tokenization changing the payment...
TRANSCRIPT
Tokenization – Changing the Payment Landscape Trends on Mobile Wallets and E-Commerce Tokens
May 24, 2017
Jenny Lewis, Sr. Director – Product Development
Tokenization Services
Connie Davis, SVP – Enterprise Digital Strategy
Educating on the Fundamentals of Tokenization
• Issuers Opting to Tokenize their BINs across Debit, Credit & Prepaid starting in 2014
• Actual PANs are replaced with tokens during Mobile Wallet Provisioning
• If a merchant system is breached, the data captured is less valuable to fraudsters
MerchantMerchant
AcquirerNetwork
(Visa/MC)Issuer
Token Vaults
(PAN/token)
Sensitive Data (PAN)Useless Data (tokens)
Token Life Cycle Maintenance
- PAN Change & Exp Date Updates 2
PUBLIC Domain SECURED Domain
DIGITIZED security over the PLASTIC Era
3
US Mobile Wallet Market
to exceed $4T by 2021
- Infiniti Research, February 2017 "
*Future initiatives are subject to change
Supporting All Types of 3rd Party Mobile Wallets
FIS Enables Issuer Participation in 3rd Party Mobile Wallets
Secure Element & Host Card Emulation Credit Debit Prepaid
Mobile Wallet Users Are Customers No Issuer Can Afford to Lose
5
Javelin Advisory Services Retail Banking: What’s In Your Mobile Wallet? Lessons from FI-branded wallet pioneers”
March 2016
6
Mobile Wallet Users Respond…. What features drove them to the PAYs?
7
Mobile Wallet “Skeptics”
Time for Issuers to Take Action!
FIS™ Tokenization Services
Key features included with our Service
Token Provisioning Activity Reports
FIS Call Center Services
New! Step Up Authentication via One Time
Passcode
New! Automated Consumer Notification
Coming in 2017
Learning about Token Provisioning Paths
• Security Paths
– Green Path
Authentication of
account holder success
provision approved
– Yellow Path
Advice message to
contact Call Center
– Orange Path
Advice message to
contact Call Center
– Red Path
Provision request declined
Authentication data
cannot be verified
Additional
authentication required
– send to Call Center
Authentication Data
Confirmed
Fraud suspected by Wallet
Requestor, additional
authentication required
Provisioning Authentication with ID&V when tokens are requested
10
How does it work?
Yellow Path invokes the One Time Passcode service
FIS pulls Mobile Phone / Email Data from Card Management System and
Pushes to Visa / MasterCard. Visa / MasterCard Push to the requesting
Mobile Wallet
Consumer selects the desired delivery option (text or email)
Visa / MasterCard generate the OTP value and push to FIS for delivery to the
end consumer
Consumer enters OTP and Visa / MasterCard Validate / update the token vault
Building Step Up Authentication with One Time
Passcode
Now Generally Available!
FIS’s One Time Passcode – “How” it happens
11
12
Resolve Yellow Path Provisioning
Assist with One Time Passcode
Validating the identity of the cardholder is very similar to what is done for card activation but involves both FIS and in some cases the 3rd party Mobile Wallet (ie. Apple, Google)
Mobile Wallet Provisioning Requests - Consumers trying to add their cards to mobile wallets (Apple Pay, Samsung Pay, Android Pay, etc.)
One Time Passcode Entry Challenges – exceeded attempts, expired OTP values, invalid entries, etc.
FIS Tokenization Call Center Services
Activate Token
Declined Payments with a Token
Suspend Token
De-Activate Token
Lost Phones
FIS Tokenization Call Center performs support
• When Mobile payment transaction is declined
• When an account is reported being compromised
• When mobile phone is lost & reported by
consumer
• Respond to issues & questions related to
tokenization & mobile wallets
Expanded
13
FIS Tokenization Services – Rapid Adoption
14
FUTURE of
emerging
payments…
Is “NOW”
“No turning back”
Moving PANs out
of Public Doman &
replacing with
Tokens for Secure
and Safe
Payments
“Anywhere”
“Anytime”
FIS Data Predicts Rapid Provisioning Increase
15
Juniper reports, Contactless
Payments: NFC Handsets,
Wearables & Payment Cards 2017–
2021, the combined market share of
Apple, Samsung, and Google as a
portion of all mobile contactless
users increased from 20 percent in
2015 to 41 percent in 2016.
Juniper expects this number to
rise to 56 percent by 2021, as
the trio's combined user base
exceeds 500 million users
The Current Tokenization Landscape…
17
Total value of digital payments
reached $3.66 trillion in 2016
increased 20% over 2015Juniper Research
February 2017
18
Global EMV Migration drives fraud elsewhere
19
CNP FRAUD AND ATO FRAUD SURGE IN 2016
ON EMV, TRANSACTION GROWTH, BREACHES:
REPORT
2017 Identity Fraud: Securing the Connected LifeFebruary 1, 2017 Al Pascual, Kyle Marchini, Sarah Miller
20
E-Commerce Growth Trend
21
Tokens extend beyond the “PAYs…”
Merchant Requested Tokens
“Credential-on-File” Recurring Payments
E-Commerce Digital Wallets
22
The Increasing Need for eCommerce Tokenization
23
In 2016, 32% of all internet
transactions made through
“Pay with Amazon”
were done on a mobile device
By more than 33M people….
Payment volume doubled last year
NFC World – February 2017
24
It’s not just about Mobile Wallets, It’s protection against Card Not Present Fraud
• Card-not-present (CNP) fraud represents a highly profitable practice for cybercriminals
• Data breaches occur regularly now. Supplying stolen Card data for fraudulent CNP transactions.
• Increasing CNP Fraud is driving eCommerce merchants towards Card On File Tokenization.
• New Interchange Classifications such as ‘Cardholder Present’ or ‘Secure Credentials Verified’ incenting eCommerce merchants towards Card On File Tokenization to reduce costs.
• Issuers who do delay Tokenizing their BINs restrict merchants from being able to tokenize a Card On File PAN.
Tokenization is to Card-Not-Present Fraud what EMV was to Card-Present-Fraud
Delaying Tokenization? Issuers Take Note…
25
E-Commerce/Internet Merchant Accounts - CNP RiskOver 52% of card accounts are setup with online/internet accounts
26
E-Commerce/Internet Merchant Accounts - CNP RiskOver 52% of card accounts are setup with online/internet accounts
Account Number
PAN with Tokens
Apple, Samsung,
Android Pay Purchases
AT&T recurring
COF
Netflix recurring
COF
Paypal purchases
COF
City Utility recurring
COF
Automobile recurring
COF
Payment Account
Reference #
(PAR)
Introduction of Payment Account Reference (PAR) A “Non-Payment” pseudo number that uniquely ties all tokens applied to the
primary account number (PAN)
PAR #
Tokenization extends beyond the “PAYs” E-Commerce/“Card-on-File” For Merchant Token Requestors
28
Tokenization in “Card-on-File” Merchant Requests
Hundreds of Merchants embracing e-commerce tokens to replace PANs • Reducing their liability of breach
• Mitigating payment disruption
29
Began requesting Tokens for PANs for new consumers with
recurring payment from VISA effective October 1, 2016
Targeting a phased token replacement of PANs in 2017
VISA targeted June 2017 to begin phasing PayPal PAN’s with
tokens in an ACH Migration to Debit Card
Master Card is in early discussions with Paypal, targeting
Q1 2018 for providing this wallet/digital checkout
Emerging in 2017 is Tokenization in “Card-on-File” & E-Commerce Merchant Token Requestors
E-Commerce Tokenization aka digital checkouts. VISA Checkout
available today without tokenization. The issuer must be enrolled
in Tokenisation Services for PANs to be replaced with tokens
once VCO begins tokenization. Master Card has MDES for
Merchants with Tokenisation rolling out in 2017.
30
E-Commerce Merchant Token Requestors
Internet
Of
Things
IoT
31
E-Commerce Tokenization Merchant Requests
E-commerce tokenization reduces the effect of data breaches, CNP fraud, and
eliminates the problem of stored card information becoming outdated.
This benefits issuers by:
• Reducing Card Reissuance Costs: If an e-commerce token is compromised, the
issuer does not need to reissue the physical card and can push a new token to the e-
commerce account.
• Preserving ‘Top-of-Wallet’ Status: A cardholder can continue transacting with the
provisioned token even when the underlying card information changes. The cardholder
is not prompted to replace their card with an alternative payment method due to
expired credentials.
New Options Coming in 2017
Visa Checkout & MasterPass – eCommerce/COF
enrollment options
General Release of One Time Passcode
Automated Consumer Notifications
Coming in 2017
FIS™ Commerce Application – Issuer Branded
‘Pay’ & More
APIs for Virtual Card Issuance
33
Suspend Token
De-Activate Token
Lost Phones
FIS Tokenization Services will continue to expand…
Lost Phones – Consumers who have lost their may need Tokens affiliated with a specific wallet suspended or de-activated.
Deactivate Token – Tokens can be de-activated as needed in lieu of completely blocking the PAN.
This could alleviate the need to affect the physical card, and may reduce expense.
Fraud Alerts – in addition to card controls,
tokens affiliated with a PAN can be
suspended temporarily until the fraud alert is
resolved.
Looking Forward…Emerging Use Cases To Solve For
Virtual Card Issuance
APIs for Streamlining Back Office
Functions
Mobile Analytics
34
WHO is driving the payment choice emergence? The CONSUMER & MERCHANT
EMV & Tokenization Expanding across Payments…
Is a leader in emerging payment technology ….
Working with our external partners at VISA, Master Card, and EMVco/US Payments
Forum developing the foundation for the future emerging payment ecosystem.
A Changing Digital Climate
QUESTIONS
Jenny Lewis, Sr. Director of Product Management Tokenization Services
Connie Davis, Senior Vice President – Enterprise Digital Strategy
Thank You
©2017 FIS and/or its subsidiaries. All Rights Reserved. FIS confidential and proprietary information.