Presentation is loading. Please wait.

Presentation is loading. Please wait.

Info-Tech Research Group1 1 Info-Tech Research Group, Inc. is a global leader in providing IT research and advice. Info-Tech’s products and services combine.

Published byLuke Mason Modified over 8 years ago

Similar presentations

Presentation on theme: "Info-Tech Research Group1 1 Info-Tech Research Group, Inc. is a global leader in providing IT research and advice. Info-Tech’s products and services combine."— Presentation transcript:

1 Info-Tech Research Group1 1 Info-Tech Research Group, Inc. is a global leader in providing IT research and advice. Info-Tech’s products and services combine actionable insight and relevant advice with ready-to-use tools and templates that cover the full spectrum of IT concerns. © 1997-2015 Info-Tech Research Group Inc. Navigate the EMV Liability Shift Shift your POS payment system into high gear to improve customer experience and reduce payment risk.

2 Info-Tech Research Group2 2 Table of contents 1. Title 2. Introduction 3. Project Rationale 4. Execute the Project/DIY Guide 4.1. Phase 1: Define the EMV Current State & Requirements 4.2. Phase 2: Build the Business Case & Internal Plan 4.3. Phase 3: Select the Solution for the EMV Project 4.4. Phase 4: Plan the EMV Implementation 4.5. Phase 5: Deploy EMV and Monitor Success 5. Summary/Conclusion 6. Next Steps 7. Appendices

3 Info-Tech Research Group3 3 EMV is here to stay. With fraud on the rise, and new issuer contract terms coming into play, it is time for organizations to embrace change. What is EMV? EMV is a global standard for credit and debit payment cards based on chip card technology. Direct fraud is on the rise. Along with it, the indirect costs associated with these issues are skyrocketing. Thus, as of October 1 st 2015, acquirers have instituted new rules that stipulate that merchants will be responsible for any theft that results from non-EMV-enabled terminals interacting with EMV-enabled cards. With compliance, contactless payment trends, and fraud pushing organizations to change, now is the perfect opportunity to update your POS systems and take advantage of new payment technology trends. Larry Fretz, Practice Lead, Gaming & Hospitality Info-Tech Research Group The future is here! Is your merchant POS payment system ready for the transition to EMV? ANALYST PERSPECTIVE

4 Info-Tech Research Group4 4 This Research is Designed For:This Research Will Help You: This Research Will Assist:This Research Will Help You: This Research Is Designed For:This Research Will Help You: This Research Will Also Assist:This Research Will Help Them: This research will guide you through the process of converting to an EMV-compliant payment environment CIO, VP IT Understand Europay, MasterCard, and Visa (EMV) Understand the ancillary benefits of EMV Reduce on-going PCI-DSS compliance scope and costs Reduce risk, complexity, cost, and time-to- market during your EMV migration project Implement EMV within your organization General Managers/VPs CFO/VP Finance COO CSO/CISO VP of Regulatory Compliance Protect your business from credit card fraud liability Modernize payment methods Improve the customer experience

5 Info-Tech Research Group5 5 Resolution Situation Complication Info-Tech Insight Executive Summary As a CIO of a hotel, restaurant, or casino, you have to find an EMV solution for new liability rules that take effect on October 1 st, 2015. This “liability shift” makes the non-EMV compliant party responsible for losses in the event of a compromise at the point of sale. As industries focus on customer service, it’s important to ensure that customers have a positive experience with payment technologies. Money that has been stolen from U.S. issuers, merchants, and consumers is on the rise. However, indirect costs are rising just as drastically. Moreover, reissuance costs are not factored into these statistics: the real cost of fraud may be 5 to 6 times greater. EMV is not a mandate – it’s a liability shift specific to counterfeit fraud and lost/stolen cards set by the card issuers. EMV impacts foreign travelers from countries who have already implemented EMV. Evaluate your customer base to gauge the impact. EMV is the first step to a multi-layered approach to protecting cardholder data upon swiping and then processing. Preparing for NFC payments (i.e.: Apple Pay and Google Wallet) is a part of selecting your EMV solution. Make a solid business case for your EMV project by articulating and supporting the value it creates to the organization. Define the organizational context for your EMV deployment and make sure your technical requirements can satisfy your business requirements. Carefully plan your project prior to deployment to reduce any roadblocks and issues associated with implementation. 1. EMV provides a foundation for mobile contactless payments. 2.EMV does not address Card Not Present (CNP) fraud. Take additional measures during implementation to strengthen your online and over-the- phone purchasing process. 3.Integrate PCI-compliant solutions, end- to-end encryption/point-to-point encryption, and tokenization for a more secure transaction. 4.Check your existing contract with your card issuer; if you have a pre-existing plan, your card issuer may not legally be able to force you to change.

6 Info-Tech Research Group6 6 Executive Brief Case Study National U.S. Retailer This national retailer operates a number of business units. It also acts as an issuer of credit cards. EMV Initiative This organization partnered with its existing acquirer, Moneris Solutions, to customize a payment integration solution, and merge card networks, retail operations, and card operations for an enterprise-wide strategy. Through the process, the retailer upgraded 1,000 terminals across its businesses. Results The EMV Initiative led to a 70% reduction in charge-backs within the first year. Additionally, its security environment became easier to navigate and manage in order to maintain PCI compliance. CASE STUDY Industry Source Retail Mercator Advisory Group The EMV Initiative Included: EMV-compliant and contactless POS terminals Payment Management System compatible with EMV-enabled terminals End-to-End Encryption (E2EE) Tokenization PCI-compliant systems Clerk Retraining Card-Not-Present Securitization

7 Info-Tech Research Group7 7 Use these icons to help direct you as you navigate this research This icon denotes a slide that pertains directly to the Info-Tech Vendor Landscape on Enterprise Service Bus technology. Use these slides to support and guide your evaluation of the ESB vendors included in the research. This icon denotes a slide where a supporting Info-Tech tool or template will help you perform the activity or step associated with the slide. Refer to the supporting tool or template to get the best results and proceed to the next step of the project. This icon denotes a slide with an associated activity. The activity can be performed either as part of your project or with the support of Info-Tech team members, who will come onsite to facilitate a workshop for your organization. Use these icons to help guide you through each step of the blueprint and direct you to content related to the recommended activities.

8 Info-Tech Research Group8 8 Update to an EMV-compliant payment system to avoid liability issues caused by market forces Oct. 1 – Merchant Relief for early POS adoption. April 1 – Acquirers’ and sub-processors’ deadline to process EMV payments. Dec. 15 – U.S. market begins considering higher payment security amid Target data breach. While other major economies transferred to EMV, the U.S. banking industry decided to embrace PCI DSS to secure magnetic stripe, a cheaper and altogether weaker solution. Oct. 15 – Liability shift for most merchants. Merchants who accept in-store payments may be liable for fraudulent transactions if an EMV card is presented but the merchant chooses to process the payment using the magnetic stripe. Dec. – Expected that 58% of general purpose credit cards are EMV compliant while only 10% - 15% of debit cards will be compliant. Oct. 1, 2016 – Liability shift for ATM owners & domestic cards. Oct. 15, 2017 – Liability shift for gasoline retailers. 2012 2015 2013 2016-2017 Before 2012 1990 – EMV first developed to mitigate card-present fraud. 2005 – EU institutes EMV. 2011 – Canada begins integrating EMV. Compared to other G20 countries, the U.S. is a laggard in EMV deployment and contactless payments. Thus far, major merchants are the predominant U.S. users of EMV-compliant payment systems.

9 Info-Tech Research Group9 9 Your liability risk exposure rises by 78% from 2015 to 2016 due to the difference in EMV terminals vs EMV-enabled cards Info-Tech Insight Any transaction wherein an EMV-enabled card is used with a non-EMV-capable terminal results in the merchant being liable for fraud associated with that transaction. Source: Mercator Advisory Group Increased Risk

10 Info-Tech Research Group10Info-Tech Research Group10 Learn the difference between EMV and Magnetic Stripe transactions to gain deeper insight into EMV’s importance Info-Tech Insight As gaming and hospitality industries focus on customer service, it becomes increasingly important to ensure that customers have a positive experience with payment technologies, regardless of the country they are in or from. Chip and Choice Refers to four types of cardholder verification methods: Online PIN, Offline PIN, Signature, and None EMV Based on strong symmetric and asymmetric chip cryptography and elaborate key management. An important aspect of EMV is its use of dynamic data. Each transaction carries a unique “stamp” which prevents the transaction data from being fraudulently reused, even if it is stolen from a merchant’s or processor’s database. Dynamic data is only useful for the transaction it represents. EMV-compliant transactions are often referred to as "Chip and PIN" because it’s the method in use throughout the world and PIN entry is required to verify the customer is the genuine cardholder. EMV vs Magnetic Stripe Transactions Magnetic stripe cards typically track two pieces of data containing the card number and expiry date. Every chip card transaction exchanges dozens of pieces of information. This requires the terminal to perform many stages of processing that is more complex than stripe technology.

11 Info-Tech Research Group11Info-Tech Research Group11 Understand your new acquirer contract terms to gain insight into the liability shift changes October 1 st, 2015: The party that is the cause of a contact chip transaction not occurring will be financially liable for any resulting card present counterfeit fraud losses. Does not include automated fuel dispensers (AFD). October 1 st, 2015: MC ADC relief takes effect (100%). If at least 95% of MasterCard transactions originate from EMV-compliant POS terminals, the merchant is relieved of 100% of ADC penalties. MC liability hierarchy takes effect (excluding AFD). October 16 th, 2015: American Express will institute a fraud liability shift (FLS) policy that will transfer liability for certain types of fraudulent transactions away from the party that has the most secure form of EMV technology. October 1 st, 2015: Discover will institute an FLS. This FLS policy will be a risk-based payments hierarchy that benefits the party that leverages the highest level of available payment security. Info-Tech Insight The earlier you leverage contact chip transactions, the likelier you are to reduce fraud charge issues, and to mitigate problems associated with debugging and testing that could increase the likelihood of liability charges. However, check your contract with the issuer; if there are no terms regarding a liability shift, it cannot legally enforce any liability charges. EMV card issuance has largely been driven by larger banks because cards cost approximately $3.50 to make and issue combined with the software preparation required to accept the new cards.

12 Info-Tech Research Group12Info-Tech Research Group12 Make sure you understand under what circumstances you will be liable under the new acquirer contract terms The Merchant will convert to Chip acceptance OR accept liability for fraud. This shifts risk and liability from the Issuer to the Merchant. Magnetic Stripe Card Magnetic Stripe Terminal Issuer Liable Chip Card Magnetic Stripe Terminal Merchant Liable 1234 5678 9032 5432 Chip Card Chip Terminal 1234 5678 9032 5432 Issuer Liable 1234 5678 9032 5432 Current October 1 st, 2015 and Beyond 1234 5678 9032 5432 Chip CardCard Not Present Merchant Liable Info-Tech Insight If a guest or customer uses a faulty chip and PIN card with your chip terminal, you as the merchant bear the liability burden under the new contract terms if you choose to allow the customer to pay with a magnetic stripe and signature. Therefore, you have to choose between customer service and risk tolerance.

13 Info-Tech Research Group13Info-Tech Research Group13 Increase your security by instituting the EMV-enabled chip and signature terminals Security Transaction Speed Up-Front CostsOperating Costs Magnetic Stripe and Signature Chip and PIN Chip and Signature Chip and PIN with Fallback Contactless Info-Tech Insight Chip and PIN enabled cards protect against counterfeit cards, as well as lost and stolen cards. On the other hand, chip and signature cards do not protect against lost or stolen cards. Unfortunately, the higher security and speed comes with higher upfront costs, which may be balanced out by lower operating costs. Very Slow Low High Medium Fast Slow Low High Low Medium High MediumFastHigh Low

14 Info-Tech Research Group14Info-Tech Research Group14 Protect customers and partners by migrating to EMV in order to prevent security issues along the entire payment process The payments solution has to be secure along the entire back-end process for it to be EMV compliant.

15 Info-Tech Research Group15Info-Tech Research Group15 Enable even greater security by utilizing the complimentary solutions of both EMV and PCI What PCI ProvidesWhat EMV Provides Higher overall security

16 Info-Tech Research Group16Info-Tech Research Group16 Don’t underestimate the process changes and training needs of frontline staff Consumer signs receipt / folio Cashier returns card to consumer Cashier receives card from consumer Cashier swipes card Client removes card Client signs receipt / enters PIN Client inserts card Card stays in terminal Cashier swipes card Table attendant takes card Receipt is presented to client Client places card in check presenter Client signs the receipt Cashier returns card to client Typical Retail POS Process Typical Restaurant POS Process New Process Fraud opportunity

17 Info-Tech Research Group17Info-Tech Research Group17 Info-Tech offers various levels of support to best suit your needs Diagnostics and consistent frameworks used throughout all four options Consulting “Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project.” Guided Implementation “Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track.” DIY Toolkit “Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful.” Workshop “We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place.”

18 Info-Tech Research Group18Info-Tech Research Group18 Best-Practice Toolkit Identify a team and stakeholders. Assess your EMV environment. Collect data from stakeholders. Decide upon your project needs. Define your requirements. Map the stakeholder goals. Assess project financials. Develop your success metrics. Complete the business case. Present the business case. Examine the vendor ecosystem. Shortlist selected vendors. Score vendors. Review your contract. Plan and initiate role changes. Secure your EMV environment. Develop a UAT plan. Build your EMV implementation timeline based on the payment project type. Deploy the EMV POS solution. Validate and adapt your EMV- enabled solution. Plan regular EMV reviews. Assess success. Plan for long-term fin-tech adoption. Guided Implementations Scoping call Understand your business context Determine your technical requirements Scoping call Review your project financials Review your business case Scoping call Review vendor shortlist Review vendor scores and contract Scoping call Develop the implementation plan Finalize the plan Scoping call Review the initial project implementation Monitor the EMV POS system Onsite Workshop Module 1: Define the EMV current state and requirements Module 2: Build the business case Module 3: Select the EMV solution Module 4: Develop the deployment plan Module 5: Deploy the EMV POS system and measure success Phase 1 Results: Go / no-go decision Defined requirements Phase 2 Results: Business case Project approval Phase 3 Results: Selected vendor and solution Phase 4 Results: Implementation plan Task monitoring tool Phase 5 Results: Continuous improvement Measured success Navigate the EMV Liability Shift – Project Overview Define the EMV Current State & Requirements Build the Business Case & Internal Plan Select the Solution for the EMV Project Plan the EMV Implementation Deploy EMV and Monitor Success

19 Info-Tech Research Group19Info-Tech Research Group19 Time constrained? Consider an onsite engagement to navigate the EMV liability shift and get results faster Deliverables 1.SWOT Analysis 2.EMV Requirements Document 3.Stakeholder vision 4.Baseline EMV project metrics & goals 1.Business Case 2.High Level Vendor Shortlist 3.EMV Vendor Scoring Tool 1.OCM Plan 2.Test Plan 3.Implementation Plan Day 1Day 2Day 3Day 4Day 5 PreparationWorkshop Day Working Session Workshop Preparation Scope the state of the organization’s financial payments, EMV, and workshop objectives. Identify and invite project stakeholders to attend the workshop. Send the workshop agenda to all participants. Morning Itinerary Discuss and document the current challenges, project drivers, and goals. Assess the business context. Afternoon Itinerary Determine the optimal timing for the EMV project implementation. Evaluate and document your technical requirements. Morning Itinerary Recap of Day 2. Assess project financials. Develop success metrics. Begin developing the business case. Afternoon Itinerary Complete the business case. Assess which vendors meet your needs and circumstances. Morning Itinerary Recap of Day 3. Build your EMV deployment plan. Afternoon Itinerary Develop your organization change management (OCM) plan. Develop test and acceptance plans. Identify implementation / conversion risks. Build a timeline. Workshop Debrief Review the final deliverables: business case, RFP, RFP Scoring Tool, and the OCM, UAT, and implementation plan. Discuss concerns and questions. Next Steps Engage with Info-Tech to help you launch your contactless payment solution. Contact your account representative or email Workshops@InfoTech.com for more information.Workshops@InfoTech.com

Download ppt "Info-Tech Research Group1 1 Info-Tech Research Group, Inc. is a global leader in providing IT research and advice. Info-Tech’s products and services combine."

Similar presentations

National Bank of Dominica Ltd. 2011 Merchant Seminar Facilitator: Janiere Frank Fraud & Compliance Analyst June 16, 2011.

National Bank of Dominica Ltd Merchant Seminar Facilitator: Janiere Frank Fraud & Compliance Analyst June 16, 2011.
CONFIDENTIAL AND PROPRIETARY ©2014 DISCOVER FINANCIAL SERVICES 2014 Discover ® Dealer Incentive Program & EMV Update.

CONFIDENTIAL AND PROPRIETARY ©2014 DISCOVER FINANCIAL SERVICES 2014 Discover ® Dealer Incentive Program & EMV Update.
1 U.S. EMV Migration Update and Best Practices Hap Huynh, Senior Director Risk Products April 2015.

1 U.S. EMV Migration Update and Best Practices Hap Huynh, Senior Director Risk Products April 2015.
Northwest Card Association Acquirer Update January 2012.

Northwest Card Association Acquirer Update January 2012.
© 2012 Presented by: Preparation For EMV Chip Technology Keith Swiat.

© 2012 Presented by: Preparation For EMV Chip Technology Keith Swiat.
Memorial University of Newfoundland An Update on Chip September 26, 2007.

Memorial University of Newfoundland An Update on Chip September 26, 2007.
Geneva, Switzerland, 4 December 2014 Evolving Payments into The Digital World Richard Smith, Vice President, MasterCard Customer Fraud Management

Geneva, Switzerland, 4 December 2014 Evolving Payments into The Digital World Richard Smith, Vice President, MasterCard Customer Fraud Management
EMV’s Impact on U.S. Retailers – It’s Coming! Presented by: Chris Francis VP, Market Development February 21, 2014.

EMV’s Impact on U.S. Retailers – It’s Coming! Presented by: Chris Francis VP, Market Development February 21, 2014.
Emerging Technologies

Emerging Technologies
“Electronic Payment System”

“Electronic Payment System”
Travillon Consultants

Travillon Consultants
Enterprise Architecture

Enterprise Architecture
R U Ready? V M E EUROPAY MASTERCARD VISA EMVco was formed in 1999.

R U Ready? V M E EUROPAY MASTERCARD VISA EMVco was formed in 1999.
© 2014 CustomerXPs Software Pvt Ltd | www.customerxps.com | Confidential 1 Tentacles of Fraud #StarfishBanks CustomerXPs Software Private Limited.

© 2014 CustomerXPs Software Pvt Ltd | | Confidential 1 Tentacles of Fraud #StarfishBanks CustomerXPs Software Private Limited.
Confidential – For Discussion & General Information Purposes Only EMV to Card Not Present Fraud Gavin Levin, CTP eReceivables Consultant.

Confidential – For Discussion & General Information Purposes Only EMV to Card Not Present Fraud Gavin Levin, CTP eReceivables Consultant.
Agenda EMV – What Is It? EMV In The UK EMV Is Coming To The US

Agenda EMV – What Is It? EMV In The UK EMV Is Coming To The US
The next generation of payments is here. Is your business ready?

The next generation of payments is here. Is your business ready?
Getnationwide.com Let’s Talk about EMV Danielle Rourke.

Getnationwide.com Let’s Talk about EMV Danielle Rourke.
What you need to know about PCI-DSS Jane Drews Chief Information Security Officer Information Security & Policy Office 5-5537.

What you need to know about PCI-DSS Jane Drews Chief Information Security Officer Information Security & Policy Office
Midsouth User Group Annual Conference

Midsouth User Group Annual Conference

Similar presentations

Ads by Google