U. S. Payments Landscape Perspective

Slides:



Advertisements
Similar presentations
Financial Stability & Integrity Track: Innovations in Technology for Financial Inclusion & Managing Risks.
Advertisements

HCE AND BLE UNIVERSITY TOMORROWS TRANSACTIONS LONDON, 20 TH MARCH 2014.
Cross Border E-commerce: Challenges and Opportunities
Fraud: What Happens When EMV Surfaces? Tracey Black GFH Group Inc. Cardware, June GFH GROUP INC.
1 U.S. EMV Migration Update and Best Practices Hap Huynh, Senior Director Risk Products April 2015.
Vice President, e-Business Development Dubai United Nations Conference on Trade & Development Conference on Electronic Commerce.
Contactless Payment. © Family Economics & Financial Education – January 2007 –– Financial Institution Unit – Contactless Payment - 2 Funded by a grant.
© 2012 Presented by: Preparation For EMV Chip Technology Keith Swiat.
Memorial University of Newfoundland An Update on Chip September 26, 2007.
Presented by : Vivian Eberhardt, Supervisor Cash and Credit Operations
/RestaurantDotOrg /NationalRestaurantAssociation.
Mar 11, 2003Mårten Trolin1 Previous lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities.
Around the World, Around the Corner WorldPay for Small Business.
Geneva, Switzerland, 4 December 2014 Evolving Payments into The Digital World Richard Smith, Vice President, MasterCard Customer Fraud Management
Emerging Technologies
Private, Secure, Guaranteed ACH Credits – The Next Generation of Online Payments Samantha Carrier, Director, eCommerce, NACHA.
Electronic Payment Systems
R U Ready? V M E EUROPAY MASTERCARD VISA EMVco was formed in 1999.
© 2014 CustomerXPs Software Pvt Ltd | | Confidential 1 Tentacles of Fraud #StarfishBanks CustomerXPs Software Private Limited.
Confidential – For Discussion & General Information Purposes Only EMV to Card Not Present Fraud Gavin Levin, CTP eReceivables Consultant.
Agenda EMV – What Is It? EMV In The UK EMV Is Coming To The US
The next generation of payments is here. Is your business ready?
Getnationwide.com Let’s Talk about EMV Danielle Rourke.
Controlling Fraud Risk Exposure and Loss Sherri Goodman Director of Fraud Operations September 22, 2005.
SMU Dedman School of Law October 8, 2007 Glenn Wheeler – Chief Executive Officer.
United States payments update Howard N. Forman, AAP Senior Vice President Electronic Payments Consultant © 2011 Wells Fargo Bank, N.A. All rights reserved.
What you need to know about PCI-DSS Jane Drews Chief Information Security Officer Information Security & Policy Office
Midsouth User Group Annual Conference
EMV: transforming the payment experience
Improve Your Experience ExpressRelease Debit Card.
Standards in Use. EMV June 16Caribbean Electronic Payments LLC2.
Confidential and Proprietary - NOT TO BE DISTRIBUTED WITHOUT THE EXPRESS WRITTEN PERMISSION OF BANK OF AMERICA MERCHANT SERVICES. ASTRA EMV Review/Best.
Online Decision Process
EMV Operation and Attacks Tyler Moore CS7403, University of Tulsa Reading: Anderson Security Engineering, Ch (136—138), (328—343) Papers.
WHAT NEW, WHAT NEXT IN PAYMENT PROCESSING. EMV WHAT IS EMV? 3  An acronym created by Europay ®, MasterCard ® and Visa ®  The global standard for the.
Presented by David Cole CVM Methods.  CVM Methods in the End-to-End Process  What is a CVM List?  Risk protection tool  Types of PIN processing 
Risk Policy Considerations.  Floor Limits  Fallback considerations  Domestic v International  Credit control (VSDC+) overview  Fraud reporting 
EMV.
Making card acceptance work for you
Terminal Risk Management
Transaction Flow end-end
EMV Acceptance Training
Make This Document Your Own
Regular Payments First and Subsequent Payments
CONFERENCE OF WESTERN ATTORNEYS GENERAL
Emerging Payments Market Developments: Trends and Risks James Van Dyke, President and Founder Presented at the Federal Reserve Bank of Atlanta, November.
Fraud Prevention Solutions Make it secure, keep it simple!
Introduction to Depository Institutions
EMV & Parking – 6 Months On
Consider cards over cash
Problems – Technical Requirements
Consider cards over cash
Making card acceptance work for you
Electronic Commerce Payment Systems
October 27, 2016 EMV 3DS Seizing the opportunity to enhance security and deliver a great consumer experience September 22, 2018.
Cyber Security and Consumer Financial Transactions Data Security
Consider cards over cash
17 Banking and Financial Services
Payment Trends What the Future Might Look Like
Third-party Payment options, PayPal Implementation
Federal Reserve Retail Payments Risk Forum
Chip & Pin and Apple Pay: Vulnerabilities of the Changing Payment Systems Jay Isaacson.
Threats Facing Industry –
Mastercard® Threat scan
Electronic Commerce Payment Systems
A Secret Service Perspective on Credit Card Fraud
New Jersey Gasoline C-Store Automotive Association
Mastercard® Threat scan
Increasing approval rates in the digital world
2019 AFP Payments Fraud & Control Survey
Presentation transcript:

U. S. Payments Landscape Perspective Fresh from the Fed U. S. Payments Landscape Perspective AFP - Nashville March 8, 2018 Dave Lott, Payments Risk Expert Federal Reserve Bank of Atlanta The views expressed in this presentation are those of the presenters and do not necessarily reflect the views of the Federal Reserve Bank of Atlanta or the Federal Reserve System.

Detect and identify; assist and encourage… Forum’s Mission Detect and identify; assist and encourage… Identify: What? Risk - in existing and emerging retail payments Help how? Contribute to mitigating payment risks by: Researching products, services, and systems Collaborating with industry Convening Take On Payments weekly blog http://takeonpayments.frbatlanta.org 2 2

Agenda Payments Overview EMV Migration at POS Fraud Schemes Questions and Discussion 3

Payments Overview 4

Cash continues to dominate small-value, in-store payments Cash Usage Cash continues to dominate small-value, in-store payments 5

Key Themes Continue Key Theme 2012 Diary 2015 Diary Most frequently used payment method Dominant for small-value transactions Wide array of users and use cases Critical in contingency situations Consistent with other data sources, we also see evolution Cash’s share of consumer payments is declining Consumers are holding more cash, but using it less often 6

About the Payments Study Calendar year 2015 estimates, comparisons with 2012 estimates Sixth in triennial series since 2000 National estimates from institutional surveys Representative data from almost 1,400 depository institutions Census of general-purpose card networks Processors and issuers of various private-label payment instruments Covers total number and value of all US noncash payments Payments by consumers and businesses 7

Trends in Noncash Payments 2000-15, by Number U.S. noncash payments continued to rise Debit cards showed the largest increase in number of payments Credit cards showed the largest growth rate in number of payments ACH continued growth Check continued to decline, but at a slower rate SOURCE: Federal Reserve Payments Study 2016 8

Distribution of Core Noncash Payments by Type, Number and Value - 2015 # $ The Inverse Number-Value Relationship Across Payment Types SOURCE: Federal Reserve Payments Study 2016 9

Trends in Checks Written, 2000-15, Number and Value By number, the decline in checks appeared to taper off 2012-15 By value, checks have not declined as much Checks converted to ACH dropping faster than checks overall SOURCE: Federal Reserve Payments Study 2016 10

Distribution of Card Fraud Types – United States and Selected Countries - 2015 SOURCE: Federal Reserve Payments Study 2016 Counterfeit & lost or stolen are in-person while fraudulent use of account number reflects remote fraud Chips help reduce in-person fraud by making card counterfeiting harder Only 2 percent of U.S. card payments were chip based Other countries adopted sooner, had much higher chip usage 11

EMV Migration 12

EMV Migration 13

Chip Card Types There are two major types of chip cards, but each must communicate to the POS terminal chip reader Contact Card inserted or dipped and retained for the duration of the transaction Contactless Using Near Field Communications (NFC) technology, the card is placed within 4 cm (≈ 1.5”) of reader on terminal Faster than contact transaction and desired by high throughput merchants such as transit systems High utilization in international markets but little success to this point in the US Major issuers plan to add contactless feature to chip cards during normal reissuance cycle in 2019 – 2021 timeframe 14

EMV’s Benefits For Card Fraud Protection Dynamic Card Authentication A dynamic (transaction-unique) cryptogram presented with each transaction mitigates counterfeit card fraud risk. In a mag stripe environment, card authentication, if performed, is a static process performed at the POS. Magnetic stripe data indicates if card contains a chip and to process as a chip card Fallback (reverting to magnetic stripe) approval at discretion of merchant and issuer. Cardholder Verification (if implemented in a PIN environment) Provides superior protection against lost or stolen card fraud compared to other verification methods currently used in the market. Each application supports its own cardholder verification method. 15

EMV’s Benefits For Card Fraud Protection (cont.) Global interoperability Longer card life than magnetic stripe, although more expensive ( 2-3 x) Foundation for next generation of payments Merchants may qualify for some PCI audit relief 16

EMV’s Shortcomings For Card Fraud Protection PAN data remains vulnerable at POS PAN, expiry and name data travels “in the clear” inside terminal Highly valuable to fraudsters for: Counterfeiting in a mag stripe environment Card-not-present (CNP) transactions Designed for face-to-face transactions Card authentication requires a direct connection to allow the card to communicate With the terminal (offline environment) To the host (online environment) Fraudsters migrate from the card-present environment to the card-not-present (CNP) environment 17

Current State of EMV Deployment Card migration is nearing almost complete deployment Glenbrook Partners say as of mid-2017, 63% of all cards are chip cards Credit cards: 81% Debit cards: 46% Visa says 67% of its cards are chip enabled as of YE 2017 96% of payment volume being conducted by chip cards Visa (December 2017) indicates: 2.7 million merchant locations accepting chip cards 59% of storefronts Visa claims that for merchants that have completed chip card upgrade, fraud from counterfeit cards has dropped 70% from YE2015 to September 2017 18

EMV Has Been Successful at Reducing Fraud ……BUT Domestic card present fraud rates greatly improved (EMV has been very good at doing what it was designed to do – preventing counterfeit and lost/stolen fraud). Card-Not-Present fraud is up. Hard to understand if the actual fraud rate is up, but EMV is not designed to prevent this type of fraud 19

CARD-NOT-PRESENT FRAUD AFTER EMV Card Fraud Shifted to Remote Merchants (Online, MOTO) CARD-NOT-PRESENT FRAUD AFTER EMV (local currency) Sources: Financial Fraud Action UK, The Observatory for Payment Card Security, Canadian Bankers Association, Australian Payments Clearing Association. 20

Merchant Perspectives on EMV Token 2.0 For merchants that use proprietary or third party “security” or internal tokens, concerns around payment tokens are ability to deliver a consistent consumer experience (number of issuers creates potential for inconsistent experiences) For merchants that have adopted payment tokenization Franchise merchants use a third party (terminal provider) and processor that handles integration Third party integration to expand to e-commerce is a challenge because PAN is needed for merchant fraud tools, so an alternative method is needed Surprisingly, little interest in Payment Account Reference (PAR) Also have not yet achieved full integration with loyalty program 12 21

Challenges to Expanded Use of Payment Tokenization Achieving scale will take time and requires partners Merchants and processors need to become more comfortable Tokenization will increase; however, not everything needs to be tokenized For example: Different security criteria: e.g., a prepaid card that already has its own domain restriction and can only be used to a restricted amount, so the issuer can decide not to tokenize this prepaid card Tokenization will expand but there is potential usage where it will never make sense and this is something that the industry is beginning to recognize – entirely removing PAN from ecosystem is not a reality Scale is more important, through issuer and acquirer base, as more people understand how it works Tokenization has created better decision-making on behalf of issuers for merchants resulting in less chargebacks and increased authorizations 22

Fraud Schemes 23

Fraud Schemes: criminals remain plenty busy Identity fraud increasing Business E-mail Compromise Fed Pays My Bills Ransomware ATM skimming / machine heists 2424 24

Defenses increased as attacks mount Payment Security Defenses increased as attacks mount Signature requirement at POS ending Biometric modalities being expanded 2525 25

Number and magnitude continue to grow Data Breaches Number and magnitude continue to grow Third party access Assume you have been compromised? 2626 26

Questions or Comments 28

THANK YOU Dave Lott Federal Reserve Bank of Atlanta Retail Payments Risk Forum http://takeonpayments.frbatlanta.org David.Lott@atl.frb.org