implementing emv cards: securing your...
TRANSCRIPT
![Page 1: IMPLEMENTING EMV CARDS: SECURING YOUR ACCOUNTSacfe-p.org/uploads/3/5/3/3/35333257/1-2_implementing_emv... · 2017-10-25 · BACKGROUND •Circular No. 808 dated 22 August 2013 requires](https://reader030.vdocument.in/reader030/viewer/2022040403/5e8cce5f8bde6e3a3621da82/html5/thumbnails/1.jpg)
IMPLEMENTING EMV CARDS:SECURING YOUR ACCOUNTS
Core Information Technology Specialist GroupBangko Sentral ng Pilipinas
13 September 2017
![Page 2: IMPLEMENTING EMV CARDS: SECURING YOUR ACCOUNTSacfe-p.org/uploads/3/5/3/3/35333257/1-2_implementing_emv... · 2017-10-25 · BACKGROUND •Circular No. 808 dated 22 August 2013 requires](https://reader030.vdocument.in/reader030/viewer/2022040403/5e8cce5f8bde6e3a3621da82/html5/thumbnails/2.jpg)
BACKGROUND
• Circular No. 808 dated 22 August 2013 requires all concerned BSFIs to migrate the entire payment network to EMV technology
• Circular No. 859 dated 24 November 2014 describes the detailed EMV implementation guidelines
• Memorandum No. M-2016-011 dated 31 August 2016 articulates the Chip and PIN roadmap
![Page 3: IMPLEMENTING EMV CARDS: SECURING YOUR ACCOUNTSacfe-p.org/uploads/3/5/3/3/35333257/1-2_implementing_emv... · 2017-10-25 · BACKGROUND •Circular No. 808 dated 22 August 2013 requires](https://reader030.vdocument.in/reader030/viewer/2022040403/5e8cce5f8bde6e3a3621da82/html5/thumbnails/3.jpg)
BACKGROUND
• Memorandum No. M-2016-013 dated 27 September 2016 requires BSFIs to submit quarterly status report on EMV migration activities
• Memorandum No. M-2016-022 dated 20 December 2016 reminds BSFIs to continue to support magstripe transactions pending EMV compliance
• Circular No. 936 dated 28 December 2016 provides guidelines on the EMV card fraud liability shift framework
![Page 4: IMPLEMENTING EMV CARDS: SECURING YOUR ACCOUNTSacfe-p.org/uploads/3/5/3/3/35333257/1-2_implementing_emv... · 2017-10-25 · BACKGROUND •Circular No. 808 dated 22 August 2013 requires](https://reader030.vdocument.in/reader030/viewer/2022040403/5e8cce5f8bde6e3a3621da82/html5/thumbnails/4.jpg)
LIABILITY SHIFT FRAMEWORK
POS /ATM Card Liability
Issuer
Issuer
Issuer
Acquirer
![Page 5: IMPLEMENTING EMV CARDS: SECURING YOUR ACCOUNTSacfe-p.org/uploads/3/5/3/3/35333257/1-2_implementing_emv... · 2017-10-25 · BACKGROUND •Circular No. 808 dated 22 August 2013 requires](https://reader030.vdocument.in/reader030/viewer/2022040403/5e8cce5f8bde6e3a3621da82/html5/thumbnails/5.jpg)
Book provisions to cover for probable skimming losses
Impose a hard deadline of 30 June 2018 to fully migrate to EMV
Intensify EMV-related public awareness programs
Impose a 10-day resolution timeline for valid claims arising from counterfeit fraud
SUPPLEMENTAL GUIDELINES ON EMVMIGRATION REQUIREMENT
![Page 6: IMPLEMENTING EMV CARDS: SECURING YOUR ACCOUNTSacfe-p.org/uploads/3/5/3/3/35333257/1-2_implementing_emv... · 2017-10-25 · BACKGROUND •Circular No. 808 dated 22 August 2013 requires](https://reader030.vdocument.in/reader030/viewer/2022040403/5e8cce5f8bde6e3a3621da82/html5/thumbnails/6.jpg)
EMV MIGRATION STATUS
Activities Status as of 07/31/2017
Upgrade/Enhancement of Back-end Systems
Substantially completed
Upgrade/Replacement of ATMs Substantially completed
Upgrade/Replacement of POSTerminals
Substantially completed
Replacement of Credit Cards Substantially completed
Replacement of Debit Cards Partially completed
Replacement of Prepaid Cards Partially completed
![Page 7: IMPLEMENTING EMV CARDS: SECURING YOUR ACCOUNTSacfe-p.org/uploads/3/5/3/3/35333257/1-2_implementing_emv... · 2017-10-25 · BACKGROUND •Circular No. 808 dated 22 August 2013 requires](https://reader030.vdocument.in/reader030/viewer/2022040403/5e8cce5f8bde6e3a3621da82/html5/thumbnails/7.jpg)
EMV IS NOT A SILVER BULLET
• Adopt multi-factor authentication techniques
• Be mindful of the risks associated with fraudulent e-mails and websites
• Implement strong security controls for systems/servers that support e-banking products and services
• Strong authentication methods for privilege users
• Ensure that outsourced providers are implementing robust security controls
• Promote a security conscious environment
![Page 8: IMPLEMENTING EMV CARDS: SECURING YOUR ACCOUNTSacfe-p.org/uploads/3/5/3/3/35333257/1-2_implementing_emv... · 2017-10-25 · BACKGROUND •Circular No. 808 dated 22 August 2013 requires](https://reader030.vdocument.in/reader030/viewer/2022040403/5e8cce5f8bde6e3a3621da82/html5/thumbnails/8.jpg)
Key improvements:
➢ Alignment with NIST, FFIEC andCPMI standards/frameworks
➢ Definition of cybersecurity riskmanagement controls andsupervisory expectations
➢ Requirement for behavior-based threat detection, threatintelligence and collaboration
Enhanced Information Security Guidelines
BSP CYBERSECURITY REGULATION
![Page 9: IMPLEMENTING EMV CARDS: SECURING YOUR ACCOUNTSacfe-p.org/uploads/3/5/3/3/35333257/1-2_implementing_emv... · 2017-10-25 · BACKGROUND •Circular No. 808 dated 22 August 2013 requires](https://reader030.vdocument.in/reader030/viewer/2022040403/5e8cce5f8bde6e3a3621da82/html5/thumbnails/9.jpg)
Expansion of e-Services (Products
and Usage)
Emergence of New and
Evolving Risks
Increasing Sophisticati
on of Threats
Technological Advances
and Innovation
Continuously enhance BSP regulatory
framework vis-à-vis emerging cyberthreats
Undertake industry-wide initiatives to promote financial system resilience
Adopt proactive supervisory monitoring
and oversight
BSP’s CYBERSECURITY ROADMAP
#secure #vigilant #resilient
![Page 10: IMPLEMENTING EMV CARDS: SECURING YOUR ACCOUNTSacfe-p.org/uploads/3/5/3/3/35333257/1-2_implementing_emv... · 2017-10-25 · BACKGROUND •Circular No. 808 dated 22 August 2013 requires](https://reader030.vdocument.in/reader030/viewer/2022040403/5e8cce5f8bde6e3a3621da82/html5/thumbnails/10.jpg)
THANK YOU.
"No part of this presentation may be reproduced, stored in
a retrieval system, or transmitted in any form or by any
means–electronic, mechanical, photocopying, recording or
otherwise–without prior permission of the Supervision and
Examination Sector (SES), Bangko Sentral ng Pilipinas."
Disclaimer: “The views expressed in this presentation
may contain personal opinions and may not necessarily
reflect the views of the Bangko Sentral ng Pilipinas
(BSP) Management.”