Read Slide 1 text version

EMVCo ­ Advancing Chip Standards for the Global Payments Industry

Michael Ward Chairman of the EMVCo Security Working Group 10 March 2010

Agenda

· · · · · · · · · · Mission Scope and Participation Why EMV? EMV Deployment Past Accomplishments Ongoing Activity 2010 Priorities Contactless Acceptance Mobile Payments New Participation Structure

Copyright © 2010 EMVCo

2

Mission

· To manage the EMV contact and contactless specifications to help facilitate worldwide interoperability and acceptance of IC-based payment instruments · To maintain type approval processes for:

­ Readers and Terminals compliant to the EMV Specifications. ­ Cards compliant to Common Payment Application (CPA) Specifications ­ Security evaluations of IC chips

Copyright © 2010 EMVCo

3

Scope and Participation

EMVCo's scope and participation have evolved over time in response to emerging payment, technology, and industry needs.

Scope

EMV Spec Terminal Type Approval Process Interoperability Management

CCD/CPA Specs & Card Type Approval

Contactless & Mobile

Next?

Europay, MCW, & Visa

Board of Advisors

Working Groups Expanded

JCB Joins

Contactless & Mobile Task Forces

American Express Joins

Expanded Industry Participation

Next?

Participation

Copyright © 2010 EMVCo 4

Why EMV?

·

Security

­

­

Offline Data Authentication/Offline PIN Verification between card and terminal Online Card Authentication between card and Issuer

·

Interoperability

­

Realised through EMVCo typeapproved terminals, readers and ATMs

·

Emerging Technologies

­

Standardising technology infrastructure for contactless payment and contactless mobile payment

Copyright © 2010 EMVCo

5

EMV Deployment

944 million EMV cards & 13.4 million EMV terminals are active within the marketplace

2005

2006

2007

Figures represent the latest statistics from American Express, JCB, MasterCard and Visa, as reported by their member financial institutions globally. Pre-2009 figures include JCB, MasterCard, and Visa only.

Copyright © 2010 EMVCo 6

EMVCo's 2010 Priorities

Contactless Acceptance

Begin to develop a common contactless acceptance infrastructure for payments globally

Mobile Payments

Solicit cross-industry collaboration to advance contactless mobile payments standardisation

New Participation Structure

Promote increased stakeholder engagement opportunities in EMVCo

Copyright © 2010 EMVCo

7

Contactless Acceptance

Copyright © 2010 EMVCo

8

Contactless Acceptance ­ Background

· Each payment system has independently pursued different solutions to promote contactless payment. · Significant investments have been made in deployment of these solutions which now enjoy a large installed base of cards and terminals. · To broaden and accelerate the deployment of contactless payment, EMVCo can help further by standardising the existing contactless acceptance infrastructure and streamlining the contactless type approval processes.

Copyright © 2010 EMVCo

9

Contactless Acceptance ­ Status

· Phased Implementation

In Q4 2009, the EMVCo Executive Committee and Board of Managers approved a phased implementation plan for common contactless acceptance Phase One Focusing on streamlining existing licensing and contactless type approval and building a framework for future development. Building a contactless online-only kernel for online-only markets. Continuing the development with offline market requirements and incorporating new cryptography standard such as ECC and a new secure hash algorithm.

10

Phase Two

Phase Three

Copyright © 2010 EMVCo

Contactless Acceptance ­ Approach

Phase One: Streamline existing licensing and approval

· · · · · · Combined terminal specification (from all EMVCo members) Draft specifications anticipated June 2010; final expected September 2010 EMVCo members to license existing contactless terminal specifications and testing to EMVCo EMVCo to manage the testing and the approval of contactless kernels based on these specifications Vendors will have access to the specifications for the purpose of terminal development Additionally, vendors may use elements of the terminal specifications for the purpose of card application development

· However, there may be some restrictions on some proprietary elements

Copyright © 2010 EMVCo

11

Contactless Acceptance ­ Approach

Phase Two: Common online kernel

· · Feasibility study to be conducted after completion of Phase One Common contactless kernel for online-only markets

Phase Three: Common online/offline ECC kernel

· · Will address offline-capable markets Integration of new cryptography (such as Elliptic Curve Cryptography (ECC) and Secure Hash Algorithm)

Copyright © 2010 EMVCo

12

Contactless Acceptance ­ Current Roadmap

Copyright © 2010 EMVCo

13

Contactless Acceptance ­ For More Info

General Bulletin #43 Details of the EMVCo contactless acceptance solution were published in EMVCo General Bulletin #43, which can be accessed by clicking on the `Bulletins' tab underneath the search bar on www.emvco.com .

Copyright © 2010 EMVCo

14

Mobile Payments

Copyright © 2010 EMVCo

15

Mobile Payment ­ Background

· The future growth of contactless mobile payments technology, and its viability as a sustainable, global, mass market payment method, relies on the existence of a standardised technical infrastructure. · Inter-industry cooperation is essential to avoid a fragmented approach to standardisation and the resulting limitations that this would bring. · EMVCo is tackling the technical challenges in contactless mobile payment (CMP) and aligning with the traditional charter to deliver payment specifications, testing and type approval processes that ensure security and interoperability between `payment instruments' (whether plastic cards or mobile devices) and terminals.

Copyright © 2010 EMVCo

16

Mobile Payment ­ Handset Architecture

Wide Area Modem

Over-the-Air Personalisation & Provisioning

User Interface

Application Environment

Payment Application Management

Contactless Module

Antenna

Contactless Proximity Payment

Copyright © 2010 EMVCo

17

Mobile Payment ­ Domains of Activities

EMVCo

Secure Elements

UICC Profiles -Security Evaluation Approval (future)

HS Requirements AAUI Specifications & Guidelines Specifications -Compatibility Validation to EMV requirements PPSE Specification (contained in AAUI ) Approval (future) GSMA and EPC MChannel Existing Specifications as option GSMA and EPC MChannel NFC Forum

Industry Orgs

GSMA · ETSI GlobalPlatform

GSMA · ETSI

Payment Systems

Approval (current)

Mobile Devices

User Interface Contactless Protocol Payment Applications Payment Application Mgt. Personalisation Provisioning

Copyright © 2010 EMVCo

Functional Specifications Approval (current)

Payment System specific

Payment System specific

Payment System specific

18

Mobile Payments ­ Industry Collaboration and EMVCo CMP Deliverables Liaison Status - GlobalPlatform - GSMA - NFC Forum EMV Contactless Mobile Payment Documents - Architectural Overview - Application Activation User Interface (AAUI) - Handset Requirements - Profile for GlobalPlatform UICC Configuration

* Note: EMVCo, GP, and GSMA plan to develop a common, cross-industry certification model for secure elements with post-issuance capabilities.

Copyright © 2010 EMVCo

19

New Participation Structure

Copyright © 2010 EMVCo

20

New Structure ­ Drivers for Change

Standards

· Growth of EMV as contact chip standard · Expectation to expand beyond contact chip

Customer

· Industry requests for wider participation · Interest in increased transparency

Efficiencies

· Improved business vs. technical input balance · Efficient interaction with standards bodies

· Commitment to optimal expense & resource management · Recognise member investment in staff & T&E

Investment Optimization

Copyright © 2010 EMVCo 21

Step 1 (2009): Expanding EMVCo's Reach

Subscriber Programme 2009 saw the introduction of the Subscriber programme with access to: · Draft documents · Various final documents available on the EMVCo website · Enhanced query facility · Eligibility to attend the EMV User Group meetings annually EMV User Group Meeting The inaugural EMV User Group Meeting was held June 30 ­ July 1 in Munich, Germany · Approximately 140 attendees representing a variety of payments stakeholders, such as Vendors, Financial Institutions, Processors, Retailers, Industry Associations, etc.

Copyright © 2010 EMVCo

22

EMVCo Structure & Stakeholders ­ 2009

Technical and Operations Focus

Board of Managers

Secretariats

Business Focus

Executive Committee

Board of Advisors

Working Groups

Security Contactless

Card and Terminal

Terminal Approval

Mobile Payments

Interoperability

Card Approval

Security Evaluation

Subscribers

Copyright © 2010 EMVCo 23

Step 2 (2010): Growing Industry Participation

· New Participation Structure for 2010: Following industry calls to engage more stakeholders and further increase transparency into EMV activity, EMVCo is introducing two new participation types

Business Associates Geared toward Payment Service Providers interested in shaping the strategic direction of EMVCo Geared toward industry stakeholders interested in monitoring the EMV specifications, providing input to its technical direction, and monitoring working group activities

Technical Associates

Copyright © 2010 EMVCo

24

EMVCo Structure & Stakeholders ­ 2010

Technical and Operations Focus

Board of Managers

Secretariats

Business Focus

Executive Committee

Board of Advisors

Working Groups

Terminal Approval Security Evaluation Mobile Payments Interoperability Security Card and Terminal

25

Business Associates

Technical Associates

Subscribers

Contactless Card Approval

Copyright © 2010 EMVCo

Participation Level Description

Level

Members

Qualifications /Requirements

· Commitment to global EMV interoperability · Significant responsibilities in EMV issuance/acceptance in multiple countries

High Level Benefit

· Responsible for final specs

Annual Fees

Capital & Resource investment

Board of Advisors Business Associate

· Business Associates · Technical Associates (up six seats, beginning 2011) · Payment Service Providers · Committed to EMV deployment and interoperability · Interest in providing input to EMVCo's strategic direction

· Interaction with EMVCo Executive Committee · Seat on Board of Advisors · Company Subscriber benefits

N/A

$12,500

Technical Associate

· Industry stakeholders · Interest in EMVCo working group activities

· Quarterly workshops with WGs · Vote to elect up to six BoA reps · Company Subscriber benefits

· Access to draft specs, User meetings & communications

$25,000

Subscriber

· Company or · Individual

$2,000 $750

Notice: Participation in EMVCo (other than as a member) does not give any equity or voting rights in EMVCo, LLC

Copyright © 2010 EMVCo

26

Participate in EMVCo Today!

Help Shape the Future of Global Payments! To become a Subscriber, Business Associate or Technical Associate (or to learn more),

visit www.emvco.com or email [email protected]

Thank You.

27

Copyright © 2010 EMVCo

Past Accomplishments

· EMV Integrated Circuit Card Specifications for Payment Systems

­ ­ ­ ­ v3.1.1 (EMV 1996) v4.0 / 4.1 (EMV 2000) v4.2 Common Core Definition (CCD) · Defines the common data element content and format · Released in June 2004 as a part of EMV version 4.1 ­ EMV Common Payment Application (CPA) Specification version 1.0

· EMV Contactless Specifications for Payment Systems

­ Contactless Communication Protocol - Contactless Level 1 · PayPass ISO/IEC 14443 Implementation Specification version 1.1 · Version 2.0.1 ­ Entry Point Specification version 1.0

Copyright © 2010 EMVCo

28

Past Accomplishments

· Terminal Type Approval: Approving products since 1999

­ Developed/enhanced Type Approval Test Plans ­ Introduced efficient testing procedures to address vendor needs · Multiple Kernel Configuration Approval Process · Multiple PIN Pad Configuration Approval Process · Multiple Operating System Approval Process ­ Renewal Process and Restricted Renewal Process ­ Contactless Level 1 Approval based on Contactless Communication Protocol Specification ­ Laboratory Approval Process

· Card Type Approval

­ EMVCo accredited laboratories now offer functional card testing based on · Contact Level 1 Test Cases: applicable to all EMV cards · CCD and CPA Level 2 Test Cases ­ Approved first CPA compliant card in Oct 08

29

Copyright © 2010 EMVCo

Past Accomplishments

· Card Personalisation Specification (CPS)

­ Standardises EMV card personalisation leading to faster, more efficient and more economical solutions

· Security Evaluation Process

­ Chip hardware (for any application) ­ CCD and CPA card applications

· Mobile Related Papers

­ White Paper: The Role and Scope of EMVCo in Standardising the Mobile Payments Infrastructure ­ EMV Mobile Contactless Payment: Technical Issues and Position Paper ­ EMVCo Mobile Proximity Contactless Payment FAQ #1

Copyright © 2010 EMVCo

30

Ongoing Activity

· Interoperability Issues Management

­ Management of interoperability problems reported in the field · Liaise with relevant WGs to address preventative actions (spec updates/test cases) · Direct communication with vendors for corrective actions and resolutions ­ 12 open items out of 83 total issues identified as of January 2010 · Status are available on the EMVCo website (view `issues list')

· RSA Key Length Review

­ Annual risk assessment regarding the strength of cryptographic algorithms

Copyright © 2010 EMVCo

31

Participation Level Description

Level

Members

Qualifications /Requirements

·Demonstrated commitment to global EMV interoperability and significant responsibilities in EMV issuance/acceptance in multiple countries ·Capital investment and resource contribution ·Business Associates ·Technical Associates (up to six seats, beginning 2011)

High Level Benefit

·Responsible for final specifications

Fees

Yes

Board of Advisors

·Opportunity to provide input to Executive Committee in strategic direction for EMV

N/A

Business Associate

·Payment Service Providers (Issuers & Acquirers who carry the financial risk of payment transactions, and/or their representative associations and networks) · Committed to EMV deployment and interoperability ·Interest in providing input to EMVCo's strategic direction

·Industry stakeholders (includes payment service providers) ·Interest in monitoring the EMV specifications and providing input to its technical direction ·Interest in EMVCo working group activities Company or Individual

·Seat on Board of Advisors ·Company Subscriber benefits

Yes

Technical Associate

·Enhanced input to/feedback from working groups ·Vote for up to six BoA reps ·Company Subscriber benefits ·Access to draft specs, User meetings & communications

Yes

Subscriber

Yes

Notice: Participation in EMVCo (other than as a member) does not give any equity or voting rights in EMVCo, LLC

Copyright © 2010 EMVCo

32

Information

Slide 1

32 pages

Report File (DMCA)

Our content is added by our users. We aim to remove reported files within 1 working day. Please use this link to notify us:

Report this file as copyright or inappropriate

53446