DieboldNixdorf.com Tokenization Roman Cinkais | 27.11.2018.

Slides:



Advertisements
Similar presentations
Weighing the Risks and Benefits of Online Financial Transactions
Advertisements

Surviving the PCI Self -Assessment James Placer, CISSP West Michigan Cisco Users Group Leadership Board.
October 28, Who? What? When? Why? Comply with PCI compliance policies set forth by industry Create internal policies and procedures to protect.
Mobile Payment Security The Good, the Bad and the Ugly
PCI DSS for Retail Industry
HCE AND BLE UNIVERSITY TOMORROWS TRANSACTIONS LONDON, 20 TH MARCH 2014.
The GSMA July 2014 Restricted - Confidential Information
GPUG ® Summit 2011 November 8-11 Caesars Palace – Las Vegas, NV Advantages of having integrated ePayments and eCommerce By Fauwaz Hussain Nodus Technologies.
Data Security Standard. What Is PCI ? Who Does It Apply To ? Who Is Involved With the Compliance Process ? How We Can Stay Compliant ?
1 Goal is protection of sensitive data New Rice policy calls for protection of sensitive personally identifying information Confidential information includes:
GPUG ® Summit 2011 November 8-11 Caesars Palace – Las Vegas, NV Payment Processing Online and Within Dynamics GP PCI Compliance and Secure Payment Processing.
Geneva, Switzerland, 4 December 2014 Evolving Payments into The Digital World Richard Smith, Vice President, MasterCard Customer Fraud Management
PCI and how it affects College Stores… ROBIN MAYO | PCIP ECOMMERCE MANAGER EAST CAROLINA UNIVERISTY.
Travillon Consultants
Security & PCI Compliance The Future of Electronic Payments Security & PCI Compliance Greg Grant Vice President – Managed Security Services.
Web Advisory Committee June 17,  Implementing E-commerce at UW  Current Status and Future Plans  PCI Data Security Standard  Questions.
PCI DSS The Payment Card Industry (PCI) Data Security Standard (DSS) was developed by the PCI Security Standards Council to encourage and enhance cardholder.
The Right Choice for Call Recording OAISYS and PCI DSS Compliance Managing Payment Card Industry Compliance with OAISYS Call Recording Solutions.
Introduction To Plastic Card Industry (PCI) Data Security Standards (DSS) April 28,2012 Cathy Pettis, SVP ICUL Service Corporation.
Future Tense: Contemplating the Impending Transition to Digital Wallets and Mobile Prepaid Platforms Over the Next 5 Years Thursday, June 11, 2:25 p.m.
PCI Compliance: The Gateway to Paradise PCI Compliance: The Gateway to Paradise.
What you need to know about PCI-DSS Jane Drews Chief Information Security Officer Information Security & Policy Office
ThankQ Solutions Pty Ltd Tech Forum 2013 PCI Compliance.
SABRE VIRTUAL PAYMENTS Karen Frayer Sabre Virtual Payments Manager.
The Payment Card Industry (PCI) Data Security Standard (DSS) was developed to encourage and enhance cardholder data security and facilitate the broad.
Statewide Electronic Commerce Program North Carolina Office of the State Controller March 2016 Fayetteville Fort Bragg.
Fall  Comply with PCI compliance policies set forth by industry  Create internal policies and procedures to protect cardholder data  Inform and.
Standards in Use. EMV June 16Caribbean Electronic Payments LLC2.
Protecting Sensitive Data: From Passwords to PANs
By: Matt Winkeler.  PCI – Payment Card Industry  DSS – Data Security Standard  PAN – Primary Account Number.
The Payment Card Industry Data Security Standard (PCI DSS) is a proprietary information security standard for organizations that handle branded credit.
Copyright 2009, First Data Corporation. All Rights Reserved. How Does TransArmor SM Work at the POS? SafeProxy Merchant Anti FraudAnalytics First Data.
WHAT NEW, WHAT NEXT IN PAYMENT PROCESSING. EMV WHAT IS EMV? 3  An acronym created by Europay ®, MasterCard ® and Visa ®  The global standard for the.
PCI 3.1 Boot Camp Payment Card Industry Data Security Standards 3.1.
Copyright © 2016 VALENTINE OBI, MD/CEO, eTRANZACT PLC The Experience Powering Retail Payments in Digital Africa.
Digital Certificates Presented by: Matt Weaver. What is a digital certificate? Trusted ID cards in electronic format that bind to a public key; ex. Drivers.
PCI COMPLIANCE & A/R AUTOMATION 101 Nodus Technologies, Inc.
EMV.
Payment Card Industry (PCI) Rules and Standards
Samsung Pay RAO Lu KONG Shuyi
PCI DSS Improve the Security of Your Ecommerce Environment
Transaction Flow end-end
A catalyst for mobile contactless payments adoption?
Decrypting Tokenization What is it and why is it important?
Payment Card Industry (PCI) Data Security Standard (DSS) Compliance
Payment card industry data security standards
Fraud Prevention Solutions Make it secure, keep it simple!
Sofortüberweisung: An Introduction
Tokenizing Your Circulation Data
PCI DSS modular approach for F2F EMV mature environments
Internet Payment.
3-D Secure 2.0 What Merchants Need to Know
Meet Simple & Secure Payment Processing.
© 2013 Jones and Bartlett Learning, LLC, an Ascend Learning Company All rights reserved. Page 1 Fundamentals of Information Systems.
EMV® 3-D Secure - High Level Overview
Switchover from Teledeposit to VIRTUAL TERMINAL Moneris Solutions
October 27, 2016 EMV 3DS Seizing the opportunity to enhance security and deliver a great consumer experience September 22, 2018.
Sage payment solutions customer Service Sage Mobile Payments is the Cutting edge answer for portable charge card acknowledgment, now with a totally upgraded.
Payment Card Industry (PCI) Data Security Standard (DSS) Compliance
Continuous Automated Chatbot Testing
Use of Biometric Technology in Payments to avoid Frauds
PCI Compliance : Whys and wherefores
Cesar Lomeli.
Payment Card Industry (PCI) Data Security Standard (DSS) Compliance
Secure Electronic Transaction (SET) University of Windsor
NATIONAL TRANSACTION CORPORATION
Neopay Practical Guides #2 PSD2 (Should I be worried?)
Payment Innovations PAYMENT INNOVATIONS DIGITAL PAYMENT SOLUTIONS.
Online Payment Options for Government
Increasing approval rates in the digital world
Presentation transcript:

DieboldNixdorf.com Tokenization Roman Cinkais | 27.11.2018

Tokenization in different context Pseudonymization of data Initial Public Coin Offering Identification of sensitive data Cryptography Key Management Data Security Mobile Payments

Tokenization in payments Is process of replacing card number (PAN) with token The original card number is under the control of the issuer, and external systems can not access it Tokens are random and it is not possible to deduct the original card number from the token Reduces the risk associated with payment fraud, the original card number does not occur on the payment network It is one of the techniques for reducing scope of cardholder data environment (CDE, PCI DSS) …enables entities to offer more secure and more tailor made payment services…

Support of token categories Token categorization Irreversible (Card identification) It is not possible to get the original card number from the token Reversible (Payment tokens) There is a reverse process called de-tokenization, which we can use to get back the original card number

Standards – payment tokenization PCI TSP Security Requirements: Additional Security Requirements and Assessment Procedures for Token Service Providers (EMV Payment Tokens) EMV® Payment Tokenisation Specification: Technical Framework UX, Security and functional requirements of card associations

Alternative payment channels Payment tokenization Payment tokens can be used to create a payment transaction at payment terminals or on a website Often referred to as DPAN (Digitized PAN) Reduces the risk of compromising your actual card (payment token compromise != card compromise) Payment token Mobile/Smart Device E-Shops (e-commerce) Alternative payment channels Payment options

Payments Online Tokenization provides innovative and secure payment methods for online merchants In-App Tokenization mediates payment directly in the application in a secure way, payment is made at the time of authorization In-Store Tokenization creates the ability to pay using smartphones and wearables through NFC technology or QR codes

Risk Management – EMV Framework information related to payment token data to ensure that payments are made within defined channel, authorized by user/owner of the token Examples: tokens only for e-commerce use, or valid only for one merchant, one time token, ability to create QR payment or EFT payment, etc. Token Domain Restriction Controls The quantification of the risk associated with the environment where we request the creation of a payment token or payment based on which a form of user verification is required Examples: storage of token information inside SE/TEE, or in a software based secure envelope, security policy Token Assurance

Token Service Provider Decomposed Tokenization Registration & Onboarding Identification & Verification Life-cycle Management De-tokenization Token Requestor Management Domain Restriction Controls Eligibility Checking Token Requestor Token Vault Authorization

In-store payment T T T N

E-commerce (online) payment

Diebold Nixdorf tokenization solution What is tokenization? For what purpose it is? What can be new payment channels and options? Impact on user experience? How to deploy tokenization? Security of tokenization data and environment? Compliance with Payment Card Industry?

Thank You for listening to today’s presentation. Roman Cinkais Roman.Cinkais@DieboldNixdorf.com