pcitf iiw10
DESCRIPTION
TRANSCRIPT
![Page 1: Pcitf iiw10](https://reader035.vdocument.in/reader035/viewer/2022062615/54812ec6b4af9f903e8b4598/html5/thumbnails/1.jpg)
PCI TFPayment Card Industry
Trust FrameworkA Case Study of a Monetized Identity System
Sid Sidner (TooTallSid)Ping Identity
[email protected]@TooTallSid
![Page 2: Pcitf iiw10](https://reader035.vdocument.in/reader035/viewer/2022062615/54812ec6b4af9f903e8b4598/html5/thumbnails/2.jpg)
ConsumerMerchant
Cash
![Page 3: Pcitf iiw10](https://reader035.vdocument.in/reader035/viewer/2022062615/54812ec6b4af9f903e8b4598/html5/thumbnails/3.jpg)
ConsumerMerchant
Acquirer Issuer
Payment Networks
Payment Card: Payment Flow (Settlement)
![Page 4: Pcitf iiw10](https://reader035.vdocument.in/reader035/viewer/2022062615/54812ec6b4af9f903e8b4598/html5/thumbnails/4.jpg)
PCI – Payment Card Industry
• Brands (aka Associations)– Visa– MasterCard– American Express– Discover– JCB
• Issuer oriented• Operating rules• Risk management: On-us vs. Not on-us
![Page 5: Pcitf iiw10](https://reader035.vdocument.in/reader035/viewer/2022062615/54812ec6b4af9f903e8b4598/html5/thumbnails/5.jpg)
Visa EU Ecosystem - 2006
![Page 6: Pcitf iiw10](https://reader035.vdocument.in/reader035/viewer/2022062615/54812ec6b4af9f903e8b4598/html5/thumbnails/6.jpg)
ConsumerMerchant
Acquirer Issuer
Payment Networks
Payment Card: Identity Flow (Authorization)
5558 0101 0000 0001
5558 0101 0000 0001
5558 0101 0000 0001 5558 0101 0000 0001
![Page 7: Pcitf iiw10](https://reader035.vdocument.in/reader035/viewer/2022062615/54812ec6b4af9f903e8b4598/html5/thumbnails/7.jpg)
The Identity Transaction• Identifier
– PAN – Personal Account Number (PAN)• Scheme and BIN (Bank Id Number) embedded in PAN to allow
routing
• Claim– Authorize transaction for payment?
• Authorized or Declined
• A Bob Blakley Identity Oracle – no identity data leakage
• Consumer has privacy• Issuer can monetize being an IdP
![Page 8: Pcitf iiw10](https://reader035.vdocument.in/reader035/viewer/2022062615/54812ec6b4af9f903e8b4598/html5/thumbnails/8.jpg)
EMV Payment Cards• EMV – Europay, MasterCard, Visa• Chip
– Tamper Resistant Security Module– Contains secrets and crypto to use them
• Secures all aspects of a purchase– Authenticates Card– Authenticates User– Ensures Integrity of Transaction
• Chip & PIN– PIN (Personal Id Number) verified on card
• Online Chip– PIN verified at issuer
• Contact & Contactless
![Page 9: Pcitf iiw10](https://reader035.vdocument.in/reader035/viewer/2022062615/54812ec6b4af9f903e8b4598/html5/thumbnails/9.jpg)
OITF
![Page 10: Pcitf iiw10](https://reader035.vdocument.in/reader035/viewer/2022062615/54812ec6b4af9f903e8b4598/html5/thumbnails/10.jpg)
PCITFPCI Brand (e.g . Visa)
Operating RulesIssuers
Merchants
Consumers
PCI DSS AssessorsBrand certifiers
Acquirers
![Page 11: Pcitf iiw10](https://reader035.vdocument.in/reader035/viewer/2022062615/54812ec6b4af9f903e8b4598/html5/thumbnails/11.jpg)
Consumer/TaxpayerMerchant
Acquirer Issuer
Payment Networks
EMV Value Propositions
• Issuer fraud reduction
• Peace of mind
• Malware protection
• Identity theft protection
• User centered identity
• PCI compliance cost reduction
• Avoidance of end-to-end encryption cost
• Fraud reduction
• Reduced interchange fees
• Higher spend
• National security protection
• Identity provider fees
• Online enrollment
![Page 12: Pcitf iiw10](https://reader035.vdocument.in/reader035/viewer/2022062615/54812ec6b4af9f903e8b4598/html5/thumbnails/12.jpg)
12