Presented by David Cole CVM Methods.  CVM Methods in the End-to-End Process  What is a CVM List?  Risk protection tool  Types of PIN processing 

Slides:

Advertisements

Similar presentations

CONFIDENTIAL 1 Preparing for & Maintaining PCI Compliance.

Advertisements

Smart Cards Our Inevitable Future Mark Shippy. What are smart cards? Credit card sized plastic card with an embedded chip. Credit card sized plastic card.

1 AQA ICT AS Level © Nelson Thornes Safety and security Chip and Pin.

Government Prepaid Card

WHAT IS EMV? A joint effort between Europay, MasterCard and Visa It is a security framework that defines the payment interaction at the physical, electrical,

Gareth Ellis Senior Solutions Consultant Session 5a Key and PIN Management.

ATM “What If” Session Assumption Validation EMF San Diego – May 20, 2014 Updated May 29,

1 U.S. EMV Migration Update and Best Practices Hap Huynh, Senior Director Risk Products April 2015.

The Digital PIN ROI Operational Savings + Security November 2009.

Understanding Networked Applications: A First Course Chapter 14 by David G. Messerschmitt.

© 2012 Presented by: Preparation For EMV Chip Technology Keith Swiat.

Debit Card Plastic card that looks like a credit card

/RestaurantDotOrg /NationalRestaurantAssociation.

Mar 11, 2003Mårten Trolin1 Previous lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities.

Emerging Technologies

PCI PIN Entry Device Security Requirements PCI PIN Security Standards

Security of Electronic Transactions (Theory and Practice) Jan Krhovják, Marek Kumpošt, Vašek Matyáš Faculty of Informatics Masaryk University, Brno.

By: Piyumi Peiris 11 EDO. Swipe cards are a common type of security device used by many people. They are usually a business-card-sized plastic card with.

May 28, 2002Mårten Trolin1 Protocols for e-commerce Traditional credit cards SET SPA/UCAF 3D-Secure Temporary card numbers Direct Payments.

EUROCON “Computer as a Tool”, Belgrade, 24 th November 2005 (1) Paul Killoran EUROCON 2005 Paul Killoran, Fearghal Morgan & Michael Schukat National.

R U Ready? V M E EUROPAY MASTERCARD VISA EMVco was formed in 1999.

EMV – The New Landscape 21 Days & 12 Hours

Confidential – For Discussion & General Information Purposes Only EMV to Card Not Present Fraud Gavin Levin, CTP eReceivables Consultant.

CREDIT CARD FRAUD. TYPES OF CREDIT CARD FRAUD Counterfeit credit card use. Card lost or stolen by the card holder. Fraud committed without the actual.

DO NOW:  Take packet:  Review the bank statement on page 3 of the packet.  In your notebook: What items does a bank statement include?

The next generation of payments is here. Is your business ready?

Security Protocols and E-commerce University of Palestine Eng. Wisam Zaqoot April 2010 ITSS 4201 Internet Insurance and Information Hiding.

Getnationwide.com Let’s Talk about EMV Danielle Rourke.

EFTPOS and credit card payments Rachel Garcia Line 4 Due:14 th November Business Admin Michael Barry.

1.Understand the shifts that are occurring with regard to online payments. 2.Discuss the players and processes involved in using credit cards online.

What you need to know about PCI-DSS Jane Drews Chief Information Security Officer Information Security & Policy Office

EMV: transforming the payment experience

Fall  Comply with PCI compliance policies set forth by industry  Create internal policies and procedures to protect cardholder data  Inform and.

CREDIT CARD PAYMENT SYSTEM System involves Several major participants Purchaser that is cardholder Card Issuer that issues credit card Merchant that makes.

Summary of Changes. General These are changes that have come up in many EMV migrations that I have assessed and been involved in. The changes are broken.

Confidential and Proprietary - NOT TO BE DISTRIBUTED WITHOUT THE EXPRESS WRITTEN PERMISSION OF BANK OF AMERICA MERCHANT SERVICES. ASTRA EMV Review/Best.

Online Decision Process

EMV Operation and Attacks Tyler Moore CS7403, University of Tulsa Reading: Anderson Security Engineering, Ch (136—138), (328—343) Papers.

Tereza Bayerová Dagmar Toscherová.  Is a small plastic card (size 85,6 x 54 mm) that can be used by a cardholder and accepted by a merchant to make a.

Mar 18, 2003Mårten Trolin1 Agenda Parts that need to be secured Card authentication Key management.

WHAT NEW, WHAT NEXT IN PAYMENT PROCESSING. EMV WHAT IS EMV? 3  An acronym created by Europay ®, MasterCard ® and Visa ®  The global standard for the.

Commercial Card Expense Reporting (CCER) The Trustees of Roanoke College An internet solution Accessed via Wells Fargo’s secure Commercial Electronic Office.

Presented by David Cole Changing the Card – Scripts.

Presented by David Cole

Risk Policy Considerations.  Floor Limits  Fallback considerations  Domestic v International  Credit control (VSDC+) overview  Fraud reporting 

DEBIT CARDS. What is a Debit Card? almost instantaneously  When a consumer makes a purchase with a debit card, the funds are electronically transferred.

Samsung Pay RAO Lu KONG Shuyi

Terminal Risk Management

Transaction Flow end-end

Cardholder Verification Method (CVM)

A catalyst for mobile contactless payments adoption?

EMV Acceptance Training

Make This Document Your Own

B9. Requirements Gathering Session

Problems – Technical Requirements

EMV® 3-D Secure - High Level Overview

Fun with Chip&PIN Denis A Nicole.

Chapter 10 Consumer Education.

Who Uses Encryption? Module 7 Section 3.

U. S. Payments Landscape Perspective

Chip & Pin and Apple Pay: Vulnerabilities of the Changing Payment Systems Jay Isaacson.

Electronic Commerce Payment Systems

New Jersey Gasoline C-Store Automotive Association

Presentation transcript:

Presented by David Cole CVM Methods

 CVM Methods in the End-to-End Process  What is a CVM List?  Risk protection tool  Types of PIN processing  CVM list considerations  Visa recommendations  Summary Agenda

Chip End-to-End process ATC checking Online CAM Script processing Cardholder Verification Method Terminal Risk Management Card Risk Management iCVV checking ISSUER HOST Online PIN AUTHORISATIONS Offline PIN Validation

What is a CVM List?  Card contains a list of methods of cardholder verification in priority order  Terminal checks to see if it can support the method accordingly  Card’s CVM list contains  Condition  Type  Code Cardholder Verification Method

What is a CVM List? CVM Condition CVM Type CVM Code When the CVM should be used Describes the CVM method What to do if the CVM fails Examples: Always If terminal supports If transaction is cash or cash-back If transaction is less than X or more than Y Type: Biometric Offline Enciphered PIN Offline Plaintext PIN Online PIN Signature No CVM Apply the next CVM in the list Fail the CVM now Card defines Cardholder Verification Method

Risk protection tool Cardholder Verification Method Traditional Fraud Method Traditional prevention Chip prevention (additional to traditional methods) Lost and stolen / cards not received Activation processes Secure transportation Domestic online PIN Offline Plaintext PIN Offline Enciphered PIN Online PIN

Types of PIN processing  Online PIN as per today’s processing  Offline Plaintext PIN (new with EMV)  Offline Enciphered PIN (new with EMV) Cardholder Verification Method

PIN MethodProcessCard characteristics Offline Plaintext PINPIN entered in PIN PAD Terminal passes PIN securely to the card Card validates Card does not require an RSA crypto-processing Offline Enciphered PINCard provides terminal with Card Key (RSA) PIN entered in PIN PAD Terminal encrypts PIN with Card Key and sends to the card Card decrypts PIN and validates Card requires an RSA crypto- processor Types of PIN processing Cardholder Verification Method

CVM lists (considerations) Cardholder Verification Method  Do you want to perform Offline PIN?  Do you want to perform Online PIN?  Infrastructure devices available  POS  ATM  Unattended devices (Kiosks, Petrol, Parking etc.)  Is your market 100% online (zero terminal floor limit)  Visa guidelines are available in card perso-templates

CVM lists (considerations) CVM MethodCVM Condition CVM Code Offline Plaintext PIN If terminal supportsYes / No Online PINIf terminal supportsYes / No SignatureIf terminal supportsYes / No No CVMIf terminal supportsYes Apply each device to the table Decide the order of CVM

CVM lists (considerations) CVM MethodCVM Condition CVM Code SignatureIf terminal supportsYes / No Online PIN If terminal supportsYes / No Offline Plaintext PIN If terminal supportsYes / No No CVMIf terminal supportsYes Apply each device to the table Decide the order of CVM

CVM lists (considerations) Steps to defining a CVM list Choose card CVM functionality (type) Agree when the CVM should be performed (condition) Decide on any Fallback processing based on transaction type (code) Refer to Visa recommendations for assistance

Visa recommendations Card TypeRecommended CVM List Online Visa Electron with offline Plaintext PIN Offline Plaintext PIN Online PIN Signature Offline capable Visa Electron with Plaintext PIN and Issuer Authentication Offline Plaintext PIN Online PIN Signature No CVM (optional) Offline capable Visa Electron with DDA, Enciphered Offline PIN and Issuer Authentication Offline Enciphered PIN Online PIN Signature No CVM

Visa recommendations Card TypeRecommended CVM List Visa Debit Credit with Offline Plaintext PIN and Issuer Authentication Offline Plaintext PIN Online PIN Signature No CVM Visa Debit Credit with DDA, Enciphered Offline PIN and Issuer Authentication Offline Enciphered PIN Online PIN Signature No CVM

Summary Cardholder Verification Method  CVM processing is an offline EMV method  Very important part of the cards functionality  Need to assess your market conditions  EMV enables PIN validation offline  Follow Visa guidelines but make the right decision for your Bank