2015-02-07

EMV Mandate and NFC

"tap and pay technology"

"smart phone enabled transactions"

Webinar:
http://pro.stansberryresearch.com/15...EMR204/?h=true

http://en.wikipedia.org/wiki/Near_field_communication

http://www.nearfieldcommunication.org/

http://www.whitehouse.gov/the-press-...l-transactions

http://www.finextra.com/blogs/fullbl...x?blogid=10382

http://www.nfcworld.com/2015/02/03/3...ital-payments/



http://www.smartpaymentassociation.com/#&panel1-5

Quote:

NFC is catching on like wildfire

http://techcrunch.com/2014/12/30/the...ll-be-in-2015/

Quote:

The Payments Tipping Point Will Be In 2015

Editor’s Note: Hill Ferguson is the chief product officer of PayPal.

Payments are finally cool. And the more than 1,500 payments startups on Angel List that believe they have cracked the code to solve a piece of the payments puzzle attest to this.

Given all the noise in the tech community this year with the introduction of technologies like One Touch payments and Apple Pay, you would think that digital payments have taken over the world.

But it hasn’t quite happened. Today, 85 percent of transactions are still done via cash.

2014 started changing the game for payments, and I believe we’re at an inflection point to push more payments than ever into the digital realm for 2015 thanks to innovations in authentication, shopping on social networks, and near field communication-based payment technology.
Password-less Authentication Will Drive More Mobile Transactions

The truth is only about 1 percent of commerce happens on mobile today, which is hard to believe considering there are now more mobile devices than people in the world. But I think that’s all about to change, and authentication is going to be an even bigger driver in mobile shopping and conversion in 2015.
Remembering passwords isn’t easy, and reusing passwords across multiple sites isn’t secure.
As shoppers, we want security, but we don’t want to give up any convenience. The technology is there to power payment experiences that don’t require entering a password or sharing credit card details. We already have invisible payment experiences that are actually more secure and allow people to pay for an Uber ride, rent a room on AirBnB or Venmo a friend after grabbing a meal out. But more companies need to get on board.

With the increasing number of security breaches this year, businesses have every reason to re-evaluate the way they protect their customers. Nobody likes typing in a credit card, and it’s simply not very secure to share that data with sellers. But, that’s only part of the equation. Authentication is a major factor.

Remembering passwords isn’t easy, and reusing passwords across multiple sites isn’t secure.

Today, Apple and Samsung’s latest smartphones and tablets have fingerprint authentication to make secure, one touch mobile payments a reality. In 2015, every company is positioned to make authentication – and shopping – much easier and more secure.

We recently saw Alibaba partner with smartphone manufacturer Huawei to let Alipay users pay with their fingerprint. This fall, Apple opened up Touch ID to third-party apps. And, this month the FIDO (Fast Identification Online) Alliance released version 1.0 of its open authentication standard, so we can expect fewer passwords and more secure login systems in 2015.
Frost & Sullivan predicts the number of global biometrics smartphone users is expected to reach 471 million in 2017. So, when you add up all the pieces of the equation, it’s pretty clear by next holiday season you won’t be using a password or typing in a credit card on your mobile device to buy that 65-inch TV.
Every Social Media Platform Will Start To Be Shoppable

Shopping in stores has always been a social activity. Not many of us actually go shopping alone. If we do, we find ourselves texting our friend a picture of the collectible Star Trek figure we need to add to our collection (or maybe that’s just me). But shopping online hasn’t been a social activity. Until now.

In the mid-2000’s, Facebook and Twitter came along and we started having open conversations about our likes and dislikes, and we started sharing more and more data about ourselves and our preferences. Today, Facebook alone is up to 1.3 billion users worldwide. That’s a lot of people and data to not have shopping happen here. Facebook and Twitter seem to agree. That’s why we saw both social media platforms try out “buy” buttons (a way to buy something directly from their sites) this year.

Then we have apps like Pinterest that help us share and discover products we’re interested in, creating a strong social context around these products. Instagram has also moved beyond peer-to-peer photo-sharing and now has the brands we love sharing photos of the things we love. What’s happened is social networks and apps are creating new opportunities for retailers to connect their customers with products and services in the moment they want to buy them.
NFC Will Gain Steam

We’ve seen encouraging signs this year for the future of near field communications (NFC) in the U.S. (a technology that’s long been used around the world). You might be asking yourself why will it still be two years before everyone uses it?

Today, only two percent of U.S. retailers have point-of-sale systems that are NFC-enabled, and there’s around nine million retailers in the country. It’s expensive for retailers to upgrade their hardware and the consumer demand hasn’t been there. Many consumers have yet to try out NFC payment solutions like Apple Pay, Softcard and Google Wallet on their phones. And, after three years, only 20 percent of Android phones are using Gingerbread, which was the first HCE NFC capable Android OS.
Today, only two percent of U.S. retailers have point-of-sale systems that are NFC-enabled, and there’s around nine million retailers in the country.

In 2015, the infrastructure needed for NFC to succeed will start to scale more quickly. In the U.S., there is an accelerated pace for retailers to move to Europay Mastercard and Visa (called EMV), which is a chip and PIN technology vs. magenetic stripe on a card), since card networks dictated that by October 2015 they would pass risk of fraudulent charges to retailers who haven’t adopted the new standard. So, many retailers are going to be taking a closer look at their existing POS experience to figure out where there’s room for improvement. We’ll also start to see more innovation in how companies address what’s in it for the consumer to use NFC. People need something extra that is going to push them to start using their mobile phone to pay in store – whether it’s loyalty or offers integration – but they need to feel this is an experience they cannot live without, just like television did for us almost a century ago.

It’s going to take a combination of retailers and smartphone users to make the move towards NFC. And it’s going to take time, but it’s happening.
2015 – When More Payments Become Digital

2014 was the turning point — the year that more payments finally became more digital. A lot of mobile transactions have already ditched the password, and the technology exists to make a simpler more secure mobile payment – we know because many of us are already using this. Most of us are on social media and as we share more information about ourselves the growing expectation is that the products we want will be available to buy in seconds.

And as retailers and consumers start integrating these new mobile and online buying experiences into their daily lives, more people will start using NFC to make digital payments increasingly available in the offline world.

Featured Image: fsecart/Flickr UNDER A CC BY 2.0 LICENSE

2,026

EMV MANDATE:

http://en.wikipedia.org/wiki/EMV

Quote:

EMV Migration – Driven by Payment Brand Milestones

Permalink

Share on Twitter

Share on LinkedIn

By Cathy Medich, Smart Card Alliance

The move toward EMV in the United States is accelerating, with a number of significant announcements that provide milestones for migration. Visa took the lead with its announcement on August 9, 2011, with MasterCard, Discover and American Express following suit with announcements on January 30, 2012, March 15, 2012, and June 29, 2012, respectively. The payment brand milestones include retailer incentives, processing infrastructure acceptance requirements and fraud liability shift. Payment brands have aligned their milestones to streamline payments industry migration to EMV.

The milestones that have been announced by the payment brands include a number of key dates, starting in October 2012.
Visa Milestones

August 9, 2011. Visa announced plans to accelerate chip migration and adoption of mobile payments in the United States, through retailer incentives, processing infrastructure acceptance requirements and counterfeit card liability shift.

October 1, 2012 – PCI Audit Relief: If more than 75% of merchant Visa transactions originate from EMV-compliant POS terminals that support both contact and contactless transactions, the merchant may apply for relief from the audit requirement for PCI compliance (but is still mandated to be PCI compliant).

April 1, 2013 – Acquirer Compliance. Acquirers and sub-processors must be enabled to handle full EMV chip data in transactions.

October 1, 2015 – Counterfeit Card Liability Shift. The party that has made investment in EMV deployment is protected from financial liability for card-present counterfeit fraud losses on this date. If neither or both parties are EMV compliant, the fraud liability remains the same as it is today. This date excludes automated fuel dispensers.

October 1, 2017 – Counterfeit Card Liability Shift, Automated Fuel Dispensers. This extends the card-present counterfeit card liability shift to transactions from automated fuel dispensers.

MasterCard Milestones

January 30, 2012. MasterCard announced their U.S. roadmap to enable the next generation of electronic payments, with EMV the foundational technology.

October, 2012 – PCI Audit Relief: If more than 75% of merchant MasterCard transactions originate from EMV-compliant POS terminals that support both contact and contactless transactions, the merchant is relieved of audit requirement for PCI compliance (but is still mandated to be PCI compliant).

April, 2013 – Acquirer Compliance. Acquirers and sub-processors must be enabled to handle full EMV chip data in transactions.

April, 2013 – Cross-Border ATM Liability Shift. At this milestone, MasterCard will extend its existing EMV liability shift program for inter-regional/cross-border Maestro ATM transactions taking place in the United States.

October, 2013 – Account Data Compromise (ADC) Relief: MasterCard has announced ADC relief for merchants. On this date, if at least 75% of MasterCard transactions originate from EMV-compliant contact and contactless POS terminals, the merchant is relieved of 50% of account data compromise penalties.

October, 2015 – Fraud Liability Shift. MasterCard liability hierarchy takes effect. The party that has made investment in the most secure EMV options is protected from financial liability for card-present fraud losses for both counterfeit and lost, stolen and non-receipt fraud on this date.

October, 2015 – Account Data Compromise Relief: On this date, if at least 95% of MasterCard transactions originate from EMV-compliant POS terminals, the merchant is relieved of 100% of account data compromise penalties.

October, 2017 – Fraud Liability Shift, Automated Fuel Dispensers. MasterCard liability hierarchy takes effect for automated fuel dispensers.

Discover Milestones

March 15, 2012. Discover announced implementation of a 2013 mandate for acquirers and direct-connect merchants in the U.S., Canada and Mexico, to support EMV. Discover’s approach will support all card authentication channels (online and offline), all cardholder verification methods (including both chip and PIN or chip and signature transactions), and all commerce channels (contact and contactless, including mobile).

American Express

June 29, 2012. American Express announced its U.S. EMV roadmap to advance contact, contactless and mobile payments and its plans to begin issuing EMV-compliant cards in the U.S. in the latter half of 2012.

April, 2013 – Acquirer/Processor Compliance. Processors must be able to support American Express EMV chip-based contact, contactless and mobile transactions.

October, 2013 – PCI DSS Reporting Relief. Merchants will be eligible to receive relief from PCI Data Security Standard (DSS) reporting requirements if the merchants’ POS acceptance locations, where 75% of their transactions occur, are enabled to process American Express EMV chip-based contact and contactless transactions.

October, 2015 – Fraud Liability Shift. American Express will institute a fraud liability shift policy that will transfer liability for certain types of fraudulent transactions away from the party that has the most secure form of EMV technology.

October, 2017 – Fraud Liability Shift, Automated Fuel Dispensers. American Express fraud liability shift takes effect for transactions generated from automated fuel dispensers.

The Smart Card Alliance Payments Council is active in providing resources to help the industry with EMV migration. The Council is currently working on an update to the February 2011 EMV roadmap white paper to clarify payment brand milestones and provide guidance to issuers, acquirers/processors and merchants about the changes needed to move to EMV.

http://www.emv-connection.com/emv-mi...nd-milestones/

Merchants must upgrade to EMV by October 2015 or be liable for fraud and chargebacks.

http://www.firstdata.com/downloads/t...hip/EMV_US.pdf

Quote:

A First Data White Paper
EMV in the U.S.: Putting
It into Perspective for
Merchants and
Financial Institutions

Quote:

WSJ

October 2015: The End of the Swipe-and-Sign Credit Card

(We have corrected this article to reflect the fact that customers will still be able to sign for credit card payments after October 2015.)

It’s a payment ritual as familiar as handing over a $20 bill, and it’s soon to go extinct: prepare to say farewell to the swipe-and-sign of a credit card transaction.

Beginning later next year, you will stop swiping the credit card. Instead, you will insert your card into a slot, just like people do in much of the rest of the world, where the machine will read a microchip, not a magnetic stripe. You’ll still be signing for the time being, but the new system also enables the use of PIN numbers, if card issuers decide to add them to their cards.

The U.S. is the last major market to still use the old-fashioned swipe-and-sign system, and it’s a big reason why almost half the world’s credit card fraud happens in America, despite the country being home to about a quarter of all credit card transactions.

The recent large-scale theft of credit card data from retailers including Target and Neiman Marcus brought the issue more mainstream attention, leading to a Senate Judiciary Committee hearing this week. Executives told the senators that once the country transitions to the new system — which includes credit cards embedded with a microchip containing security data — these kind of hacking attacks will be much more difficult to pull off.

The shift is coming though: both MasterCard MA -1.93% and Visa V -1.61% have roadmaps for the changeover, and both have set October, 2015 as an important deadline in the switch. But why has it taken this long, and how will the changeover work for card users and businesses?

We spoke with MasterCard’s Carolyn Balfany, the company’s expert on all things related to the new payment system, known as EMV, that will lead to the end of the swipe-and-sign and the beginning of the chip-and-PIN. Here’s what she had to say.

Much of the rest of the world switched to chip and PIN cards years ago. Why has it taken the U.S. so much longer?

There’s a historical view to this. In the past, other markets migrated for two reasons. First, there were higher fraud rates in some other markets, and they wanted to make this move to combat fraud. Second, this system can operate in offline mode – the card and the terminal can authorize a transaction independent of communication with the bank’s systems. In some other markets they struggled with robust telephony networks, so this offline capacity was attractive.

Both those factors were not driving factors here in America. Fraud was more prominent in some other markets, but what has happened since then is that as other markets migrated to EMV and became more secure, fraudsters migrated their activity to markets with less security. We saw fraudsters move over to the US market – they are looking for the path of least resistance.

There were also some more specific challenges to US migration to the new system. Because the US is one of the largest and most complex markets, the business cases for the costs had to be established. And there were requirements of the Durbin amendment, mandating all us debit transactions are able to go across at least two networks, which took some time for the industry to sort out.

It seems now like there is agreement on the switch. So when will the changeover happen?

For Mastercard, now is the time, and we’ve been very consistent on that message for years. We introduced our roadmap for migration in 2012, and that roadmap says that for face-to-face transactions, where a consumer uses their card at a merchant’s location, the liability shift will happen in October, 2015.

The “liability shift” is a big moment in the changeover. Can you explain what it means?

Part of the October 2015 deadline in our roadmap is what’s known as the ‘liability shift.’ Whenever card fraud happens, we need to determine who is liable for the costs. When the liability shift happens, what will change is that if there is an incidence of card fraud, whichever party has the lesser technology will bear the liability.

So if a merchant is still using the old system, they can still run a transaction with a swipe and a signature. But they will be liable for any fraudulent transactions if the customer has a chip card. And the same goes the other way – if the merchant has a new terminal, but the bank hasn’t issued a chip and PIN card to the customer, the bank would be liable.

The key point of a liability shift is not actually to shift liability around the market. It’s to create co-ordination in the market, so you have issuers and merchants investing in the migration at the same time. This way, we’re not shifting fraud around within the system; we’re driving fraud out of the system.

How will the change over to the new system actually happen?

One important thing to know is that it’s not as if everybody just got to the starting line just now, there has been a lot of work on this that has already happened. For merchants, the terminals in many cases are readily available or already there, they already have the equipment ready to handle the new cards. Banks who issue cards in many cases already can issue cards with the chip, and they have been issuing them to customers who travel overseas.

U.S. consumers are already pretty aware of the chip and PIN system, because most of the rest of the world has already migrated. And we would expect in the wake of these latest breaches and the media coverage that awareness is now even higher. And as banks issue consumers their new cards, they will get information explaining the system and all the benefits, and obviously how to use it.

Aside from the security of the system, are there any other benefits for consumers?

One thing to remember is this migration really isn’t about a single device or technology, it’s about establishing a technological platform for the next generation of payments. So the EMV standard that we are moving toward isn’t limited to chip and PIN cards, it also includes things like contactless payments, where you can tap the card against the reader, all with the same level of security.

Card issuers will probably always issue a card, but in this system an account can be resident in multiple places – so you can have the card, but also maybe a tag affixed to your phone for mobile payments, or a fob on your key ring.

There are lots of different use cases and it depends on the venue, and the devices and what interaction method makes the most sense. In a transit location, contactless interfaces make a lot of sense. We’ll continue to see interactions broaden and evolve as this migration happens.

Corrections & Amplifications: The new EMV credit card system the U.S. is set to migrate to by October, 2015 will use microchip-enabled credit cards, but still allows customers to sign for their payments. Banks can choose to issue cards that require a PIN number instead of a signature, but the switch to PINs will not be required in October 2015 as reported in an earlier version of this article.

http://blogs.wsj.com/corporate-intel...n-credit-card/

Show more