Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Merchant tokenization and EMV® Secure Remote Commerce

204 views

Published on

Talk by our expert Kurt Schmid about merchant tokenization and EMV® Secure Remote Commerce, held at MPE on 19 February 2019. Merchant Payments Ecosystems is a leading payment conference for merchants and PSPs.

Published in: Business
  • Be the first to comment

  • Be the first to like this

Merchant tokenization and EMV® Secure Remote Commerce

  1. 1. MPE 2019 @ Berlin Kurt Schmid, Managing Director Digital Payments Addressing Issues in E-Commerce Checkouts Merchant Tokenization & EMV® Secure Remote Commerce
  2. 2. Questions to you, the Audience  Who had experienced fraud on his/her card(s)?  Who likes to enter PANs again and again for every new merchant?  Who knows all the places where his/her card data is stored? 2
  3. 3. E-Commerce Checkouts 3 Majority (61%) is Card based, thereof  29% is Cards-on-File (CoF)  19% Guest Checkout  13% Digital Wallets “Global e-commerce payment market is expected to grow from US$ 24.26 Bn in 2017 to US$ 64.69 Bn by 2025 at a CAGR of 13.1% between 2018 and 2025.” Even stronger growth for m-commerce and in-app payments Source: Mastercard, Worldpay, BCG
  4. 4. Concerns and Challenges in E-Commerce Payments Merchant concerns:  Lost revenues through abandonments and declines  Low conversion rates especially on mobile channels  Risk/fraud through different attacks  Higher transactional costs for CNP versus CP 4 Issuer concerns:  Lost transactional revenues through abandonments and declines  Risk/fraud through different attacks  Cost of customer care 24% Abandonment & Decline rate when 3DS (1.0) is used 17% Decline rate when 3DS is not used 4-10x Higher fraud rate of CNP compared to CP Source of figures: Mastercard, Worldpay, BCG
  5. 5. How to Solve This 5 Cards-on-file:  Replace PAN by token to reduce risk  Improve security to CP level (where a cryptogram is used) Cards in Guest Checkout:  Same as above plus  Improve usability for consumer
  6. 6. Let us Focus on These Points First 6 Cards-on-file:  Replace PAN by token to reduce risk  Improve security to CP level (where a cryptogram is used) Cards in Guest Checkout:  Same as above plus  Improve usability for consumer
  7. 7.  When PAN and other card data is known, fraud can be committed with little effort  That’s why PAN and other card data is in scope for PCI DSS  Replacing the PAN (Funding PAN) by a PAN only used on a device (DPAN) or only with one defined merchant (MPAN) Tokenization Will Improve Security and Usability Securing the card number (PAN) Token Requestor Token Service Provider Card Issuer MDES VTS AETS
  8. 8. … Already Demonstrated by Many Token Requestors 8 Token Requestors Token Service Provider Card Issuer like X Pays, Smart Devices, IoT, …. Issuer Pay Merchant App
  9. 9. MyBankApp Accounts 6,750.00 Recent Transactions Ready to Pay ToPay SDK Already Used for Cloud-Based Payments 9 Token Requestor (CMS-D, MAP) ToPay Server Scheme Token Service (MDES VTS AETS) Card Issuer Authenticates Encrypted PAN PSP, Acquirer Network AuthDeTok.
  10. 10. So let us Apply This for E-Commerce? VISA uses VTS for tokenization in E-Commerce and Card on File (CoF) Mastercard started M4M (MDES for Merchants) The basic ideas  A merchant does not store the PAN but a token  By using a cryptogram, security will be like Card Present 10
  11. 11. Tokenization in E-Commerce is Using Same Principles Like MCP Token Requestor (CMS-D, MAP) Scheme Token Service (MDES VTS AETS) Card Issuer PSP, Acquirer Network AuthDeTok. CoF PAN Entry 17
  12. 12. Enroll:  Add card manually or tokenize from Card-on-file Display cards  Card art coming from token service (user sees his real card image) Transact  Generate EMV cryptogram (can be used for one or more transactions) Lifecycle  Issuer account update Here are the Four Main Use-Cases of Merchant Tokenization
  13. 13. Now to Solve This Challenge 13 Cards-on-file:  Replace PAN by token to reduce risk  Improve security to CP level (where a cryptogram is used) Cards in Guest Checkout:  Same as above plus  Improve usability for consumer
  14. 14. What is The Problem in Usability for the Consumer? 14  Confusing number of checkout options  Inconsistent checkout processes across the various payment options  Entry of card details / addresses cumbersome (in particular on mobile device)  Some checkout options start with onboarding flow (“grrr” – I want to pay now”)  OTP sent via SMS to copy from messaging app to shopping app
  15. 15. The Answer: One Button for all Cards: SRC 15
  16. 16. EMV® Secure Remote Commerce Framework (“SRC”)  Defined by EMVCo (https://www.emvco.com/emv-technologies/src/)  Scheme agnostic to help interoperability  Pay securely via single SRC checkout button  Will be scheme-neutral successor of MasterPass & Visa Checkout starting 2019 / 2020 16
  17. 17. SRC has Some Promising Benefits to Show Seamless experience – cards are magically found by recognizing consumer and device Onboarding can be made easy by pairing consumer and device from within issuer app SRC works the same for all schemes Tokenization and EMV-like security will prevent fraud, lower the costs, and increase approval rates EMV 3-D Secure, outside the scope of SRC, will provide the familiar authentication 17
  18. 18. SRC Flow if Device is Registered / Returned User
  19. 19. Versus First-time Flow
  20. 20. SRC Defines Some new Roles in the Checkout Flow 20 Token Requestor Token Service Provider (Scheme) Participating Card Issuer supporting SRC “SRC PI” SRC System Digital Card Facilitator “DCF” Digital Shopping Application (aka Merchant) “DSA” PSP SRC Initiator “SRCI”
  21. 21. As Merchant / PSP: What to do Next? 21 Netcetera offers insights and technologies to approach this new e-Commerce payment area. Our experience is based on:  A market leader position in 3DS and Digital Payments  Being involved in the development of the standards as an EMVCo Technical Associate  Being connected with all key market players like issuers, merchants, PSP and schemes
  22. 22. Europaplatz4 4020Linz Austria netcetera.com +43664 11211 00 Kurt Schmid Managing Director Digital Payment Kurt.Schmid@netcetera.com 22

×