Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Digital Payments - Netcetera Innovation Summit 2018

Kurt Schmid, our Managing Director Digital Payment, asked: “Merchant Tokenization and SRC – the next BUZZ words – how do these change eCommerce Payments?”.

  • Login to see the comments

  • Be the first to like this

Digital Payments - Netcetera Innovation Summit 2018

  1. 1. Bernried, September 2018 Kurt Schmid, Managing Director Digital Payments A small step for a programmer, a big step for payments Merchant Tokenization & Secure Remote Commerce
  2. 2. Questions Who likes to enter PANs again and again for every new merchant? Who is worried of fraud on his/her card? Who knows all the places where your card data is stored? Why is Amazon so powerful? 2
  3. 3. Tokenization 3
  4. 4. When the PAN and other card data is known fraud can be made with little efforts The PAN and other card data therefore is in PCI- Scope The weakest link makes the level of security Why Tokenization? What is the problem? Securing the Card Number (PAN)
  5. 5. Key and surrounding roles 5 Token Requestor Token Service Provider Card Issuer Merchant End User PSPScheme Acquirer NSP IoT Device Wallet (X Pay) TR TSP Issuer TSP
  6. 6. Card Issuer Token Service Provider Token Requestor Main Use Case: Digitize (Tokenize) Card 6 Yellow case Step up auth.
  7. 7. Main Use Case: Secure variant of Digitize 7 Token Requestor Token Service Provider Card Issuer authenticates Encrypted PAN Green case
  8. 8. Scaling Up Tokenization (1) 8 Token Requestor Token Service Provider Card Issuer
  9. 9. Scaling Up Tokenization (2) 9 Token Requestor Token Service Provider Card Issuer MDES, VTS, AETS
  10. 10. Scaling Up Tokenization (3) 10 Token Requestor Token Service Provider Card Issuer Aggregators Token Requestor TSP Card Issuer TSP
  11. 11. Know Usage for Mobile Contactless Payment 11 Enabling an App to perform mobile contactless payment at the POS Request Tokens via MDES, VTS etc. for Cloud Based Payments NFC Interface to Terminals nbased on Host Card Emulation (HCE) Replenishment of short living card keys to increase security (“SUK”, “LUK” instead of CMKs)
  12. 12. MyBankApp Accounts 6,750.00 Recent Transactions Ready to Pay Tokenization in use for Mobile Contactless Payments 12 Token Requestor (CMS-D, MAP) Scheme Token Service (MDES VTS AETS) Card Issuer authenticates Encrypted PAN PSP, Acquirer Network AuthDeTok.
  13. 13. E-Commerce Payment 13 Enabling an e-Commerce application for Payments Card Not Present and 3DS today’s prevailing methods for checkout
  14. 14. Concerns in eComm Payments 14 Risk/Fraud through different attacks Low Conversion rates on mobile channels Abandonning the checkout process Higher costs for CNP versus CP Merchant concerns Issuer concerns Risk/Fraud through different attacks Cost of customer care Lost transactional Revenue Consumer concerns Ease of onboarding Convience at shopping
  15. 15. Why not use Tokenization in e-Commerce? Each merchant does not store the PAN but a token Security will be Card Present like by using a cryptogram 15 The basic Ideas: Mastercard started M4M (MDES for Merchants) VISA speaking about Tokenizazion in eCommerce and Card of File (COF)
  16. 16. Tokenization in use for e-Commerce Payments 16 Token Requestor (CMS-D, MAP) Scheme Token Service (MDES VTS AETS) Card Issuer PSP, Acquirer Network AuthDeTok. COF PAN Entry
  17. 17. Use Cases Enroll: Add card manually or tokenize from card of file Display cards: Card art coming from token service (User sees his real card image) Transact: Generate EMV cryptogram (can be used for one or more transactions) Lifecycle: Issuer Account Update
  18. 18. Secure Remote Commerce 18 SRC Rocket still to be loaded
  19. 19. Secure Remote Commerce Framework (“SRC”) Defined by EMVCo ( /) Scheme agnostic to help interoperability Pay securely by credit card” button in checkout Will be scheme neutral successor of MasterPass & Visa Checkout starting 2019 / 2020 Will support card tokenization using MDES and VTS Will support card present type security (“cryptograms”) Demonstrator available from Netcetera, Training courses will be available
  20. 20. Roles used in SRC 20 Token Requestor Token Service Provider (Scheme) Card Issuer Supporting SRC SRC System Digital Card Facilitator Digital Shopping Application (aka Merchant) PSP SRC Inititator
  21. 21. SRC Flow once device is registered / returned user
  22. 22. Versus first time flow
  23. 23. Benefits Seamless experience – Starts with card entry like user is used to do No onboarding required – but device / merchant pairing possible from issuer app Works with all schemes in the same way Tokenization and EMV-like security will prevent fraud and lower the costs
  24. 24. As Issuer As Merchant As PSP As Acquirer How to approach this? Ask for a training on SRC done by our expert Thomas Fromherz
  25. 25. Europaplatz4 4020Linz Austria +43664 11211 00 Kurt Schmid Managing Director Digital Payment