Procesamiento EMV con PRODUCTOS tranzware

872
-1

Published on

Procesamiento EMV con PRODUCTOS tranzware

Carlos SEER
Compass Plus Americas


Compass Plus
Target Minds

0 Comments
2 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
872
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
0
Comments
0
Likes
2
Embeds 0
No embeds

No notes for slide
  • The move from cash to cash payments has freed the financial industry to develop new channels and drive greater profitability.However, it has also heralded escalating fraud rates, increasing legislative pressure and subsequent financial repercussions from loss of revenue and reputationIt was to rectify this and create a more secure payments framework, that card issuers Europay, MasterCard and Visa combined forces to champion the development of EMV – releasing the first set of standards in 1995.
  • Replace traditional magnetic stripe cards, which offered basic security features such as a data-string, signature strip and hologram, Improved security will be provided by an IC or smart card and PIN to identify the card and authenticate the cardholder.
  • Enhanced SecurityUnlike magnetic stripe, the data held on the EMV chip uses specially designed cryptographic algorithms, such as DES, Triple-DES, RSA and SHA, to provide authentication of the card to the processing terminal and the card issuer’s host system. RSA stands for Ron Rivest, Adi Shamir and Leonard Adleman, who first publicly described it in 1978.La familia SHA (Secure Hash Algorithm, Algoritmo de Hash Seguro) By making transaction processes more complex, EMV is able to ‘lock out’ many fraudsters and prevent common practices such as card skimming. Practical attacks in effect are extremely limited.
  • Enhanced SecurityEMV’s use of chip technology greatly reduces a criminal’s ability to reuse stolen payment card data by introducing dynamic forms of cardholder verification for each transaction. Even if payment card data is compromised, a counterfeit card would be unusable at the point of sale without the presence of the card’s unique elements. By reducing static verification methods, it allows card issuers and retailers
  • AdoptionLocal and global liability shifts, applied by payment schemes across 60 countries globally have led to EMV becoming firmly established as the primary payment standard worldwide. Today, 45% of all global payment cards and 76% of all terminals currently use the EMV payment standard.This means that 1.5 billion EMV cards and almost 22 million EMV terminals are now in circulation (Source: EMVCo, EMV deployment figures for Q4 2011).
  • Deployment CostsMagnetic stripe cards cost around 19 cents compared with $1 for a chip-and-PIN card (Source: TowerGroup, 2011). In addition EMV requires an upgrade/replacement of POS and ATM equipment.
  • Deployment CostsPOS upgrade cost can be reduced in markets which can afford to implement a streamlined only version of EMV that does not require offline PIN support. In addition, the investment required by issuers to upgrade cards to EMV can be offset over time as EMV cards offer issuers and retailers the opportunity to treat cards as assets – facilitating new value added customer services on a single card. EMV cards can have a long lifespan and a strong ROI.
  • LongevitySome are also concerned with the age of the standard. EMV will be pushing 20 years old.Experience from successful implementations in a broad range of markets in varying levels of development show it is still holding out against the fraudsters. Its complexity is such that it has maintained its role of cutting out the most basic and frequent forms of card–based financial crime.
  • LongevitySome are also concerned with the age of the standard. EMV will be pushing 20 years old.Experience from successful implementations in a broad range of markets in varying levels of development show it is still holding out against the fraudsters. Its complexity is such that it has maintained its role of cutting out the most basic and frequent forms of card–based financial crime.
  • Liability ShiftThe supposed increased protection from fraud has allowed banks and card issuers to push through a ‘liability shift’ in most markets making merchants liable for any fraud that results from transactions on systems that are not EMV capable. For transactions in which an EMV card is used, the cardholder is assumed to be liable unless they can unquestionably prove they were not present for the transaction or did not authorize the transaction.
  • For Issuers and Retailers Reduced FraudAuthentication of chip card protecting against counterfeit and online and offline fraudBetter risk management parametersDigital data signing for transaction integrityMore robust cardholder verificationAdded Value FeaturesSupport for complex loyalty schemesLocal applications (e-purse, ATM, etc)DPA/CAP
  • For Issuers and Retailers Faster, More Convenient PaymentsSupport for online and offline transactions (DDA/CDA)Support for additional non-payment oriented on-card applications – transport, access, etc.
  • For acquirersReduced Authorization ExpensesFewer Transaction DisputesNew Merchant Accounts (those which were previously too high risk)Greater Offline Transaction Security
  • EMV specifications include the following information:Functionality required for integrated circuit cardsFunctionality required for terminals to ensure correct operation and interoperability with ICC’sSecurity requirements and recommendations with respect to the on-line communication between ICC and issuer and the management of cryptographic keys at terminal, issuer and payment system level
  • EMV standard is supported in various TranzWare products: In TranzWare Online EMV standard is supported in authorization and acquiring settingsIn TranzWare Card Factory it is supported at the stage of card personalizationIn TranzWare Card Management System this standard is supported in Card Limits Definition
  • EMV standard is supported in various TranzWare products: In TranzWare Online EMV standard is supported in authorization and acquiring settingsIn TranzWare Card Management System this standard is supported in Card Limits DefinitionIn TranzWare Card Factory it is supported at the stage of card personalization
  • Let us consider EMV Support in TranzWare Online system. TranzWare Online provides host interfaces supporting this standard. You can see the list of these interfaces on this slide. Speaking about terminal equipment it is necessary to mention that TranzWare Online supports various types of ATMs: NDC+ and DDC D912. There are several configuration types, for example, NCR, ProCash NDC, ProCash NDC/Diebold. But it is necessary to provide additional service maintenance and configure special ATM scenario.EMV cards may be served in TPTP POS-es as well as in TITP POS-es.TranzWare Online supports EMV-cards management by means of Issuer EMV scripts and EMV-tags and prevents overdraft on EMV-cards caused by the cards offline use, it also controls EMV offline-limits.
  • Let us consider EMV Support in TranzWare Online system. TranzWare Online provides host interfaces supporting this standard. You can see the list of these interfaces on this slide. Speaking about terminal equipment it is necessary to mention that TranzWare Online supports various types of ATMs: NDC+ and DDC D912. There are several configuration types, for example, NCR, ProCash NDC, ProCash NDC/Diebold. But it is necessary to provide additional service maintenance and configure special ATM scenario.EMV cards may be served in TPTP POS-es as well as in TITP POS-es.TranzWare Online supports EMV-cards management by means of Issuer EMV scripts and EMV-tags and prevents overdraft on EMV-cards caused by the cards offline use, it also controls EMV offline-limits.
  • Let us consider EMV Support in TranzWare Online system. TranzWare Online provides host interfaces supporting this standard. You can see the list of these interfaces on this slide. Speaking about terminal equipment it is necessary to mention that TranzWare Online supports various types of ATMs: NDC+ and DDC D912. There are several configuration types, for example, NCR, ProCash NDC, ProCash NDC/Diebold. But it is necessary to provide additional service maintenance and configure special ATM scenario.EMV cards may be served in TPTP POS-es as well as in TITP POS-es.TranzWare Online supports EMV-cards management by means of Issuer EMV scripts and EMV-tags and prevents overdraft on EMV-cards caused by the cards offline use, it also controls EMV offline-limits.
  • Let us consider EMV Support in TranzWare Online system. TranzWare Online provides host interfaces supporting this standard. You can see the list of these interfaces on this slide. Speaking about terminal equipment it is necessary to mention that TranzWare Online supports various types of ATMs: NDC+ and DDC D912. There are several configuration types, for example, NCR, ProCash NDC, ProCash NDC/Diebold. But it is necessary to provide additional service maintenance and configure special ATM scenario.EMV cards may be served in TPTP POS-es as well as in TITP POS-es.TranzWare Online supports EMV-cards management by means of Issuer EMV scripts and EMV-tags and prevents overdraft on EMV-cards caused by the cards offline use, it also controls EMV offline-limits.
  • Let us consider EMV online-authorization: A terminal generates transaction request.The terminal sends an AC generation request to the card. EMV card generates Application Cryptogram using transaction data. This Cryptogram is sent to the terminal. In case the Cryptogram is ARQC (Authorization Request Cryptogram), it is sent to the authorizing host.Then the authorization request with ARQC is sent to authorizing host. When the authorizing host receives an authorization request, it analyses its data and generates its own ARQC and compares its value with the value in authorization request. If the values that had been compared coincide, the хост generates ARPC – Authorization Response Cryptogram.Then authorization response with ARPC is sent to the terminal.The terminal sends authorization response with ARPC to the card. The card generates its own and compares its value with the value in authorization responseIf the values that had been compared coincide transaction is completed. If not the card sends a bad ARPC response and the terminal generates transaction reversal.
  • A list of EMV-scripts is defined by EMV specifications. Let us consider Issuer EMV-scripts processing. Issuer Scripts are special commands allowing an Issuer to manage EMV-cards state. These commands are sent to a card with authorization response.
  • There are several Issuing Scripts types: Card Block – blocks all applications of EMV-cardApplication Block – blocks a selected application of EMV-cardApplication Unblock – unblocks a selected application of EMV-cardUpdate Record – modifies data of lineal filePut Data – changes selected card parameter PIN Change – changes Offline PIN codePIN Unblock – unblocks Offline PIN code in case the limit of incorrect PIN tries defined while card issuing had been exceeded.  EMV-scripts are arranged into a queue. The commands at the head of the queue have higher priority.There may be Application block and Card Block scripts in a queue. In case one of these scripts is in a queue it will have the highest priority and will be sent to the card first.
  • PurposeEMV Offline spending control is used to prevent the overdraft on EMV-cards caused by the cards offline useThis technology also allows to synchronize EMV-card and host balances quickly and efficiently control EMV offline-limits. It should be noted that EMV Offline spending control usage may increase authorization time
  • EMV Offline spending control algorithmsNo offline spending control: the funds spent offline are not being counted.Do not hold offline limit: the available balance will change on the amount spent offlineHold offline limit:The “Hold offline limit”algorithm indicates that with each online-authorization, the available balance will be debited for the amount spent offline. This variant provides for the max hold. Hold offline limit but use it for EMV online: The “Hold offline limit but use it for EMV online” algorithm alternative indicates that the offline limit will be hold for the mag stripe online transactions. The mag stripe transaction is initiated: there have been the offline transactions on the card but no any EMV-online transaction. The amount spent offline on the card is unknown as there has been no any EMV online transaction, thus, the Offline limit amount is hold in order to avoid the overdraft.
  • Procesamiento EMV con PRODUCTOS tranzware

    1. 1. PROCESAMIENTO EMV CON PRODUCTOS TRANZWARE Carlos SEER Compass Plus AmericasCopyright © 1998-2012 Compass Plus Ltd. Public, v1.00 E, June 25, 2012.. 1
    2. 2. CONTENIDO 1. PROPÓSITO Y CARACTERISTICAS 2. ADOPCIÓN DE EMV 3. ARGUMENTOS PARA MIGRAR A EMV 4. BENEFICIOS 5. ESTÁNDARD EMV 6. EMV CON PRODUCTOS TRANZWARE 7. PROCESO DE AUTORIZACIONCopyright © 1998-2012 Compass Plus Ltd. Public, v1.00 E, June 25, 2012.. 2
    3. 3. PROPÓSITO Y CARACTERISTICAS Antecedentes  Nuevos medios de pago remplazan al efectivo  La industria abre nuevos canales con intención de aumentar rentabilidad  Fraude aumenta aprovechando debilidades  Para corregir esta situación se concibe EMV  Europay, MasterCard y Visa lanzan la primera versión en 1995Copyright © 1998-2012 Compass Plus Ltd. Public, v1.00 E, June 25, 2012.. 3
    4. 4. PROPÓSITO Y BENEFICIOS Metas  Remplazar las tarjetas con banda magnética tradicionales, cuya seguridad se basa en:  Contenido de la banda magnética  Panel de firma  Holograma  Tarjetas inteligentes - poseen circuito integrado (IC o Chip)  Proporcionara mas seguridad  Emparejado con una clave secreta (PIN) identifica a la tarjeta y al tarjetahabienteCopyright © 1998-2012 Compass Plus Ltd. Public, v1.00 E, June 25, 2012.. 4
    5. 5. PROPÓSITO Y BENEFICIOS Seguridad Mejorada  Los datos se almacenan en un Chip EMV.  Utiliza algoritmos criptográficos especialmente diseñados, como DES, Triple-DES, RSA and SHA  Al hacer el proceso mas complejo, se consigue bloquear fraudes, previniendo practicas comunes como ‘skimming’  Ataques extremadamente limitadosCopyright © 1998-2012 Compass Plus Ltd. Public, v1.00 E, June 25, 2012.. 5
    6. 6. PROPÓSITO Y BENEFICIOS Seguridad Mejorada  El uso de la tecnología de Chip reduce la capacidad de reusar datos de una tarjeta robada  Al implementar forma dinámicas de verificación por transacción  Una tarjeta falsificada será inusable sin la presencia de elementos únicos de la tarjeta.  Métodos estáticos de verificación reducidos  Permite a los emisores y comercios minimizar el valor de datos robadosCopyright © 1998-2012 Compass Plus Ltd. Public, v1.00 E, June 25, 2012.. 6
    7. 7. ADOPCIÓN DE EMV Adopción  El ‘desplazamiento de responsabilidad’, tanto local como global, ha propiciado que EMV se haya establecido firmemente como el estándar primario a nivel mundial  Al día de hoy, 45% de las tarjetas del mundo y 76% de todos los terminales utilizan el estándar EMV  Esto se traduce a 1,500 millones de tarjetas EMV y casi 22 millones de terminles EMV (Fuente: EMVCo, cifras de despliegue EMV para el cuarto trimestre de 2011).Copyright © 1998-2012 Compass Plus Ltd. Public, v1.00 E, June 25, 2012.. 7
    8. 8. ADOPCIÓN DE EMV DESPLIEGUE Y ADOPCIÓN DE EMV MUNDIAL Tasa de Tasa de Región Tarjetas EMV Terminales EMV Adopción Adopción Canadá, América Latina y 318,779,062 41.1% 4,443,000 76.7% El Caribe Asia Pacifico 366,229,237 28.2% 4,551,000 51.4% África y Medio 31,573,578 20.6% 462,000 75.9% Oriente Europe Zona 1 759,760,119 84.4% 11,920,000 94.4% Europe Zona 2 37,104,467 14.5% 610,500 68.1% E.E.U.U.** TOTALES 1,513,446,463 44.7% 21,986,500 76.4% * Cifras reportadas de el 4to trimestre y reprsentan las últimas estadisticas de American Express, JCB, MasterCard y Visa, reportados por sus instituciones financieras miembros a nivel mundial. ** No se incluyen datos de E.E.U.U. Fuente: EMVCoCopyright © 1998-2012 Compass Plus Ltd. Public, v1.00 E, June 25, 2012.. 8
    9. 9. ARGUMENTOS PARA MIGRAR A EMV Costos de Implementación  Tarjetas tradicionales cuestan alrededor de 19 centavos de dólar (*)  En comparación las tarjetas inteligentes cuestan alrededor de 1 dólar.  Adicionalmente hay que agregar los costos de actualizar o remplazar POS y ATM * Fuente: TowerGroup, 2011Copyright © 1998-2012 Compass Plus Ltd. Public, v1.00 E, June 25, 2012.. 9
    10. 10. ARGUMENTOS PARA MIGRAR A EMV Costos de Implementación  Alternativa para POS: Versión simplificada que no requiriera soporte a PIN fuera de línea.  La inversión de modernizar las tarjetas puede compensarse debido a que emisores y comercios tienen la oportunidad de tratar las tarjetas como bienes  Agregando servicios de valor agregado a la tarjeta  Las tarjetas EMV pueden tener duración de vida mayor y un retorno de la inversión (ROI) positivoCopyright © 1998-2012 Compass Plus Ltd. Public, v1.00 E, June 25, 2012.. 10
    11. 11. ARGUMENTOS PARA MIGRAR A EMV Longevidad  El estándar esta cercano a cumplir 20 años  Experiencia en implementaciones exitosas en un amplio rango de mercados y en diferentes niveles muestran que aun es bastante solida en la prevención de fraudes  Su complejidad es tal que mantiene su rol en cortar las formas mas básicas y frecuentes de fraudeCopyright © 1998-2012 Compass Plus Ltd. Public, v1.00 E, June 25, 2012.. 11
    12. 12. ARGUMENTOS PARA MIGRAR A EMV Longevidad  Por ejemplo skimming en ATMs:  Instituciones financieras europeas reportaron una caída de 14 porciento en 20120 y 36 porciento el año anterior, de acuerdo a European ATM Security Team (EAST).Copyright © 1998-2012 Compass Plus Ltd. Public, v1.00 E, June 25, 2012.. 12
    13. 13. ARGUMENTOS PARA MIGRAR A EMV Desplazamiento de Responsabilidad  Basada en una supuesta mayor protección contra fraudes  Permite a emisores pasar la responsabilidad de los fraudes a los comercios en transacciones ‘no EMV’  En transacciones EMV, es el tarjetahabiente quien se asume responsable  El tarjetahabiente debe probar incuestionablemente que él no estuvo presente o que no autorizo la transacciónCopyright © 1998-2012 Compass Plus Ltd. Public, v1.00 E, June 25, 2012.. 13
    14. 14. BENEFICIOS Para Emisores y Comercios  Reduce el Fraude  Autenticación del Chip protege contra falsificación y fraudes en o fuera de línea  Mejores parámetros de administración de riesgo  Firma digital para integridad de las transacciones  Verificación de tarjetahabiente mas robusta  Características de valor agregado  Soporte de esquemas de lealtad complejos  Aplicaciones local (e-purse, ATM, etc.)  DPA/CAP (Dynamic Passcode Authentication / Chip Authentication Program)Copyright © 1998-2012 Compass Plus Ltd. Public, v1.00 E, June 25, 2012.. 14
    15. 15. BENEFICIOS Para Emisores y Comercios  Pagos mas rápidos y convenientes  Soporte de transacciones en o fuera de línea Support (SDA/DDA/CDA)  Soporte para aplicaciones en tarjeta no relacionada a pagos – transport, access, etc.Copyright © 1998-2012 Compass Plus Ltd. Public, v1.00 E, June 25, 2012.. 15
    16. 16. BENEFICIOS Para adquirentes  Gastos de autorización menores  Menor número de disputas  Mas comercios afiliados  Aquellos que anteriormente constituían mucho riesgo  Mayor seguridad en transacciones fuera de líneaCopyright © 1998-2012 Compass Plus Ltd. Public, v1.00 E, June 25, 2012.. 16
    17. 17. ESTÁNDARD EMV  Proporciona interoperabilidad y aceptación de tarjetas de pagos IC a nivel mundial  Desarrollado por Europay, MasterCard y Visa  JCB se unió a la organización en diciembre de 2004  American Express se unió a la organización en febrero de 2009Copyright © 1998-2012 Compass Plus Ltd. Public, v1.00 E, June 25, 2012.. 17
    18. 18. ESTÁNDARD EMV Implementaciones EMV  VSDC - VISA  M/Chip - MasterCard  AEIPS - American Express  J Smart - JCB  D-PAS - Discover/Diners Club InternationalCopyright © 1998-2012 Compass Plus Ltd. Public, v1.00 E, June 25, 2012.. 18
    19. 19. ESTÁNDARD EMV Las especificaciones EMV incluyen la siguiente información  Funcionalidad requerida en las tarjetas de circuito integrado (ICC)  Funcionalidad requerida en los terminales para asegurar operación correcta e interoperabilidad con las ICC  Requerimientos de seguridad y recomendaciones con respecto a:  Comunicación en-línea entre la ICC y el emisor  Administración de llaves criptográficas en los terminales y emisoresCopyright © 1998-2012 Compass Plus Ltd. Public, v1.00 E, June 25, 2012.. 19
    20. 20. PROCESAMIENTO EMV NETWORK NETWORK TWO SWITCH CARD TWCMS MANAGEMENT SYSTEM PERSONALIZATION TWCF SOFTWARE EmbosserCopyright © 1998-2012 Compass Plus Ltd. Public, v1.00 E, June 25, 2012.. 20
    21. 21. SOPORTE EMV EN TRANZWARE  TranzWare Online:  Operaciones criptográficas EMV (emisor y adquirente)  Autorización  Manejo de terminales  TranzWare Card Management System:  Definición de productos de tarjetas  Definición de límites  TranzWare Card Factory:  Personalización  Emisión inmediataCopyright © 1998-2012 Compass Plus Ltd. Public, v1.00 E, June 25, 2012.. 21
    22. 22. EMV SUPPORT IN TRANZWARE ONLINE Tarjetas soportadas  GEMALTO  Giesecke & Devrient GmbH  AUSTRIA Card  Trüeb AG  Novacard  Rosan  Oberthur  Masria Cards  WatchData  Thames Card Technology  KEB Technology Co  AliothCopyright © 1998-2012 Compass Plus Ltd. Public, v1.00 E, June 25, 2012.. 22
    23. 23. EMV SUPPORT IN TRANZWARE ONLINE Cajeros soportados  Nautilus Hyosung Inc.  DORS  Wincor Nixdorf  Diebold  NCRCopyright © 1998-2012 Compass Plus Ltd. Public, v1.00 E, June 25, 2012.. 23
    24. 24. EMV SUPPORT IN TRANZWARE ONLINE POS Soportados  Inpas Ukraine  CyberNet Russia (Lanter Ltd.)  Lanter  Transaction Systems  Arcom  EKASSIR, LLC  Handy Solutions  Delta Engineering  NBA Technologies  Payment Terminal SystemsCopyright © 1998-2012 Compass Plus Ltd. Public, v1.00 E, June 25, 2012.. 24
    25. 25. EMV SUPPORT IN TRANZWARE ONLINE Redes y Sistemas Soportados  VISA (CCD)  MC-Europe, MC-Global  Amex  TIC  JCB  Transmaster  W4  DHI  TPII  Muchos otrosCopyright © 1998-2012 Compass Plus Ltd. Public, v1.00 E, June 25, 2012.. 25
    26. 26. AUTORIZACIÓN EMV 3 Authorizer POS 6 Generate ARQC Solicitud + ARQC 1 5 Validación Solicitud generation AC ARQC 2 Respuesta + ARPC Solicitud + ARQC 8 7 4 Generación Respuesta + ARPC 10 ARPC 9 Validación ARPC *AC – Application Cryptogram *ARQC – Authorization Request Cryptogram *ARPC – Authorization Response CryptogramCopyright © 1998-2012 Compass Plus Ltd. Public, v1.00 E, June 25, 2012.. 26
    27. 27. PROCESAMIENTO DE SCRIPTS DE EMISOR Script de Emisor Respuesta + Scripts de emisor Script de Emisor Script de Emisor *Scriptsde emisor – Los comandos que pueden ser definidos por el emisor con fines de administración de la tarjeta. Estos comandos son enviados en los mensajes de respuestaCopyright © 1998-2012 Compass Plus Ltd. Public, v1.00 E, June 25, 2012.. 27
    28. 28. ISSUING SCRIPT PROCESSING Tipos de Script de emisor: Card Block Bloquea todas las aplicaciones de la tarjeta Application Block Bloquea una aplicación Application Unblock Desbloquea una aplicación Update Record Actualiza datos lineales del archivo Put Data Cambia parámetros de la tarjeta PIN Change/ Unblock – Cambia / desbloquea la clave secretaCopyright © 1998-2012 Compass Plus Ltd. Public, v1.00 E, June 25, 2012.. 28
    29. 29. CONTROL DE GASTOS FUERA DE LÍNEA Proposito  El control de gastos fuera de línea se usa para prevenir sobregiros en una ICC causados por aprobaciones fuera de línea  Esta tecnología también permite sincronizar saldos de la ICC y del autorizador en rápidamente y controlar los limites fuera de línea en forma efectivaCopyright © 1998-2012 Compass Plus Ltd. Public, v1.00 E, June 25, 2012.. 29
    30. 30. CONTROL DE GASTOS FUERA DE LÍNEA Algoritmos de control de gastos fuera de línea  Sin control de gastos fuera de línea  No mantener los límites fuera de línea  Mantener los límites fuera de línea  Mantener los límites fuera de línea y usarlos para EMV en-líneaCopyright © 1998-2012 Compass Plus Ltd. Public, v1.00 E, June 25, 2012.. 30
    31. 31. GRACIAS POR SU ATENCIÓN ¿PREGUNTAS? www.compassplus.comCopyright © 1998-2012 Compass Plus Ltd. Public, v1.00 E, June 25, 2012.. 31

    ×