983145983151983150 983159983145983148983148 983138983141 983157983155983141983140 (983126983145983155983137
983117983137983155983156983141983154983107983137983154983140) 983122983141983137983140 983137983152983152983148983145983139983137983156983145983151983150 983140983137983156983137
983124983141983154983149983145983150983137983148
983126983141983154983145983142983145983139983137983156983145983151983150
983154983141983155983157983148983156983155
copy COPYRIGHT ndashPARKING amp TRAFFIC CONSULTANTS
How it Works (continued)
983119983150983148983145983150983141 983120983154983151983139983141983155983155983145983150983143 (983145983142 983154983141983153983157983145983154983141983140)
(983107983137983154983140 983113983155983155983157983141983154 983149983137983161 983159983137983150983156 983156983151 983155983141983150983140
983157983152983140983137983156983141983155 983156983151 983156983144983141 983139983137983154983140 983152983151983155983156
983145983155983155983157983137983150983139983141)
983107983151983149983152983148983141983156983145983151983150 983137983150983140 983123983139983154983145983152983156
983120983154983151983139983141983155983155983145983150983143 (983157983152983140983137983156983141983155 983137983154983141
983137983152983152983148983145983141983140)
983124983154983137983150983155983137983139983156983145983151983150 983145983155 983139983151983149983152983148983141983156983141983140
983137983155 983105983152983152983154983151983158983141983140 983151983154 983108983141983139983148983145983150983141983140
copy COPYRIGHT ndash PARKING amp TRAFFIC CONSULTANTS
Key Terms
bull CAT UPT - Cardholder Activated TerminalUnattended Payment Terminal
bull UnattendedUnattendedUnattendedUnattended
bull Card not presentCard not presentCard not presentCard not present
bull PAN ndashPr imary Account Number
bull No CVMNo CVMNo CVMNo CVM ndashndashndashndash No Customer Verification MethodNo Customer Verification MethodNo Customer Verification MethodNo Customer Verification Method
bull EMV level 1EMV level 1EMV level 1EMV level 1
bull EMV level 2EMV level 2EMV level 2EMV level 2
bull 2 key triple des encryption2 key triple des encryption2 key triple des encryption2 key triple des encryption---- K1 = K2 K1=K3 Data Encryption standard
bull Cryptograms ndash AAC TC ARQC ARPC
bull Digital Signaturebull PCI-DSS
bull PA-DSS
bull PCIPCIPCIPCI ndashndashndashndash PTS (31)PTS (31)PTS (31)PTS (31)
bull Chip amp PIN
bull RSA Public Key Cryptography
copy COPYRIGHT ndashPARKING amp TRAFFIC CONSULTANTS
Liability Shift
The Liability ShiftThe Liability ShiftThe Liability ShiftThe Liability Shift applies to the party (IssuerAcquirer) for all losses related tofraud incurred by card payment transactions that are non-EMV compliant
Eg Mastercard ldquoAn acquirer operating a magstripe-only terminal will be liablefor any counterfeit fraud that is conducted at that terminal using acounterfeit card that was originally issued with a chip The principle is thatthe fraud would have been prevented if the terminal had been chip-capablerdquo
Possible Eg Floor limits A terminal has a floor limit set to $20 Yet decides to goonline for a $19 transaction despite the card having an offline limit of $10
ndash Floor limits Lost amp Stolen cards Counterfeit cards OnlineofflineInsufficient funds (offline restrictions applied to each card to reduce
this) $100 (greater or lesser than)
bull The liability parameters must be verified by your AcquirerThe liability parameters must be verified by your AcquirerThe liability parameters must be verified by your AcquirerThe liability parameters must be verified by your Acquirer
Mastercardndash An introduction to chip
copy COPYRIGHT ndash PARKING amp TRAFFIC CONSULTANTS
Liability Shift
bull The Liability shift is already in place ndash We are just waiting on deadlines
until the penalties start applying
bull PenaltiesPER TRANSACTION PER TERMINAL
bull Whatrsquos in it for the card schemes
bull Whatrsquos in it for the merchant
copy COPYRIGHT ndashPARKING amp TRAFFIC CONSULTANTS
SimpleIsnrsquot It
8122019 Emv Presentation
httpslidepdfcomreaderfullemv-presentation 48
1242011
4
The Complex Dialogue that is EMV amp PCI
PCI ndashDSS
bull PCI security standards are technical and operational requirements set by thePCI Security Standards Council (PCI SSC ) to protect cardholder data The
standards apply to all entities that store process or tran smit cardholder datandash with guidance for software developers and manufacturers of applicationsand devices used in those transactions
Source PCI Security Standards Council
PCI -Terms
bull The PCI DSSThe PCI DSSThe PCI DSSThe PCI DSS applies to all entities that store process andor transmitcardholder data It covers technical and operational system componentsincluded in or connected to cardholder data If you are a merchant who
accepts or processes payment cards you must comply with the PCI DSS (theorganisation)
bull The PAThe PAThe PAThe PA----DSSDSSDSSDSS is for software developers and integrators of paymentapplications that store process or transmit cardholder data as part ofauthorization or settlement when these applications are sold distributed orlicensed to third parties
bull The PCI PTSThe PCI PTSThe PCI PTSThe PCI PTS (formerly PCI P ED) is a set of security r equirements focused oncharacteristics and management of devices used in the protection ofcardholder PINs and other payment processing related activities Therequirements are for manufacturers to follow in the design manufactureand transport of a device to the entity that implements it Most r elevant is
the new standard ndash PCI-PTS (31) for payment terminals with no PIN entry(October 2011)
PTS= PIN Transaction Security
Source PCI Security Standards Council
PCI and EMV
bull However EMV by itself does not protect the confidentiality of or inappropriate accessHowever EMV by itself does not protect the confidentiality of or inappropriate accessHowever EMV by itself does not protect the confidentiality of or inappropriate accessHowever EMV by itself does not protect the confidentiality of or inappropriate accessto sensitive cardholder datato sensitive cardholder datato sensitive cardholder datato sensitive cardholder data Current EMV acceptance and processing environments
may process both EMV and non-EMV transactions (such as magnetic stripe or primaryaccount numbers (PAN) These non-EMV transactions do not have the same fraud-reduction capabilities of EMV transactions and consequently require additional
protection
bull In addition it is important to note that in EMV environments the PAN is not kept
confidential at any point in the transaction indeed it is necessary for the PAN to beprocessed by the point-of-sale terminal in the clear in order to complete critical stepsin the EMV transaction process The expiry date and other c ardholder data are also
transmitted in clear-text
bull The potential for these transaction types andor data elements to be exposed and
used fraudulently within both the face-to-face channel and the card-not-present
channel are the reasons why it is necessary to implement PCI DSS in todayrsquos EMVacceptance environment(s)
bull By design PCI DSS does not distinguish between underlying transaction securitymechanisms but instead seeks to protect the PAN and other sensitive authentication
data Both PCI and EMV are essential elements in the fight against fraud and dataexposure Together they provide the greatest level of security for cardholder datathroughout the entire transaction process
Source PCI Security Standards Council
Deadlines
VISA timeline
bull All new unattended payment terminals must be EMV from April 2012
bull All existing unattended transactions must change over to EMV by January
2014
MasterCard Timeline
bull All Unattended payment terminals must be EMV by April 2013
What if your bank is not ready to process EMV transactions in time forVisa mandate April 2012
What if the Merchant is not ready
bull Do you have budget deadlines that need to be submitted for 2012 ndash 2013
bull Need to get estimates for credit card upgrades including full scope of works
copy COPYRIGHT ndashPARKING amp TRAFFIC CONSULTANTS
Upgrades of current equipment
Off street
bull New EMV card readers installed (separate to a coding unit)
bull No PIN - Good News
On-street
bull New card readers
bull New CPU
bull New software
Other Changes
bull Gateway configuration
Only the equipment provider can provide a definitive answer
copy COPYRIGHT ndash PARKING amp TRAFFIC CONSULTANTS
8122019 Emv Presentation
httpslidepdfcomreaderfullemv-presentation 58
1242011
5
EMV Terminals ndash local options
All in one card reader ndash Level 1 amp 2
eg Hypercom
Open architecture solution ndash level 1
eg Magtek I-65
What is the difference and does it really matter
bull Answer speak to your bank Check for PCI Certification
copy COPYRIGHT ndashPARKING amp TRAFFIC CONSULTANTS
Key issues
bull Parking Equipment Upgrade Costs
bull What are the penalties for non-compliancebull Does the bank have a say in regards to the merchants choice of
equipment supplier
bull In light of the announcements recently from Visa and MC if amerchant has recently bought equipment that is not EMV enabled ndashbut the upgrade costs are high ndash what can they do
bull What are the equipment providers obliged to sell in the currentenvironment
bull For all new equipment ndash if it is ldquoEMV compliantrdquo but not ldquoEMV
enabledrdquo then what is involved in complete the process Is there anyadditional costs to the customer
bull Contactlesswhen is it going to roll out
copy COPYRIGHT ndash PARKING amp TRAFFIC CONSULTANTS
What is the business case for Shifting to EMV
Considerations
bull What is the true value of the liability shift
bull What is the real financial incentive
bull Capital upgrades ndash cost
bull Risk management factors (reduced fraud)
bull Compliance to current standards
bull Future proof
bull How old is the current equipment
copy COPYRIGHT ndashPARKING amp TRAFFIC CONSULTANTS
Stakeholder Collaboration ampConsultation
bull Suppliers to work with Third Party Certifiers + Banks + Acquirers
bull Merchants to determine what PCI obligations they may have
bull Gateway providers to assist as required
bull Organisations (eg Witham Labs) are available to assist with PCIcompliance
bull Acquirers must demonstrate leadership and direction
copy COPYRIGHT ndash PARKING amp TRAFFIC CONSULTANTS
ImplementationWhat are the responsibilities for each
stakeholder in regards to the roll out ofEMV
Stakeholders
1 COUNCILS amp CAR PARK OWNERS (THE MERCHANT)
2 BANKS (THE ACQUIRER)
3 PARKING EQUIPMENT PROVIDERS (SUPPLIERS)
4 GATEWAY PROVIDERS
copy COPYRIGHT ndash PARKING amp TRAFFIC CONSULTANTS
8122019 Emv Presentation
httpslidepdfcomreaderfullemv-presentation 68
1242011
6
The Merchant
bull Councils
bull Car park operators
bull Car park owners and managers
bull Universities
bull Hospitals
copy COPYRIGHT ndashPARKING amp TRAFFIC CONSULTANTS
The MerchantWho can you trust for the best advice
bull Your team ndash internal stakeholders
bull Must be your preferred bank
bull Get technical advice
bull Ensure they are ldquopart of the t eamrdquo
copy COPYRIGHT ndash PARKING amp TRAFFIC CONSULTANTS
Your bank ndash how they can help
bull Provide written advice regarding the changes to unattended transactions
ndash Timeframes
ndash Fines
ndash Liability shifts
bull How does this apply to transactions above and below $100
bull In what way does it include lost stolen and counterfeit cards
ndash Technical direction
bull Provide advice on PCI and EMV standards
bull Review current credit card payment solutions
bull Assist with the assessment of future upgrades and capital purchases ( canyou get them to sit on the panel)
bull Project manage the EMV certification process with the gateway providerssuppliers and independent certification agencies (eg Witham Labs andFIME)
copy COPYRIGHT ndashPARKING amp TRAFFIC CONSULTANTS
The Supplier
bull Understand EMV technical requirements
bull Develop a technical roadmap that includes contactless
bull Organise gateway partners and major banks
bull Develop or acquire EMV terminal hardware + software
bull Futureproof to include Contactless
copy COPYRIGHT ndash PARKING amp TRAFFIC CONSULTANTS
EMV Certification Process
983107983141983154983156983145983142983161983145983150983143983137983143983141983150983139983161
(983141983143 983110983113983117983109)
983124983144983141
983106983137983150983147
983124983144983141
983111983137983156983141983159983137983161
983152983154983151983158983145983140983141983154
983124983144983141
983123983157983152983152983148983145983141983154
983123983157983152983152983148983145983141983154 983140983141983158983141983148983151983152983155 983156983141983139983144983150983145983139983137983148
983152983154983151983140983157983139983156
983123983157983152983152983148983145983141983154 983149983137983150983137983143983141983155 983109983117983126
983139983141983154983156983145983142983145983139983137983156983145983151983150 983137983150983140 983120983107983113 983142983151983154
983137983152983152983148983145983139983137983138983148983141 983152983137983161983149983141983150983156 983155983151983148983157983156983145983151983150983155
983123983157983152983152983148983145983141983154 991251 983143983137983156983141983159983137983161 983152983154983151983158983145983140983141983154 991251
983105983139983153983157983145983154983145983150983143 983138983137983150983147 983141983155983156983137983138983148983145983155983144983141983155 983137
983159983151983154983147983145983150983143 983143983154983151983157983152
983109983117983126 983156983141983155983156983145983150983143 983139983151983149983149983141983150983139983141983155 991251
983140983137983156983137 983148983151983143983155 983137983154983141 983139983154983141983137983156983141983140
983105983148983148 983140983137983156983137 983137983150983140 983148983151983143983155 983137983154983141
983155983157983138983149983145983156983156983141983140 983156983151 983137983150 983109983117983126
983139983141983154983156983145983142983161983145983150983143 983138983151983140983161 983142983151983154 983158983141983154983145983142983145983139983137983156983145983151983150
983107983137983154983140 983123983139983144983141983149983141 983145983155983155983157983141983155 983148983141983156983156983141983154 983151983142
983137983152983152983154983151983158983137983148
copy COPYRIGHT ndashPARKING amp TRAFFIC CONSULTANTS
Put IT in writing
bull EMV status of current equipment
ndash Are the reader EMV level 1 compliant at least
bull What is the end-to-end upgrade to EMV
ndash What will it cost
ndash When will it be ready
ndash Which banks and gateway providers is this compatible with
bull Overseas EMV certification (eg Europe) next steps
ndash Local gateway and banking partners (SPECIFIC DATA FIELDS MUST BEACCOMODATED BY THE BANK)
ndash Local testing for MasterCard and Visa
ndash Letters of Approval for local solutions
ndash Relevant PCI compliance
copy COPYRIGHT ndash PARKING amp TRAFFIC CONSULTANTS
8122019 Emv Presentation
httpslidepdfcomreaderfullemv-presentation 78
1242011
7
Gateway Providers
bull There are a variety of gateway providers that have varying depths ofplatforms They are the link between the merchant and the acquirer
bull The banks do not have the capacity to develop a new in terface every time anew merchant comes along with a new device OR there are new bankingrequirements that affect interface architecture
bull The gateway provider becomes a partner to the bank in that they take onboard the banking mandates on their behalf
Key Roles
1 ndash An Aggregator and interface provider that develops the technology tofacilitate merchant transactions
2 ndash And when required ndash educate merchants
bull The gateway provider may decide to become involved in technology and
develop a plug and play terminal for the unattended (or attended) market
copy COPYRIGHT ndashPARKING amp TRAFFIC CONSULTANTS
The Acquirer (The Bank)
bull Likely to NOT be EMV ready for unattended transactions
bull Currently handling EMV for ATTENDED transactionshoweverbull Need to update system (in some instances) to handle the extra data
elements relating to unattended transactions
bull Please do not send out the relationship manager to ldquorelayrdquo questionsand answers Get one of the technical people to be included inclient meetings
copy COPYRIGHT ndash PARKING amp TRAFFIC CONSULTANTS
The Merchant (Part 2) ndash Dorsquos and Donts
bull Establish a working groupworking groupworking groupworking group that includes internal staff (operations financecontracts etc) plus representatives from the bank
bull DO NOT GET INTO THE BUSINESS OF STORING CREDIT CARD DATA ndashou tsourcethis to your providers
bull Ensure you have contracts in place to cover parking equipment maintenancebanking gateway processes These contracts must stipulatebull PCI certification is current and relevant to the applications being used and
covers the process end-to-endbull Relevant technology has EMV certification (Levels 1 amp 2)bull Card Scheme approval of the solutionbull Liability shifts are clearbull Upgrade costs are well definedbull No increases in merchant fees
bull Any current EMV architecture is relevant and will contribute to a futureupgrade
bull Back of office management systems and reporting will continue withminimal disruption to transaction history Credit Card History can be trackedon back office systems (with the permission of the card holder only)
bull YOU MUST WORK WITH YOUR BANK AS THE PRIMARY PARTNER IN THE PROCESSTHEY MUST UNDERSTAND THE ENTIRE SITUATION ON A TECHNICAL AND RISKMANAGEMENT LEVEL
copy COPYRIGHT ndashPARKING amp TRAFFIC CONSULTANTS
Budget Implications
bull Forecasting cost to upgrade in 2012 ndash 2013
bull Local Councils ndash procurement guidelines and ldquoexceptional circumstancesrdquo
bull Do your current contracts with your suppliers cover EM V retrofitting andmaintenance
copy COPYRIGHT ndash PARKING amp TRAFFIC CONSULTANTS
Conclusion
bull EMV solutions must be ldquoend to endrdquo for it work EM V ldquocompliantrdquo solutionsdo not necessarily stack up
bull Unattended ndash No CVM ndash No PIN ndash Online (Floor limit = 0)
bull The Acquirer is ultimately responsible for verifying the EMV and P CIcompliance for the merchants facilities Merchant cannot be expected toknow if a transaction is EMV or not and is securely transmitted
bull Acquirers must assist with project management of the EMV certificationprocess
bull Any claims made by suppliers must be put in writing with technicaldiagrams and specifications and verified by the bank
bull Your bank is expected to have a clear vision and roadmap for EMV andcontactless in the unattended space ndashincluding liability rules fines and
technical aspects of EMV for both MasterCard and Visa
bull A Working group is essential to ensure a united position on various issuesand that the journey is a lot smoother
bull The merchant (Council car park owners) must be given a chance to upgrade
their current facilities with sufficient time to allow for budgetingprocurement and implementation
copy COPYRIGHT ndashPARKING amp TRAFFIC CONSULTANTS
Contactless ndash how does it fit into the
picturebull AMEX ndash latest developments ndash commence rolling out chip cards
before XMAS
bull Mag stripe for HOW LONG Currently used as a fall back
bull Contact ndashTHEN ndash Contactless How and EMV solution easily bridgesthe gap to introduce contactless
bull Benefits of contactless Transit systems ndash reduce read errors andmaintenance Near Field communication Faster transactions
copy COPYRIGHT ndash PARKING amp TRAFFIC CONSULTANTS
8122019 Emv Presentation
httpslidepdfcomreaderfullemv-presentation 88
1242011
8
Next Steps
bull Other options in the meantime
ndash Pay by phone ndash Coin only For some meters with low revenue
bull Expected increases in ldquoCard not presentrdquo fraud due to EMV
bull Develop a consistent message on what
ndash Parking Association role PAA steering g roup
Regular updates on changes to PCI and EMV for unattended
ndash Councils to work together
copy COPYRIGHT ndashPARKING amp TRAFFIC CONSULTANTS
for more informationvisit us at parkingconsultantscomparkingconsultantscomparkingconsultantscomparkingconsultantscom
subscribe to
for the latest in parking industry
news
copy COPYRIGHT ndash PARKING amp TRAFFIC CONSULTANTS
8122019 Emv Presentation
httpslidepdfcomreaderfullemv-presentation 38
1242011
3
How it works ndash (summarised)
983107983137983154983140 983105983139983156983145983151983150 983105983150983137983148983161983155983145983155983124983154983137983150983155983137983139983156983145983151983150 983139983141983154983156983145983142983145983139983137983156983141 (983124983107)991252983119983142983142983148983145983150983141
983137983152983152983154983151983158983137983148983105983157983156983144983151983154983145983162983137983156983145983151983150 983122983141983153983157983141983155983156983107983154983161983152983156983151983143983154983137983149
(983105983122983121983107)991252983119983150983148983145983150983141 983137983157983156983144983151983154983145983162983137983156983145983151983150983105983152983152983148983145983139983137983156983145983151983150 983105983157983156983144983141983150983156983145983139983137983156983145983151983150983107983154983161983152983156983151983143983154983137983149
(983105983105983107)991252983119983142983142983148983145983150983141 983140983141983139983148983145983150983141
983124983141983154983149983145983150983137983148 983105983139983156983145983151983150 983137983150983137983148983161983155983145983155
983124983141983154983149983145983150983137983148 983140983141983139983145983140983141983155 983151983150 983159983144983137983156 983145983156 983145983155 983143983151983145983150983143 983156983151 983137983155983147 983156983144983141 983139983137983154983140
983124983141983154983149983145983150983137983148 983122983145983155983147 983105983155983155983141983155983155983149983141983150983156 983080983119983152983156983145983151983150983137983148983081
983141983143 983110983148983151983151983154 983148983145983149983145983156983155
983107983137983154983140 983112983151983148983140983141983154 983126983141983154983145983142983145983139983137983156983145983151983150
983145983141 983123983145983143983150983137983156983157983154983141 983120983113983118 983118983151 983107983126983117
983119983142983142983148983145983150983141 983108983137983156983137 983105983157983156983144983141983150983156983145983139983137983156983145983151983150983123983156983137983156983145983139 983108983137983156983137 983105983157983156983144983141983150983156983145983139983137983156983145983151983150 (983155983137983149983141 983147983141983161) 983108983161983150983137983149983145983139 983108983137983156983137 983105983157983156983144983141983150983156983145983139983137983156983145983151983150 (983150983141983159 983115983141983161 983141983137983139983144 983156983145983149983141)
983105983152983152983148983145983139983137983156983145983151983150 983123983141983148983141983139983156983145983151983150 983078 983122983141983137983140983145983150983143983108983141983156983141983154983149983145983150983141 983159983144983145983139983144 983137983152983152983148983145983139983137983156983145983151983150 983159983145983148983148 983138983141 983157983155983141983140 (983126983145983155983137
983117983137983155983156983141983154983107983137983154983140) 983122983141983137983140 983137983152983152983148983145983139983137983156983145983151983150 983140983137983156983137
983124983141983154983149983145983150983137983148
983126983141983154983145983142983145983139983137983156983145983151983150
983154983141983155983157983148983156983155
copy COPYRIGHT ndashPARKING amp TRAFFIC CONSULTANTS
How it Works (continued)
983119983150983148983145983150983141 983120983154983151983139983141983155983155983145983150983143 (983145983142 983154983141983153983157983145983154983141983140)
(983107983137983154983140 983113983155983155983157983141983154 983149983137983161 983159983137983150983156 983156983151 983155983141983150983140
983157983152983140983137983156983141983155 983156983151 983156983144983141 983139983137983154983140 983152983151983155983156
983145983155983155983157983137983150983139983141)
983107983151983149983152983148983141983156983145983151983150 983137983150983140 983123983139983154983145983152983156
983120983154983151983139983141983155983155983145983150983143 (983157983152983140983137983156983141983155 983137983154983141
983137983152983152983148983145983141983140)
983124983154983137983150983155983137983139983156983145983151983150 983145983155 983139983151983149983152983148983141983156983141983140
983137983155 983105983152983152983154983151983158983141983140 983151983154 983108983141983139983148983145983150983141983140
copy COPYRIGHT ndash PARKING amp TRAFFIC CONSULTANTS
Key Terms
bull CAT UPT - Cardholder Activated TerminalUnattended Payment Terminal
bull UnattendedUnattendedUnattendedUnattended
bull Card not presentCard not presentCard not presentCard not present
bull PAN ndashPr imary Account Number
bull No CVMNo CVMNo CVMNo CVM ndashndashndashndash No Customer Verification MethodNo Customer Verification MethodNo Customer Verification MethodNo Customer Verification Method
bull EMV level 1EMV level 1EMV level 1EMV level 1
bull EMV level 2EMV level 2EMV level 2EMV level 2
bull 2 key triple des encryption2 key triple des encryption2 key triple des encryption2 key triple des encryption---- K1 = K2 K1=K3 Data Encryption standard
bull Cryptograms ndash AAC TC ARQC ARPC
bull Digital Signaturebull PCI-DSS
bull PA-DSS
bull PCIPCIPCIPCI ndashndashndashndash PTS (31)PTS (31)PTS (31)PTS (31)
bull Chip amp PIN
bull RSA Public Key Cryptography
copy COPYRIGHT ndashPARKING amp TRAFFIC CONSULTANTS
Liability Shift
The Liability ShiftThe Liability ShiftThe Liability ShiftThe Liability Shift applies to the party (IssuerAcquirer) for all losses related tofraud incurred by card payment transactions that are non-EMV compliant
Eg Mastercard ldquoAn acquirer operating a magstripe-only terminal will be liablefor any counterfeit fraud that is conducted at that terminal using acounterfeit card that was originally issued with a chip The principle is thatthe fraud would have been prevented if the terminal had been chip-capablerdquo
Possible Eg Floor limits A terminal has a floor limit set to $20 Yet decides to goonline for a $19 transaction despite the card having an offline limit of $10
ndash Floor limits Lost amp Stolen cards Counterfeit cards OnlineofflineInsufficient funds (offline restrictions applied to each card to reduce
this) $100 (greater or lesser than)
bull The liability parameters must be verified by your AcquirerThe liability parameters must be verified by your AcquirerThe liability parameters must be verified by your AcquirerThe liability parameters must be verified by your Acquirer
Mastercardndash An introduction to chip
copy COPYRIGHT ndash PARKING amp TRAFFIC CONSULTANTS
Liability Shift
bull The Liability shift is already in place ndash We are just waiting on deadlines
until the penalties start applying
bull PenaltiesPER TRANSACTION PER TERMINAL
bull Whatrsquos in it for the card schemes
bull Whatrsquos in it for the merchant
copy COPYRIGHT ndashPARKING amp TRAFFIC CONSULTANTS
SimpleIsnrsquot It
8122019 Emv Presentation
httpslidepdfcomreaderfullemv-presentation 48
1242011
4
The Complex Dialogue that is EMV amp PCI
PCI ndashDSS
bull PCI security standards are technical and operational requirements set by thePCI Security Standards Council (PCI SSC ) to protect cardholder data The
standards apply to all entities that store process or tran smit cardholder datandash with guidance for software developers and manufacturers of applicationsand devices used in those transactions
Source PCI Security Standards Council
PCI -Terms
bull The PCI DSSThe PCI DSSThe PCI DSSThe PCI DSS applies to all entities that store process andor transmitcardholder data It covers technical and operational system componentsincluded in or connected to cardholder data If you are a merchant who
accepts or processes payment cards you must comply with the PCI DSS (theorganisation)
bull The PAThe PAThe PAThe PA----DSSDSSDSSDSS is for software developers and integrators of paymentapplications that store process or transmit cardholder data as part ofauthorization or settlement when these applications are sold distributed orlicensed to third parties
bull The PCI PTSThe PCI PTSThe PCI PTSThe PCI PTS (formerly PCI P ED) is a set of security r equirements focused oncharacteristics and management of devices used in the protection ofcardholder PINs and other payment processing related activities Therequirements are for manufacturers to follow in the design manufactureand transport of a device to the entity that implements it Most r elevant is
the new standard ndash PCI-PTS (31) for payment terminals with no PIN entry(October 2011)
PTS= PIN Transaction Security
Source PCI Security Standards Council
PCI and EMV
bull However EMV by itself does not protect the confidentiality of or inappropriate accessHowever EMV by itself does not protect the confidentiality of or inappropriate accessHowever EMV by itself does not protect the confidentiality of or inappropriate accessHowever EMV by itself does not protect the confidentiality of or inappropriate accessto sensitive cardholder datato sensitive cardholder datato sensitive cardholder datato sensitive cardholder data Current EMV acceptance and processing environments
may process both EMV and non-EMV transactions (such as magnetic stripe or primaryaccount numbers (PAN) These non-EMV transactions do not have the same fraud-reduction capabilities of EMV transactions and consequently require additional
protection
bull In addition it is important to note that in EMV environments the PAN is not kept
confidential at any point in the transaction indeed it is necessary for the PAN to beprocessed by the point-of-sale terminal in the clear in order to complete critical stepsin the EMV transaction process The expiry date and other c ardholder data are also
transmitted in clear-text
bull The potential for these transaction types andor data elements to be exposed and
used fraudulently within both the face-to-face channel and the card-not-present
channel are the reasons why it is necessary to implement PCI DSS in todayrsquos EMVacceptance environment(s)
bull By design PCI DSS does not distinguish between underlying transaction securitymechanisms but instead seeks to protect the PAN and other sensitive authentication
data Both PCI and EMV are essential elements in the fight against fraud and dataexposure Together they provide the greatest level of security for cardholder datathroughout the entire transaction process
Source PCI Security Standards Council
Deadlines
VISA timeline
bull All new unattended payment terminals must be EMV from April 2012
bull All existing unattended transactions must change over to EMV by January
2014
MasterCard Timeline
bull All Unattended payment terminals must be EMV by April 2013
What if your bank is not ready to process EMV transactions in time forVisa mandate April 2012
What if the Merchant is not ready
bull Do you have budget deadlines that need to be submitted for 2012 ndash 2013
bull Need to get estimates for credit card upgrades including full scope of works
copy COPYRIGHT ndashPARKING amp TRAFFIC CONSULTANTS
Upgrades of current equipment
Off street
bull New EMV card readers installed (separate to a coding unit)
bull No PIN - Good News
On-street
bull New card readers
bull New CPU
bull New software
Other Changes
bull Gateway configuration
Only the equipment provider can provide a definitive answer
copy COPYRIGHT ndash PARKING amp TRAFFIC CONSULTANTS
8122019 Emv Presentation
httpslidepdfcomreaderfullemv-presentation 58
1242011
5
EMV Terminals ndash local options
All in one card reader ndash Level 1 amp 2
eg Hypercom
Open architecture solution ndash level 1
eg Magtek I-65
What is the difference and does it really matter
bull Answer speak to your bank Check for PCI Certification
copy COPYRIGHT ndashPARKING amp TRAFFIC CONSULTANTS
Key issues
bull Parking Equipment Upgrade Costs
bull What are the penalties for non-compliancebull Does the bank have a say in regards to the merchants choice of
equipment supplier
bull In light of the announcements recently from Visa and MC if amerchant has recently bought equipment that is not EMV enabled ndashbut the upgrade costs are high ndash what can they do
bull What are the equipment providers obliged to sell in the currentenvironment
bull For all new equipment ndash if it is ldquoEMV compliantrdquo but not ldquoEMV
enabledrdquo then what is involved in complete the process Is there anyadditional costs to the customer
bull Contactlesswhen is it going to roll out
copy COPYRIGHT ndash PARKING amp TRAFFIC CONSULTANTS
What is the business case for Shifting to EMV
Considerations
bull What is the true value of the liability shift
bull What is the real financial incentive
bull Capital upgrades ndash cost
bull Risk management factors (reduced fraud)
bull Compliance to current standards
bull Future proof
bull How old is the current equipment
copy COPYRIGHT ndashPARKING amp TRAFFIC CONSULTANTS
Stakeholder Collaboration ampConsultation
bull Suppliers to work with Third Party Certifiers + Banks + Acquirers
bull Merchants to determine what PCI obligations they may have
bull Gateway providers to assist as required
bull Organisations (eg Witham Labs) are available to assist with PCIcompliance
bull Acquirers must demonstrate leadership and direction
copy COPYRIGHT ndash PARKING amp TRAFFIC CONSULTANTS
ImplementationWhat are the responsibilities for each
stakeholder in regards to the roll out ofEMV
Stakeholders
1 COUNCILS amp CAR PARK OWNERS (THE MERCHANT)
2 BANKS (THE ACQUIRER)
3 PARKING EQUIPMENT PROVIDERS (SUPPLIERS)
4 GATEWAY PROVIDERS
copy COPYRIGHT ndash PARKING amp TRAFFIC CONSULTANTS
8122019 Emv Presentation
httpslidepdfcomreaderfullemv-presentation 68
1242011
6
The Merchant
bull Councils
bull Car park operators
bull Car park owners and managers
bull Universities
bull Hospitals
copy COPYRIGHT ndashPARKING amp TRAFFIC CONSULTANTS
The MerchantWho can you trust for the best advice
bull Your team ndash internal stakeholders
bull Must be your preferred bank
bull Get technical advice
bull Ensure they are ldquopart of the t eamrdquo
copy COPYRIGHT ndash PARKING amp TRAFFIC CONSULTANTS
Your bank ndash how they can help
bull Provide written advice regarding the changes to unattended transactions
ndash Timeframes
ndash Fines
ndash Liability shifts
bull How does this apply to transactions above and below $100
bull In what way does it include lost stolen and counterfeit cards
ndash Technical direction
bull Provide advice on PCI and EMV standards
bull Review current credit card payment solutions
bull Assist with the assessment of future upgrades and capital purchases ( canyou get them to sit on the panel)
bull Project manage the EMV certification process with the gateway providerssuppliers and independent certification agencies (eg Witham Labs andFIME)
copy COPYRIGHT ndashPARKING amp TRAFFIC CONSULTANTS
The Supplier
bull Understand EMV technical requirements
bull Develop a technical roadmap that includes contactless
bull Organise gateway partners and major banks
bull Develop or acquire EMV terminal hardware + software
bull Futureproof to include Contactless
copy COPYRIGHT ndash PARKING amp TRAFFIC CONSULTANTS
EMV Certification Process
983107983141983154983156983145983142983161983145983150983143983137983143983141983150983139983161
(983141983143 983110983113983117983109)
983124983144983141
983106983137983150983147
983124983144983141
983111983137983156983141983159983137983161
983152983154983151983158983145983140983141983154
983124983144983141
983123983157983152983152983148983145983141983154
983123983157983152983152983148983145983141983154 983140983141983158983141983148983151983152983155 983156983141983139983144983150983145983139983137983148
983152983154983151983140983157983139983156
983123983157983152983152983148983145983141983154 983149983137983150983137983143983141983155 983109983117983126
983139983141983154983156983145983142983145983139983137983156983145983151983150 983137983150983140 983120983107983113 983142983151983154
983137983152983152983148983145983139983137983138983148983141 983152983137983161983149983141983150983156 983155983151983148983157983156983145983151983150983155
983123983157983152983152983148983145983141983154 991251 983143983137983156983141983159983137983161 983152983154983151983158983145983140983141983154 991251
983105983139983153983157983145983154983145983150983143 983138983137983150983147 983141983155983156983137983138983148983145983155983144983141983155 983137
983159983151983154983147983145983150983143 983143983154983151983157983152
983109983117983126 983156983141983155983156983145983150983143 983139983151983149983149983141983150983139983141983155 991251
983140983137983156983137 983148983151983143983155 983137983154983141 983139983154983141983137983156983141983140
983105983148983148 983140983137983156983137 983137983150983140 983148983151983143983155 983137983154983141
983155983157983138983149983145983156983156983141983140 983156983151 983137983150 983109983117983126
983139983141983154983156983145983142983161983145983150983143 983138983151983140983161 983142983151983154 983158983141983154983145983142983145983139983137983156983145983151983150
983107983137983154983140 983123983139983144983141983149983141 983145983155983155983157983141983155 983148983141983156983156983141983154 983151983142
983137983152983152983154983151983158983137983148
copy COPYRIGHT ndashPARKING amp TRAFFIC CONSULTANTS
Put IT in writing
bull EMV status of current equipment
ndash Are the reader EMV level 1 compliant at least
bull What is the end-to-end upgrade to EMV
ndash What will it cost
ndash When will it be ready
ndash Which banks and gateway providers is this compatible with
bull Overseas EMV certification (eg Europe) next steps
ndash Local gateway and banking partners (SPECIFIC DATA FIELDS MUST BEACCOMODATED BY THE BANK)
ndash Local testing for MasterCard and Visa
ndash Letters of Approval for local solutions
ndash Relevant PCI compliance
copy COPYRIGHT ndash PARKING amp TRAFFIC CONSULTANTS
8122019 Emv Presentation
httpslidepdfcomreaderfullemv-presentation 78
1242011
7
Gateway Providers
bull There are a variety of gateway providers that have varying depths ofplatforms They are the link between the merchant and the acquirer
bull The banks do not have the capacity to develop a new in terface every time anew merchant comes along with a new device OR there are new bankingrequirements that affect interface architecture
bull The gateway provider becomes a partner to the bank in that they take onboard the banking mandates on their behalf
Key Roles
1 ndash An Aggregator and interface provider that develops the technology tofacilitate merchant transactions
2 ndash And when required ndash educate merchants
bull The gateway provider may decide to become involved in technology and
develop a plug and play terminal for the unattended (or attended) market
copy COPYRIGHT ndashPARKING amp TRAFFIC CONSULTANTS
The Acquirer (The Bank)
bull Likely to NOT be EMV ready for unattended transactions
bull Currently handling EMV for ATTENDED transactionshoweverbull Need to update system (in some instances) to handle the extra data
elements relating to unattended transactions
bull Please do not send out the relationship manager to ldquorelayrdquo questionsand answers Get one of the technical people to be included inclient meetings
copy COPYRIGHT ndash PARKING amp TRAFFIC CONSULTANTS
The Merchant (Part 2) ndash Dorsquos and Donts
bull Establish a working groupworking groupworking groupworking group that includes internal staff (operations financecontracts etc) plus representatives from the bank
bull DO NOT GET INTO THE BUSINESS OF STORING CREDIT CARD DATA ndashou tsourcethis to your providers
bull Ensure you have contracts in place to cover parking equipment maintenancebanking gateway processes These contracts must stipulatebull PCI certification is current and relevant to the applications being used and
covers the process end-to-endbull Relevant technology has EMV certification (Levels 1 amp 2)bull Card Scheme approval of the solutionbull Liability shifts are clearbull Upgrade costs are well definedbull No increases in merchant fees
bull Any current EMV architecture is relevant and will contribute to a futureupgrade
bull Back of office management systems and reporting will continue withminimal disruption to transaction history Credit Card History can be trackedon back office systems (with the permission of the card holder only)
bull YOU MUST WORK WITH YOUR BANK AS THE PRIMARY PARTNER IN THE PROCESSTHEY MUST UNDERSTAND THE ENTIRE SITUATION ON A TECHNICAL AND RISKMANAGEMENT LEVEL
copy COPYRIGHT ndashPARKING amp TRAFFIC CONSULTANTS
Budget Implications
bull Forecasting cost to upgrade in 2012 ndash 2013
bull Local Councils ndash procurement guidelines and ldquoexceptional circumstancesrdquo
bull Do your current contracts with your suppliers cover EM V retrofitting andmaintenance
copy COPYRIGHT ndash PARKING amp TRAFFIC CONSULTANTS
Conclusion
bull EMV solutions must be ldquoend to endrdquo for it work EM V ldquocompliantrdquo solutionsdo not necessarily stack up
bull Unattended ndash No CVM ndash No PIN ndash Online (Floor limit = 0)
bull The Acquirer is ultimately responsible for verifying the EMV and P CIcompliance for the merchants facilities Merchant cannot be expected toknow if a transaction is EMV or not and is securely transmitted
bull Acquirers must assist with project management of the EMV certificationprocess
bull Any claims made by suppliers must be put in writing with technicaldiagrams and specifications and verified by the bank
bull Your bank is expected to have a clear vision and roadmap for EMV andcontactless in the unattended space ndashincluding liability rules fines and
technical aspects of EMV for both MasterCard and Visa
bull A Working group is essential to ensure a united position on various issuesand that the journey is a lot smoother
bull The merchant (Council car park owners) must be given a chance to upgrade
their current facilities with sufficient time to allow for budgetingprocurement and implementation
copy COPYRIGHT ndashPARKING amp TRAFFIC CONSULTANTS
Contactless ndash how does it fit into the
picturebull AMEX ndash latest developments ndash commence rolling out chip cards
before XMAS
bull Mag stripe for HOW LONG Currently used as a fall back
bull Contact ndashTHEN ndash Contactless How and EMV solution easily bridgesthe gap to introduce contactless
bull Benefits of contactless Transit systems ndash reduce read errors andmaintenance Near Field communication Faster transactions
copy COPYRIGHT ndash PARKING amp TRAFFIC CONSULTANTS
8122019 Emv Presentation
httpslidepdfcomreaderfullemv-presentation 88
1242011
8
Next Steps
bull Other options in the meantime
ndash Pay by phone ndash Coin only For some meters with low revenue
bull Expected increases in ldquoCard not presentrdquo fraud due to EMV
bull Develop a consistent message on what
ndash Parking Association role PAA steering g roup
Regular updates on changes to PCI and EMV for unattended
ndash Councils to work together
copy COPYRIGHT ndashPARKING amp TRAFFIC CONSULTANTS
for more informationvisit us at parkingconsultantscomparkingconsultantscomparkingconsultantscomparkingconsultantscom
subscribe to
for the latest in parking industry
news
copy COPYRIGHT ndash PARKING amp TRAFFIC CONSULTANTS
8122019 Emv Presentation
httpslidepdfcomreaderfullemv-presentation 48
1242011
4
The Complex Dialogue that is EMV amp PCI
PCI ndashDSS
bull PCI security standards are technical and operational requirements set by thePCI Security Standards Council (PCI SSC ) to protect cardholder data The
standards apply to all entities that store process or tran smit cardholder datandash with guidance for software developers and manufacturers of applicationsand devices used in those transactions
Source PCI Security Standards Council
PCI -Terms
bull The PCI DSSThe PCI DSSThe PCI DSSThe PCI DSS applies to all entities that store process andor transmitcardholder data It covers technical and operational system componentsincluded in or connected to cardholder data If you are a merchant who
accepts or processes payment cards you must comply with the PCI DSS (theorganisation)
bull The PAThe PAThe PAThe PA----DSSDSSDSSDSS is for software developers and integrators of paymentapplications that store process or transmit cardholder data as part ofauthorization or settlement when these applications are sold distributed orlicensed to third parties
bull The PCI PTSThe PCI PTSThe PCI PTSThe PCI PTS (formerly PCI P ED) is a set of security r equirements focused oncharacteristics and management of devices used in the protection ofcardholder PINs and other payment processing related activities Therequirements are for manufacturers to follow in the design manufactureand transport of a device to the entity that implements it Most r elevant is
the new standard ndash PCI-PTS (31) for payment terminals with no PIN entry(October 2011)
PTS= PIN Transaction Security
Source PCI Security Standards Council
PCI and EMV
bull However EMV by itself does not protect the confidentiality of or inappropriate accessHowever EMV by itself does not protect the confidentiality of or inappropriate accessHowever EMV by itself does not protect the confidentiality of or inappropriate accessHowever EMV by itself does not protect the confidentiality of or inappropriate accessto sensitive cardholder datato sensitive cardholder datato sensitive cardholder datato sensitive cardholder data Current EMV acceptance and processing environments
may process both EMV and non-EMV transactions (such as magnetic stripe or primaryaccount numbers (PAN) These non-EMV transactions do not have the same fraud-reduction capabilities of EMV transactions and consequently require additional
protection
bull In addition it is important to note that in EMV environments the PAN is not kept
confidential at any point in the transaction indeed it is necessary for the PAN to beprocessed by the point-of-sale terminal in the clear in order to complete critical stepsin the EMV transaction process The expiry date and other c ardholder data are also
transmitted in clear-text
bull The potential for these transaction types andor data elements to be exposed and
used fraudulently within both the face-to-face channel and the card-not-present
channel are the reasons why it is necessary to implement PCI DSS in todayrsquos EMVacceptance environment(s)
bull By design PCI DSS does not distinguish between underlying transaction securitymechanisms but instead seeks to protect the PAN and other sensitive authentication
data Both PCI and EMV are essential elements in the fight against fraud and dataexposure Together they provide the greatest level of security for cardholder datathroughout the entire transaction process
Source PCI Security Standards Council
Deadlines
VISA timeline
bull All new unattended payment terminals must be EMV from April 2012
bull All existing unattended transactions must change over to EMV by January
2014
MasterCard Timeline
bull All Unattended payment terminals must be EMV by April 2013
What if your bank is not ready to process EMV transactions in time forVisa mandate April 2012
What if the Merchant is not ready
bull Do you have budget deadlines that need to be submitted for 2012 ndash 2013
bull Need to get estimates for credit card upgrades including full scope of works
copy COPYRIGHT ndashPARKING amp TRAFFIC CONSULTANTS
Upgrades of current equipment
Off street
bull New EMV card readers installed (separate to a coding unit)
bull No PIN - Good News
On-street
bull New card readers
bull New CPU
bull New software
Other Changes
bull Gateway configuration
Only the equipment provider can provide a definitive answer
copy COPYRIGHT ndash PARKING amp TRAFFIC CONSULTANTS
8122019 Emv Presentation
httpslidepdfcomreaderfullemv-presentation 58
1242011
5
EMV Terminals ndash local options
All in one card reader ndash Level 1 amp 2
eg Hypercom
Open architecture solution ndash level 1
eg Magtek I-65
What is the difference and does it really matter
bull Answer speak to your bank Check for PCI Certification
copy COPYRIGHT ndashPARKING amp TRAFFIC CONSULTANTS
Key issues
bull Parking Equipment Upgrade Costs
bull What are the penalties for non-compliancebull Does the bank have a say in regards to the merchants choice of
equipment supplier
bull In light of the announcements recently from Visa and MC if amerchant has recently bought equipment that is not EMV enabled ndashbut the upgrade costs are high ndash what can they do
bull What are the equipment providers obliged to sell in the currentenvironment
bull For all new equipment ndash if it is ldquoEMV compliantrdquo but not ldquoEMV
enabledrdquo then what is involved in complete the process Is there anyadditional costs to the customer
bull Contactlesswhen is it going to roll out
copy COPYRIGHT ndash PARKING amp TRAFFIC CONSULTANTS
What is the business case for Shifting to EMV
Considerations
bull What is the true value of the liability shift
bull What is the real financial incentive
bull Capital upgrades ndash cost
bull Risk management factors (reduced fraud)
bull Compliance to current standards
bull Future proof
bull How old is the current equipment
copy COPYRIGHT ndashPARKING amp TRAFFIC CONSULTANTS
Stakeholder Collaboration ampConsultation
bull Suppliers to work with Third Party Certifiers + Banks + Acquirers
bull Merchants to determine what PCI obligations they may have
bull Gateway providers to assist as required
bull Organisations (eg Witham Labs) are available to assist with PCIcompliance
bull Acquirers must demonstrate leadership and direction
copy COPYRIGHT ndash PARKING amp TRAFFIC CONSULTANTS
ImplementationWhat are the responsibilities for each
stakeholder in regards to the roll out ofEMV
Stakeholders
1 COUNCILS amp CAR PARK OWNERS (THE MERCHANT)
2 BANKS (THE ACQUIRER)
3 PARKING EQUIPMENT PROVIDERS (SUPPLIERS)
4 GATEWAY PROVIDERS
copy COPYRIGHT ndash PARKING amp TRAFFIC CONSULTANTS
8122019 Emv Presentation
httpslidepdfcomreaderfullemv-presentation 68
1242011
6
The Merchant
bull Councils
bull Car park operators
bull Car park owners and managers
bull Universities
bull Hospitals
copy COPYRIGHT ndashPARKING amp TRAFFIC CONSULTANTS
The MerchantWho can you trust for the best advice
bull Your team ndash internal stakeholders
bull Must be your preferred bank
bull Get technical advice
bull Ensure they are ldquopart of the t eamrdquo
copy COPYRIGHT ndash PARKING amp TRAFFIC CONSULTANTS
Your bank ndash how they can help
bull Provide written advice regarding the changes to unattended transactions
ndash Timeframes
ndash Fines
ndash Liability shifts
bull How does this apply to transactions above and below $100
bull In what way does it include lost stolen and counterfeit cards
ndash Technical direction
bull Provide advice on PCI and EMV standards
bull Review current credit card payment solutions
bull Assist with the assessment of future upgrades and capital purchases ( canyou get them to sit on the panel)
bull Project manage the EMV certification process with the gateway providerssuppliers and independent certification agencies (eg Witham Labs andFIME)
copy COPYRIGHT ndashPARKING amp TRAFFIC CONSULTANTS
The Supplier
bull Understand EMV technical requirements
bull Develop a technical roadmap that includes contactless
bull Organise gateway partners and major banks
bull Develop or acquire EMV terminal hardware + software
bull Futureproof to include Contactless
copy COPYRIGHT ndash PARKING amp TRAFFIC CONSULTANTS
EMV Certification Process
983107983141983154983156983145983142983161983145983150983143983137983143983141983150983139983161
(983141983143 983110983113983117983109)
983124983144983141
983106983137983150983147
983124983144983141
983111983137983156983141983159983137983161
983152983154983151983158983145983140983141983154
983124983144983141
983123983157983152983152983148983145983141983154
983123983157983152983152983148983145983141983154 983140983141983158983141983148983151983152983155 983156983141983139983144983150983145983139983137983148
983152983154983151983140983157983139983156
983123983157983152983152983148983145983141983154 983149983137983150983137983143983141983155 983109983117983126
983139983141983154983156983145983142983145983139983137983156983145983151983150 983137983150983140 983120983107983113 983142983151983154
983137983152983152983148983145983139983137983138983148983141 983152983137983161983149983141983150983156 983155983151983148983157983156983145983151983150983155
983123983157983152983152983148983145983141983154 991251 983143983137983156983141983159983137983161 983152983154983151983158983145983140983141983154 991251
983105983139983153983157983145983154983145983150983143 983138983137983150983147 983141983155983156983137983138983148983145983155983144983141983155 983137
983159983151983154983147983145983150983143 983143983154983151983157983152
983109983117983126 983156983141983155983156983145983150983143 983139983151983149983149983141983150983139983141983155 991251
983140983137983156983137 983148983151983143983155 983137983154983141 983139983154983141983137983156983141983140
983105983148983148 983140983137983156983137 983137983150983140 983148983151983143983155 983137983154983141
983155983157983138983149983145983156983156983141983140 983156983151 983137983150 983109983117983126
983139983141983154983156983145983142983161983145983150983143 983138983151983140983161 983142983151983154 983158983141983154983145983142983145983139983137983156983145983151983150
983107983137983154983140 983123983139983144983141983149983141 983145983155983155983157983141983155 983148983141983156983156983141983154 983151983142
983137983152983152983154983151983158983137983148
copy COPYRIGHT ndashPARKING amp TRAFFIC CONSULTANTS
Put IT in writing
bull EMV status of current equipment
ndash Are the reader EMV level 1 compliant at least
bull What is the end-to-end upgrade to EMV
ndash What will it cost
ndash When will it be ready
ndash Which banks and gateway providers is this compatible with
bull Overseas EMV certification (eg Europe) next steps
ndash Local gateway and banking partners (SPECIFIC DATA FIELDS MUST BEACCOMODATED BY THE BANK)
ndash Local testing for MasterCard and Visa
ndash Letters of Approval for local solutions
ndash Relevant PCI compliance
copy COPYRIGHT ndash PARKING amp TRAFFIC CONSULTANTS
8122019 Emv Presentation
httpslidepdfcomreaderfullemv-presentation 78
1242011
7
Gateway Providers
bull There are a variety of gateway providers that have varying depths ofplatforms They are the link between the merchant and the acquirer
bull The banks do not have the capacity to develop a new in terface every time anew merchant comes along with a new device OR there are new bankingrequirements that affect interface architecture
bull The gateway provider becomes a partner to the bank in that they take onboard the banking mandates on their behalf
Key Roles
1 ndash An Aggregator and interface provider that develops the technology tofacilitate merchant transactions
2 ndash And when required ndash educate merchants
bull The gateway provider may decide to become involved in technology and
develop a plug and play terminal for the unattended (or attended) market
copy COPYRIGHT ndashPARKING amp TRAFFIC CONSULTANTS
The Acquirer (The Bank)
bull Likely to NOT be EMV ready for unattended transactions
bull Currently handling EMV for ATTENDED transactionshoweverbull Need to update system (in some instances) to handle the extra data
elements relating to unattended transactions
bull Please do not send out the relationship manager to ldquorelayrdquo questionsand answers Get one of the technical people to be included inclient meetings
copy COPYRIGHT ndash PARKING amp TRAFFIC CONSULTANTS
The Merchant (Part 2) ndash Dorsquos and Donts
bull Establish a working groupworking groupworking groupworking group that includes internal staff (operations financecontracts etc) plus representatives from the bank
bull DO NOT GET INTO THE BUSINESS OF STORING CREDIT CARD DATA ndashou tsourcethis to your providers
bull Ensure you have contracts in place to cover parking equipment maintenancebanking gateway processes These contracts must stipulatebull PCI certification is current and relevant to the applications being used and
covers the process end-to-endbull Relevant technology has EMV certification (Levels 1 amp 2)bull Card Scheme approval of the solutionbull Liability shifts are clearbull Upgrade costs are well definedbull No increases in merchant fees
bull Any current EMV architecture is relevant and will contribute to a futureupgrade
bull Back of office management systems and reporting will continue withminimal disruption to transaction history Credit Card History can be trackedon back office systems (with the permission of the card holder only)
bull YOU MUST WORK WITH YOUR BANK AS THE PRIMARY PARTNER IN THE PROCESSTHEY MUST UNDERSTAND THE ENTIRE SITUATION ON A TECHNICAL AND RISKMANAGEMENT LEVEL
copy COPYRIGHT ndashPARKING amp TRAFFIC CONSULTANTS
Budget Implications
bull Forecasting cost to upgrade in 2012 ndash 2013
bull Local Councils ndash procurement guidelines and ldquoexceptional circumstancesrdquo
bull Do your current contracts with your suppliers cover EM V retrofitting andmaintenance
copy COPYRIGHT ndash PARKING amp TRAFFIC CONSULTANTS
Conclusion
bull EMV solutions must be ldquoend to endrdquo for it work EM V ldquocompliantrdquo solutionsdo not necessarily stack up
bull Unattended ndash No CVM ndash No PIN ndash Online (Floor limit = 0)
bull The Acquirer is ultimately responsible for verifying the EMV and P CIcompliance for the merchants facilities Merchant cannot be expected toknow if a transaction is EMV or not and is securely transmitted
bull Acquirers must assist with project management of the EMV certificationprocess
bull Any claims made by suppliers must be put in writing with technicaldiagrams and specifications and verified by the bank
bull Your bank is expected to have a clear vision and roadmap for EMV andcontactless in the unattended space ndashincluding liability rules fines and
technical aspects of EMV for both MasterCard and Visa
bull A Working group is essential to ensure a united position on various issuesand that the journey is a lot smoother
bull The merchant (Council car park owners) must be given a chance to upgrade
their current facilities with sufficient time to allow for budgetingprocurement and implementation
copy COPYRIGHT ndashPARKING amp TRAFFIC CONSULTANTS
Contactless ndash how does it fit into the
picturebull AMEX ndash latest developments ndash commence rolling out chip cards
before XMAS
bull Mag stripe for HOW LONG Currently used as a fall back
bull Contact ndashTHEN ndash Contactless How and EMV solution easily bridgesthe gap to introduce contactless
bull Benefits of contactless Transit systems ndash reduce read errors andmaintenance Near Field communication Faster transactions
copy COPYRIGHT ndash PARKING amp TRAFFIC CONSULTANTS
8122019 Emv Presentation
httpslidepdfcomreaderfullemv-presentation 88
1242011
8
Next Steps
bull Other options in the meantime
ndash Pay by phone ndash Coin only For some meters with low revenue
bull Expected increases in ldquoCard not presentrdquo fraud due to EMV
bull Develop a consistent message on what
ndash Parking Association role PAA steering g roup
Regular updates on changes to PCI and EMV for unattended
ndash Councils to work together
copy COPYRIGHT ndashPARKING amp TRAFFIC CONSULTANTS
for more informationvisit us at parkingconsultantscomparkingconsultantscomparkingconsultantscomparkingconsultantscom
subscribe to
for the latest in parking industry
news
copy COPYRIGHT ndash PARKING amp TRAFFIC CONSULTANTS
8122019 Emv Presentation
httpslidepdfcomreaderfullemv-presentation 58
1242011
5
EMV Terminals ndash local options
All in one card reader ndash Level 1 amp 2
eg Hypercom
Open architecture solution ndash level 1
eg Magtek I-65
What is the difference and does it really matter
bull Answer speak to your bank Check for PCI Certification
copy COPYRIGHT ndashPARKING amp TRAFFIC CONSULTANTS
Key issues
bull Parking Equipment Upgrade Costs
bull What are the penalties for non-compliancebull Does the bank have a say in regards to the merchants choice of
equipment supplier
bull In light of the announcements recently from Visa and MC if amerchant has recently bought equipment that is not EMV enabled ndashbut the upgrade costs are high ndash what can they do
bull What are the equipment providers obliged to sell in the currentenvironment
bull For all new equipment ndash if it is ldquoEMV compliantrdquo but not ldquoEMV
enabledrdquo then what is involved in complete the process Is there anyadditional costs to the customer
bull Contactlesswhen is it going to roll out
copy COPYRIGHT ndash PARKING amp TRAFFIC CONSULTANTS
What is the business case for Shifting to EMV
Considerations
bull What is the true value of the liability shift
bull What is the real financial incentive
bull Capital upgrades ndash cost
bull Risk management factors (reduced fraud)
bull Compliance to current standards
bull Future proof
bull How old is the current equipment
copy COPYRIGHT ndashPARKING amp TRAFFIC CONSULTANTS
Stakeholder Collaboration ampConsultation
bull Suppliers to work with Third Party Certifiers + Banks + Acquirers
bull Merchants to determine what PCI obligations they may have
bull Gateway providers to assist as required
bull Organisations (eg Witham Labs) are available to assist with PCIcompliance
bull Acquirers must demonstrate leadership and direction
copy COPYRIGHT ndash PARKING amp TRAFFIC CONSULTANTS
ImplementationWhat are the responsibilities for each
stakeholder in regards to the roll out ofEMV
Stakeholders
1 COUNCILS amp CAR PARK OWNERS (THE MERCHANT)
2 BANKS (THE ACQUIRER)
3 PARKING EQUIPMENT PROVIDERS (SUPPLIERS)
4 GATEWAY PROVIDERS
copy COPYRIGHT ndash PARKING amp TRAFFIC CONSULTANTS
8122019 Emv Presentation
httpslidepdfcomreaderfullemv-presentation 68
1242011
6
The Merchant
bull Councils
bull Car park operators
bull Car park owners and managers
bull Universities
bull Hospitals
copy COPYRIGHT ndashPARKING amp TRAFFIC CONSULTANTS
The MerchantWho can you trust for the best advice
bull Your team ndash internal stakeholders
bull Must be your preferred bank
bull Get technical advice
bull Ensure they are ldquopart of the t eamrdquo
copy COPYRIGHT ndash PARKING amp TRAFFIC CONSULTANTS
Your bank ndash how they can help
bull Provide written advice regarding the changes to unattended transactions
ndash Timeframes
ndash Fines
ndash Liability shifts
bull How does this apply to transactions above and below $100
bull In what way does it include lost stolen and counterfeit cards
ndash Technical direction
bull Provide advice on PCI and EMV standards
bull Review current credit card payment solutions
bull Assist with the assessment of future upgrades and capital purchases ( canyou get them to sit on the panel)
bull Project manage the EMV certification process with the gateway providerssuppliers and independent certification agencies (eg Witham Labs andFIME)
copy COPYRIGHT ndashPARKING amp TRAFFIC CONSULTANTS
The Supplier
bull Understand EMV technical requirements
bull Develop a technical roadmap that includes contactless
bull Organise gateway partners and major banks
bull Develop or acquire EMV terminal hardware + software
bull Futureproof to include Contactless
copy COPYRIGHT ndash PARKING amp TRAFFIC CONSULTANTS
EMV Certification Process
983107983141983154983156983145983142983161983145983150983143983137983143983141983150983139983161
(983141983143 983110983113983117983109)
983124983144983141
983106983137983150983147
983124983144983141
983111983137983156983141983159983137983161
983152983154983151983158983145983140983141983154
983124983144983141
983123983157983152983152983148983145983141983154
983123983157983152983152983148983145983141983154 983140983141983158983141983148983151983152983155 983156983141983139983144983150983145983139983137983148
983152983154983151983140983157983139983156
983123983157983152983152983148983145983141983154 983149983137983150983137983143983141983155 983109983117983126
983139983141983154983156983145983142983145983139983137983156983145983151983150 983137983150983140 983120983107983113 983142983151983154
983137983152983152983148983145983139983137983138983148983141 983152983137983161983149983141983150983156 983155983151983148983157983156983145983151983150983155
983123983157983152983152983148983145983141983154 991251 983143983137983156983141983159983137983161 983152983154983151983158983145983140983141983154 991251
983105983139983153983157983145983154983145983150983143 983138983137983150983147 983141983155983156983137983138983148983145983155983144983141983155 983137
983159983151983154983147983145983150983143 983143983154983151983157983152
983109983117983126 983156983141983155983156983145983150983143 983139983151983149983149983141983150983139983141983155 991251
983140983137983156983137 983148983151983143983155 983137983154983141 983139983154983141983137983156983141983140
983105983148983148 983140983137983156983137 983137983150983140 983148983151983143983155 983137983154983141
983155983157983138983149983145983156983156983141983140 983156983151 983137983150 983109983117983126
983139983141983154983156983145983142983161983145983150983143 983138983151983140983161 983142983151983154 983158983141983154983145983142983145983139983137983156983145983151983150
983107983137983154983140 983123983139983144983141983149983141 983145983155983155983157983141983155 983148983141983156983156983141983154 983151983142
983137983152983152983154983151983158983137983148
copy COPYRIGHT ndashPARKING amp TRAFFIC CONSULTANTS
Put IT in writing
bull EMV status of current equipment
ndash Are the reader EMV level 1 compliant at least
bull What is the end-to-end upgrade to EMV
ndash What will it cost
ndash When will it be ready
ndash Which banks and gateway providers is this compatible with
bull Overseas EMV certification (eg Europe) next steps
ndash Local gateway and banking partners (SPECIFIC DATA FIELDS MUST BEACCOMODATED BY THE BANK)
ndash Local testing for MasterCard and Visa
ndash Letters of Approval for local solutions
ndash Relevant PCI compliance
copy COPYRIGHT ndash PARKING amp TRAFFIC CONSULTANTS
8122019 Emv Presentation
httpslidepdfcomreaderfullemv-presentation 78
1242011
7
Gateway Providers
bull There are a variety of gateway providers that have varying depths ofplatforms They are the link between the merchant and the acquirer
bull The banks do not have the capacity to develop a new in terface every time anew merchant comes along with a new device OR there are new bankingrequirements that affect interface architecture
bull The gateway provider becomes a partner to the bank in that they take onboard the banking mandates on their behalf
Key Roles
1 ndash An Aggregator and interface provider that develops the technology tofacilitate merchant transactions
2 ndash And when required ndash educate merchants
bull The gateway provider may decide to become involved in technology and
develop a plug and play terminal for the unattended (or attended) market
copy COPYRIGHT ndashPARKING amp TRAFFIC CONSULTANTS
The Acquirer (The Bank)
bull Likely to NOT be EMV ready for unattended transactions
bull Currently handling EMV for ATTENDED transactionshoweverbull Need to update system (in some instances) to handle the extra data
elements relating to unattended transactions
bull Please do not send out the relationship manager to ldquorelayrdquo questionsand answers Get one of the technical people to be included inclient meetings
copy COPYRIGHT ndash PARKING amp TRAFFIC CONSULTANTS
The Merchant (Part 2) ndash Dorsquos and Donts
bull Establish a working groupworking groupworking groupworking group that includes internal staff (operations financecontracts etc) plus representatives from the bank
bull DO NOT GET INTO THE BUSINESS OF STORING CREDIT CARD DATA ndashou tsourcethis to your providers
bull Ensure you have contracts in place to cover parking equipment maintenancebanking gateway processes These contracts must stipulatebull PCI certification is current and relevant to the applications being used and
covers the process end-to-endbull Relevant technology has EMV certification (Levels 1 amp 2)bull Card Scheme approval of the solutionbull Liability shifts are clearbull Upgrade costs are well definedbull No increases in merchant fees
bull Any current EMV architecture is relevant and will contribute to a futureupgrade
bull Back of office management systems and reporting will continue withminimal disruption to transaction history Credit Card History can be trackedon back office systems (with the permission of the card holder only)
bull YOU MUST WORK WITH YOUR BANK AS THE PRIMARY PARTNER IN THE PROCESSTHEY MUST UNDERSTAND THE ENTIRE SITUATION ON A TECHNICAL AND RISKMANAGEMENT LEVEL
copy COPYRIGHT ndashPARKING amp TRAFFIC CONSULTANTS
Budget Implications
bull Forecasting cost to upgrade in 2012 ndash 2013
bull Local Councils ndash procurement guidelines and ldquoexceptional circumstancesrdquo
bull Do your current contracts with your suppliers cover EM V retrofitting andmaintenance
copy COPYRIGHT ndash PARKING amp TRAFFIC CONSULTANTS
Conclusion
bull EMV solutions must be ldquoend to endrdquo for it work EM V ldquocompliantrdquo solutionsdo not necessarily stack up
bull Unattended ndash No CVM ndash No PIN ndash Online (Floor limit = 0)
bull The Acquirer is ultimately responsible for verifying the EMV and P CIcompliance for the merchants facilities Merchant cannot be expected toknow if a transaction is EMV or not and is securely transmitted
bull Acquirers must assist with project management of the EMV certificationprocess
bull Any claims made by suppliers must be put in writing with technicaldiagrams and specifications and verified by the bank
bull Your bank is expected to have a clear vision and roadmap for EMV andcontactless in the unattended space ndashincluding liability rules fines and
technical aspects of EMV for both MasterCard and Visa
bull A Working group is essential to ensure a united position on various issuesand that the journey is a lot smoother
bull The merchant (Council car park owners) must be given a chance to upgrade
their current facilities with sufficient time to allow for budgetingprocurement and implementation
copy COPYRIGHT ndashPARKING amp TRAFFIC CONSULTANTS
Contactless ndash how does it fit into the
picturebull AMEX ndash latest developments ndash commence rolling out chip cards
before XMAS
bull Mag stripe for HOW LONG Currently used as a fall back
bull Contact ndashTHEN ndash Contactless How and EMV solution easily bridgesthe gap to introduce contactless
bull Benefits of contactless Transit systems ndash reduce read errors andmaintenance Near Field communication Faster transactions
copy COPYRIGHT ndash PARKING amp TRAFFIC CONSULTANTS
8122019 Emv Presentation
httpslidepdfcomreaderfullemv-presentation 88
1242011
8
Next Steps
bull Other options in the meantime
ndash Pay by phone ndash Coin only For some meters with low revenue
bull Expected increases in ldquoCard not presentrdquo fraud due to EMV
bull Develop a consistent message on what
ndash Parking Association role PAA steering g roup
Regular updates on changes to PCI and EMV for unattended
ndash Councils to work together
copy COPYRIGHT ndashPARKING amp TRAFFIC CONSULTANTS
for more informationvisit us at parkingconsultantscomparkingconsultantscomparkingconsultantscomparkingconsultantscom
subscribe to
for the latest in parking industry
news
copy COPYRIGHT ndash PARKING amp TRAFFIC CONSULTANTS
8122019 Emv Presentation
httpslidepdfcomreaderfullemv-presentation 68
1242011
6
The Merchant
bull Councils
bull Car park operators
bull Car park owners and managers
bull Universities
bull Hospitals
copy COPYRIGHT ndashPARKING amp TRAFFIC CONSULTANTS
The MerchantWho can you trust for the best advice
bull Your team ndash internal stakeholders
bull Must be your preferred bank
bull Get technical advice
bull Ensure they are ldquopart of the t eamrdquo
copy COPYRIGHT ndash PARKING amp TRAFFIC CONSULTANTS
Your bank ndash how they can help
bull Provide written advice regarding the changes to unattended transactions
ndash Timeframes
ndash Fines
ndash Liability shifts
bull How does this apply to transactions above and below $100
bull In what way does it include lost stolen and counterfeit cards
ndash Technical direction
bull Provide advice on PCI and EMV standards
bull Review current credit card payment solutions
bull Assist with the assessment of future upgrades and capital purchases ( canyou get them to sit on the panel)
bull Project manage the EMV certification process with the gateway providerssuppliers and independent certification agencies (eg Witham Labs andFIME)
copy COPYRIGHT ndashPARKING amp TRAFFIC CONSULTANTS
The Supplier
bull Understand EMV technical requirements
bull Develop a technical roadmap that includes contactless
bull Organise gateway partners and major banks
bull Develop or acquire EMV terminal hardware + software
bull Futureproof to include Contactless
copy COPYRIGHT ndash PARKING amp TRAFFIC CONSULTANTS
EMV Certification Process
983107983141983154983156983145983142983161983145983150983143983137983143983141983150983139983161
(983141983143 983110983113983117983109)
983124983144983141
983106983137983150983147
983124983144983141
983111983137983156983141983159983137983161
983152983154983151983158983145983140983141983154
983124983144983141
983123983157983152983152983148983145983141983154
983123983157983152983152983148983145983141983154 983140983141983158983141983148983151983152983155 983156983141983139983144983150983145983139983137983148
983152983154983151983140983157983139983156
983123983157983152983152983148983145983141983154 983149983137983150983137983143983141983155 983109983117983126
983139983141983154983156983145983142983145983139983137983156983145983151983150 983137983150983140 983120983107983113 983142983151983154
983137983152983152983148983145983139983137983138983148983141 983152983137983161983149983141983150983156 983155983151983148983157983156983145983151983150983155
983123983157983152983152983148983145983141983154 991251 983143983137983156983141983159983137983161 983152983154983151983158983145983140983141983154 991251
983105983139983153983157983145983154983145983150983143 983138983137983150983147 983141983155983156983137983138983148983145983155983144983141983155 983137
983159983151983154983147983145983150983143 983143983154983151983157983152
983109983117983126 983156983141983155983156983145983150983143 983139983151983149983149983141983150983139983141983155 991251
983140983137983156983137 983148983151983143983155 983137983154983141 983139983154983141983137983156983141983140
983105983148983148 983140983137983156983137 983137983150983140 983148983151983143983155 983137983154983141
983155983157983138983149983145983156983156983141983140 983156983151 983137983150 983109983117983126
983139983141983154983156983145983142983161983145983150983143 983138983151983140983161 983142983151983154 983158983141983154983145983142983145983139983137983156983145983151983150
983107983137983154983140 983123983139983144983141983149983141 983145983155983155983157983141983155 983148983141983156983156983141983154 983151983142
983137983152983152983154983151983158983137983148
copy COPYRIGHT ndashPARKING amp TRAFFIC CONSULTANTS
Put IT in writing
bull EMV status of current equipment
ndash Are the reader EMV level 1 compliant at least
bull What is the end-to-end upgrade to EMV
ndash What will it cost
ndash When will it be ready
ndash Which banks and gateway providers is this compatible with
bull Overseas EMV certification (eg Europe) next steps
ndash Local gateway and banking partners (SPECIFIC DATA FIELDS MUST BEACCOMODATED BY THE BANK)
ndash Local testing for MasterCard and Visa
ndash Letters of Approval for local solutions
ndash Relevant PCI compliance
copy COPYRIGHT ndash PARKING amp TRAFFIC CONSULTANTS
8122019 Emv Presentation
httpslidepdfcomreaderfullemv-presentation 78
1242011
7
Gateway Providers
bull There are a variety of gateway providers that have varying depths ofplatforms They are the link between the merchant and the acquirer
bull The banks do not have the capacity to develop a new in terface every time anew merchant comes along with a new device OR there are new bankingrequirements that affect interface architecture
bull The gateway provider becomes a partner to the bank in that they take onboard the banking mandates on their behalf
Key Roles
1 ndash An Aggregator and interface provider that develops the technology tofacilitate merchant transactions
2 ndash And when required ndash educate merchants
bull The gateway provider may decide to become involved in technology and
develop a plug and play terminal for the unattended (or attended) market
copy COPYRIGHT ndashPARKING amp TRAFFIC CONSULTANTS
The Acquirer (The Bank)
bull Likely to NOT be EMV ready for unattended transactions
bull Currently handling EMV for ATTENDED transactionshoweverbull Need to update system (in some instances) to handle the extra data
elements relating to unattended transactions
bull Please do not send out the relationship manager to ldquorelayrdquo questionsand answers Get one of the technical people to be included inclient meetings
copy COPYRIGHT ndash PARKING amp TRAFFIC CONSULTANTS
The Merchant (Part 2) ndash Dorsquos and Donts
bull Establish a working groupworking groupworking groupworking group that includes internal staff (operations financecontracts etc) plus representatives from the bank
bull DO NOT GET INTO THE BUSINESS OF STORING CREDIT CARD DATA ndashou tsourcethis to your providers
bull Ensure you have contracts in place to cover parking equipment maintenancebanking gateway processes These contracts must stipulatebull PCI certification is current and relevant to the applications being used and
covers the process end-to-endbull Relevant technology has EMV certification (Levels 1 amp 2)bull Card Scheme approval of the solutionbull Liability shifts are clearbull Upgrade costs are well definedbull No increases in merchant fees
bull Any current EMV architecture is relevant and will contribute to a futureupgrade
bull Back of office management systems and reporting will continue withminimal disruption to transaction history Credit Card History can be trackedon back office systems (with the permission of the card holder only)
bull YOU MUST WORK WITH YOUR BANK AS THE PRIMARY PARTNER IN THE PROCESSTHEY MUST UNDERSTAND THE ENTIRE SITUATION ON A TECHNICAL AND RISKMANAGEMENT LEVEL
copy COPYRIGHT ndashPARKING amp TRAFFIC CONSULTANTS
Budget Implications
bull Forecasting cost to upgrade in 2012 ndash 2013
bull Local Councils ndash procurement guidelines and ldquoexceptional circumstancesrdquo
bull Do your current contracts with your suppliers cover EM V retrofitting andmaintenance
copy COPYRIGHT ndash PARKING amp TRAFFIC CONSULTANTS
Conclusion
bull EMV solutions must be ldquoend to endrdquo for it work EM V ldquocompliantrdquo solutionsdo not necessarily stack up
bull Unattended ndash No CVM ndash No PIN ndash Online (Floor limit = 0)
bull The Acquirer is ultimately responsible for verifying the EMV and P CIcompliance for the merchants facilities Merchant cannot be expected toknow if a transaction is EMV or not and is securely transmitted
bull Acquirers must assist with project management of the EMV certificationprocess
bull Any claims made by suppliers must be put in writing with technicaldiagrams and specifications and verified by the bank
bull Your bank is expected to have a clear vision and roadmap for EMV andcontactless in the unattended space ndashincluding liability rules fines and
technical aspects of EMV for both MasterCard and Visa
bull A Working group is essential to ensure a united position on various issuesand that the journey is a lot smoother
bull The merchant (Council car park owners) must be given a chance to upgrade
their current facilities with sufficient time to allow for budgetingprocurement and implementation
copy COPYRIGHT ndashPARKING amp TRAFFIC CONSULTANTS
Contactless ndash how does it fit into the
picturebull AMEX ndash latest developments ndash commence rolling out chip cards
before XMAS
bull Mag stripe for HOW LONG Currently used as a fall back
bull Contact ndashTHEN ndash Contactless How and EMV solution easily bridgesthe gap to introduce contactless
bull Benefits of contactless Transit systems ndash reduce read errors andmaintenance Near Field communication Faster transactions
copy COPYRIGHT ndash PARKING amp TRAFFIC CONSULTANTS
8122019 Emv Presentation
httpslidepdfcomreaderfullemv-presentation 88
1242011
8
Next Steps
bull Other options in the meantime
ndash Pay by phone ndash Coin only For some meters with low revenue
bull Expected increases in ldquoCard not presentrdquo fraud due to EMV
bull Develop a consistent message on what
ndash Parking Association role PAA steering g roup
Regular updates on changes to PCI and EMV for unattended
ndash Councils to work together
copy COPYRIGHT ndashPARKING amp TRAFFIC CONSULTANTS
for more informationvisit us at parkingconsultantscomparkingconsultantscomparkingconsultantscomparkingconsultantscom
subscribe to
for the latest in parking industry
news
copy COPYRIGHT ndash PARKING amp TRAFFIC CONSULTANTS
8122019 Emv Presentation
httpslidepdfcomreaderfullemv-presentation 78
1242011
7
Gateway Providers
bull There are a variety of gateway providers that have varying depths ofplatforms They are the link between the merchant and the acquirer
bull The banks do not have the capacity to develop a new in terface every time anew merchant comes along with a new device OR there are new bankingrequirements that affect interface architecture
bull The gateway provider becomes a partner to the bank in that they take onboard the banking mandates on their behalf
Key Roles
1 ndash An Aggregator and interface provider that develops the technology tofacilitate merchant transactions
2 ndash And when required ndash educate merchants
bull The gateway provider may decide to become involved in technology and
develop a plug and play terminal for the unattended (or attended) market
copy COPYRIGHT ndashPARKING amp TRAFFIC CONSULTANTS
The Acquirer (The Bank)
bull Likely to NOT be EMV ready for unattended transactions
bull Currently handling EMV for ATTENDED transactionshoweverbull Need to update system (in some instances) to handle the extra data
elements relating to unattended transactions
bull Please do not send out the relationship manager to ldquorelayrdquo questionsand answers Get one of the technical people to be included inclient meetings
copy COPYRIGHT ndash PARKING amp TRAFFIC CONSULTANTS
The Merchant (Part 2) ndash Dorsquos and Donts
bull Establish a working groupworking groupworking groupworking group that includes internal staff (operations financecontracts etc) plus representatives from the bank
bull DO NOT GET INTO THE BUSINESS OF STORING CREDIT CARD DATA ndashou tsourcethis to your providers
bull Ensure you have contracts in place to cover parking equipment maintenancebanking gateway processes These contracts must stipulatebull PCI certification is current and relevant to the applications being used and
covers the process end-to-endbull Relevant technology has EMV certification (Levels 1 amp 2)bull Card Scheme approval of the solutionbull Liability shifts are clearbull Upgrade costs are well definedbull No increases in merchant fees
bull Any current EMV architecture is relevant and will contribute to a futureupgrade
bull Back of office management systems and reporting will continue withminimal disruption to transaction history Credit Card History can be trackedon back office systems (with the permission of the card holder only)
bull YOU MUST WORK WITH YOUR BANK AS THE PRIMARY PARTNER IN THE PROCESSTHEY MUST UNDERSTAND THE ENTIRE SITUATION ON A TECHNICAL AND RISKMANAGEMENT LEVEL
copy COPYRIGHT ndashPARKING amp TRAFFIC CONSULTANTS
Budget Implications
bull Forecasting cost to upgrade in 2012 ndash 2013
bull Local Councils ndash procurement guidelines and ldquoexceptional circumstancesrdquo
bull Do your current contracts with your suppliers cover EM V retrofitting andmaintenance
copy COPYRIGHT ndash PARKING amp TRAFFIC CONSULTANTS
Conclusion
bull EMV solutions must be ldquoend to endrdquo for it work EM V ldquocompliantrdquo solutionsdo not necessarily stack up
bull Unattended ndash No CVM ndash No PIN ndash Online (Floor limit = 0)
bull The Acquirer is ultimately responsible for verifying the EMV and P CIcompliance for the merchants facilities Merchant cannot be expected toknow if a transaction is EMV or not and is securely transmitted
bull Acquirers must assist with project management of the EMV certificationprocess
bull Any claims made by suppliers must be put in writing with technicaldiagrams and specifications and verified by the bank
bull Your bank is expected to have a clear vision and roadmap for EMV andcontactless in the unattended space ndashincluding liability rules fines and
technical aspects of EMV for both MasterCard and Visa
bull A Working group is essential to ensure a united position on various issuesand that the journey is a lot smoother
bull The merchant (Council car park owners) must be given a chance to upgrade
their current facilities with sufficient time to allow for budgetingprocurement and implementation
copy COPYRIGHT ndashPARKING amp TRAFFIC CONSULTANTS
Contactless ndash how does it fit into the
picturebull AMEX ndash latest developments ndash commence rolling out chip cards
before XMAS
bull Mag stripe for HOW LONG Currently used as a fall back
bull Contact ndashTHEN ndash Contactless How and EMV solution easily bridgesthe gap to introduce contactless
bull Benefits of contactless Transit systems ndash reduce read errors andmaintenance Near Field communication Faster transactions
copy COPYRIGHT ndash PARKING amp TRAFFIC CONSULTANTS
8122019 Emv Presentation
httpslidepdfcomreaderfullemv-presentation 88
1242011
8
Next Steps
bull Other options in the meantime
ndash Pay by phone ndash Coin only For some meters with low revenue
bull Expected increases in ldquoCard not presentrdquo fraud due to EMV
bull Develop a consistent message on what
ndash Parking Association role PAA steering g roup
Regular updates on changes to PCI and EMV for unattended
ndash Councils to work together
copy COPYRIGHT ndashPARKING amp TRAFFIC CONSULTANTS
for more informationvisit us at parkingconsultantscomparkingconsultantscomparkingconsultantscomparkingconsultantscom
subscribe to
for the latest in parking industry
news
copy COPYRIGHT ndash PARKING amp TRAFFIC CONSULTANTS
8122019 Emv Presentation
httpslidepdfcomreaderfullemv-presentation 88
1242011
8
Next Steps
bull Other options in the meantime
ndash Pay by phone ndash Coin only For some meters with low revenue
bull Expected increases in ldquoCard not presentrdquo fraud due to EMV
bull Develop a consistent message on what
ndash Parking Association role PAA steering g roup
Regular updates on changes to PCI and EMV for unattended
ndash Councils to work together
copy COPYRIGHT ndashPARKING amp TRAFFIC CONSULTANTS
for more informationvisit us at parkingconsultantscomparkingconsultantscomparkingconsultantscomparkingconsultantscom
subscribe to
for the latest in parking industry
news
copy COPYRIGHT ndash PARKING amp TRAFFIC CONSULTANTS