Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Pcitf iiw10

592 views

Published on

Published in: Economy & Finance, Business
  • Be the first to comment

  • Be the first to like this

Pcitf iiw10

  1. 1. PCI TF Payment Card Industry Trust Framework A Case Study of a Monetized Identity System Sid Sidner (TooTallSid) Ping Identity [email_address] @TooTallSid
  2. 2. Consumer Merchant Cash
  3. 3. Consumer Merchant Acquirer Issuer Payment Networks Payment Card: Payment Flow (Settlement)
  4. 4. PCI – Payment Card Industry <ul><li>Brands (aka Associations) </li></ul><ul><ul><li>Visa </li></ul></ul><ul><ul><li>MasterCard </li></ul></ul><ul><ul><li>American Express </li></ul></ul><ul><ul><li>Discover </li></ul></ul><ul><ul><li>JCB </li></ul></ul><ul><li>Issuer oriented </li></ul><ul><li>Operating rules </li></ul><ul><li>Risk management: On-us vs. Not on-us </li></ul>
  5. 5. Visa EU Ecosystem - 2006
  6. 6. Consumer Merchant Acquirer Issuer Payment Networks Payment Card: Identity Flow (Authorization) 5558 0101 0000 0001 5558 0101 0000 0001 5558 0101 0000 0001 5558 0101 0000 0001
  7. 7. The Identity Transaction <ul><li>Identifier </li></ul><ul><ul><li>PAN – Personal Account Number (PAN) </li></ul></ul><ul><ul><ul><li>Scheme and BIN (Bank Id Number) embedded in PAN to allow routing </li></ul></ul></ul><ul><li>Claim </li></ul><ul><ul><li>Authorize transaction for payment? </li></ul></ul><ul><ul><ul><li>Authorized or Declined </li></ul></ul></ul><ul><li>A Bob Blakley Identity Oracle – no identity data leakage </li></ul><ul><ul><ul><li>Consumer has privacy </li></ul></ul></ul><ul><ul><ul><li>Issuer can monetize being an IdP </li></ul></ul></ul>
  8. 8. EMV Payment Cards <ul><li>EMV – Europay, MasterCard, Visa </li></ul><ul><li>Chip </li></ul><ul><ul><li>Tamper Resistant Security Module </li></ul></ul><ul><ul><li>Contains secrets and crypto to use them </li></ul></ul><ul><li>Secures all aspects of a purchase </li></ul><ul><ul><li>Authenticates Card </li></ul></ul><ul><ul><li>Authenticates User </li></ul></ul><ul><ul><li>Ensures Integrity of Transaction </li></ul></ul><ul><li>Chip & PIN </li></ul><ul><ul><li>PIN (Personal Id Number) verified on card </li></ul></ul><ul><li>Online Chip </li></ul><ul><ul><li>PIN verified at issuer </li></ul></ul><ul><li>Contact & Contactless </li></ul>
  9. 9. OITF
  10. 10. PCITF PCI Brand (e.g . Visa) Operating Rules Issuers Merchants Consumers PCI DSS Assessors Brand certifiers Acquirers
  11. 11. Consumer/ Taxpayer Merchant Acquirer Issuer Payment Networks EMV Value Propositions <ul><li>Issuer fraud reduction </li></ul><ul><li>Peace of mind </li></ul><ul><li>Malware protection </li></ul><ul><li>Identity theft protection </li></ul><ul><li>User centered identity </li></ul><ul><li>PCI compliance cost reduction </li></ul><ul><li>Avoidance of end-to-end encryption cost </li></ul><ul><li>Fraud reduction </li></ul><ul><li>Reduced interchange fees </li></ul><ul><li>Higher spend </li></ul><ul><li>National security protection </li></ul><ul><li>Identity provider fees </li></ul><ul><li>Online enrollment </li></ul>

×