Terminal Risk Management

Slides:



Advertisements
Similar presentations
Government Prepaid Card
Advertisements

Card Verification Support
WHAT IS EMV? A joint effort between Europay, MasterCard and Visa It is a security framework that defines the payment interaction at the physical, electrical,
Gareth Ellis Senior Solutions Consultant Session 5a Key and PIN Management.
SWE 214 (071) Use Case Diagrams Slide 1 Use Case Diagrams Examples.
Vice President, e-Business Development Dubai United Nations Conference on Trade & Development Conference on Electronic Commerce.
Payment Cycle Introduction
Harvesting High Value Foreign Currency Transactions from EMV Contactless Credit Cards without the PIN 21st ACM Conference on Computer and Communications.
Northwest Card Association Acquirer Update January 2012.
© 2012 Presented by: Preparation For EMV Chip Technology Keith Swiat.
©2008 TTW Where “Lean” principles are considered common sense and are implemented with a passion! Product Training Credit Cards.
Mar 11, 2003Mårten Trolin1 Previous lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities.
Credit Card Fraud, Jan Prochazka, Credit Card Fraud on the Web Jan Prochazka.
Credit Card And Prepaid Process Edward M. Kwang President.
Credit card and Debit card Working and Management.
Ecommerce Applications 2009/10 Session 31 E-Commerce Applications E-payment.
PCI PIN Entry Device Security Requirements PCI PIN Security Standards
Auditing Systems Development, Acquisition and Maintenance
May 28, 2002Mårten Trolin1 Protocols for e-commerce Traditional credit cards SET SPA/UCAF 3D-Secure Temporary card numbers Direct Payments.
R U Ready? V M E EUROPAY MASTERCARD VISA EMVco was formed in 1999.
© 2014 CustomerXPs Software Pvt Ltd | | Confidential 1 Tentacles of Fraud #StarfishBanks CustomerXPs Software Private Limited.
Confidential – For Discussion & General Information Purposes Only EMV to Card Not Present Fraud Gavin Levin, CTP eReceivables Consultant.
Introduction To Plastic Card Industry (PCI) Data Security Standards (DSS) April 28,2012 Cathy Pettis, SVP ICUL Service Corporation.
CREDIT CARD FRAUD. TYPES OF CREDIT CARD FRAUD Counterfeit credit card use. Card lost or stolen by the card holder. Fraud committed without the actual.
DO NOW:  Take packet:  Review the bank statement on page 3 of the packet.  In your notebook: What items does a bank statement include?
Use of Procurement Cards - Including Control and Auditing PASBO Conference March 9, 2006 Presented by: Daniel R. McConachie
Agenda EMV – What Is It? EMV In The UK EMV Is Coming To The US
1 Using EMV cards for Single Sign-On 26 th June st European PKI Workshop Andreas Pashalidis and Chris J. Mitchell.
Getnationwide.com Let’s Talk about EMV Danielle Rourke.
Controlling Fraud Risk Exposure and Loss Sherri Goodman Director of Fraud Operations September 22, 2005.
Zulhizam Bin Ebrahim Mohd Shamir Bin Abd Azia Muhammad Salehin Bin Suhaimi
What you need to know about PCI-DSS Jane Drews Chief Information Security Officer Information Security & Policy Office
Project management Topic 7 Controls. What is a control? Decision making activities – Planning – Monitor progress – Compare achievement with plan – Detect.
1 Requirements Engineering From System Goals to UML Models to Software Specifications Axel Van Lamsweerde.
Midsouth User Group Annual Conference
EMV: transforming the payment experience
Heartland Payment Systems Hospitality Solutions Group
CREDIT CARD PAYMENT SYSTEM System involves Several major participants Purchaser that is cardholder Card Issuer that issues credit card Merchant that makes.
Summary of Changes. General These are changes that have come up in many EMV migrations that I have assessed and been involved in. The changes are broken.
Enforcement via Policies and Procedures. Processes and Procedures These are boring, tedious, time consuming…… BUT THEY ARE ESSENTIAL They must be written.
Confidential and Proprietary - NOT TO BE DISTRIBUTED WITHOUT THE EXPRESS WRITTEN PERMISSION OF BANK OF AMERICA MERCHANT SERVICES. ASTRA EMV Review/Best.
Online Decision Process
EMV Operation and Attacks Tyler Moore CS7403, University of Tulsa Reading: Anderson Security Engineering, Ch (136—138), (328—343) Papers.
Tereza Bayerová Dagmar Toscherová.  Is a small plastic card (size 85,6 x 54 mm) that can be used by a cardholder and accepted by a merchant to make a.
Mar 18, 2003Mårten Trolin1 Agenda Parts that need to be secured Card authentication Key management.
WHAT NEW, WHAT NEXT IN PAYMENT PROCESSING. EMV WHAT IS EMV? 3  An acronym created by Europay ®, MasterCard ® and Visa ®  The global standard for the.
Presented by David Cole Background to Chip. PAYMENT SYSTEMS HISTORY A POTTED HISTORY DINERS LAUNCH 1950 AMEX LAUNCH 1958 BANK AMERICARD 1959 MASTERCHARGE.
Commercial Card Expense Reporting (CCER) The Trustees of Roanoke College An internet solution Accessed via Wells Fargo’s secure Commercial Electronic Office.
Presented by David Cole Changing the Card – Scripts.
Presented by David Cole
Presented by David Cole CVM Methods.  CVM Methods in the End-to-End Process  What is a CVM List?  Risk protection tool  Types of PIN processing 
Risk Policy Considerations.  Floor Limits  Fallback considerations  Domestic v International  Credit control (VSDC+) overview  Fraud reporting 
2016 FRAUD.
EMV.
Payment Card Industry (PCI) Rules and Standards
Payment Card Industry (PCI) Rules and Standards
Card fraud in Hungary (case study ) and MON™ fraud prevention system
Transaction Flow end-end
Make This Document Your Own
Regular Payments First and Subsequent Payments
SECURITY FEATURES OF ATM
Problems – Technical Requirements
EMV® 3-D Secure - High Level Overview
Session 11 Other Assurance Services
Fun with Chip&PIN Denis A Nicole.
U. S. Payments Landscape Perspective
Chip & Pin and Apple Pay: Vulnerabilities of the Changing Payment Systems Jay Isaacson.
Product Training Credit Cards
DieboldNixdorf.com Tokenization Roman Cinkais |
Presentation transcript:

Terminal Risk Management

Agenda Terminal Risk Management in the End-to-End Process Types of Terminal Risk Management Visa recommendations Summary

Chip End-to-End process AUTHORISATIONS Offline PIN Validation Card holder verification method Terminal Risk Management iCVV checking ATC checking Card Risk Management ISSUER HOST Online CAM Online PIN Script processing

Types of terminal risk management Processing restrictions Terminal risk management Terminal action analysis Terminal Risk Management

Processing restrictions Domestic transactions International transaction Domestic goods International goods Domestic services International services At ATMs At terminals other than ATMs Domestic cashback allowed International cashback allowed Application Usage Control Can this transaction proceed? Version number check VIS 1.3.2 ‘v’ VIS 1.4 Card Date Check Effective Date Expiry Date Check the Location and Device Terminal Country Code Card Country Code Terminal Risk Management

Terminal risk management Traditional Terminal Risk Management Terminal Exception File Check Merchant Force Online Random Selection Floor Limit Check IMPORTANT NOTE: If the terminal floor limit is exceeded the transaction WILL attempt to go online, irrelevant of the cards requirements Terminal Risk Management

Terminal action analysis Terminal reviews the transaction so far Record events so far Have any exceptions been triggered such as Floor Limit, Expired Card, Usage? Can I support online, decline and default transactions? Record ‘position statement’ in the Terminal Verification Result (TVR) Apply actions provided to me by the Acquirer Apply Terminal Action Codes Request a response from the card (Online, Decline, Approve) Terminal Risk Management

Terminal action analysis Terminal Action Codes (TAC’s) Provides the Acquirer with certain transaction protection when exceptions are detected A set of conditions where the terminal will want to: Decline the transaction NOW Approve the transaction Request an online authorisation decision from the Issuer If unable to go online decide to decline because of a certain condition Terminal Risk Management

Visa recommendations (TAC’s) Decline NOW if Go Online if: If unable to go online decline Service not allowed Offline authentication not performed or failed PAN on exception file Card expired Online PIN entered Exceeds floor limit Offline limits exceeded Randomly selected for online Merchant forced online NOTE: If none of the conditions are met the terminal will request that the transaction approves offline Terminal Risk Management

Summary EMV Terminal Risk Management is an extension of magnetic stripe processing Consider domestic processing (BIN Table processing) TAC’s need to be implemented Terminal Verification Result is vital to transaction audit trail Transactions above floor limits will also attempt to go online Terminal will request a response from the card before taking any further action Next session Send the Terminal Request to the card Terminal Risk Management

Floor Limits and How they Impact Chip Floor limits where very common in some markets and in some cases still are. If floor limits exist they can be checked by the chip process and used if they fit in to the process. They do not override the chip. If the merchant use them, they are liable for any fraud under standard scheme rules