SlideShare a Scribd company logo

CARTES2015 PEP Card - FINAL

Download as PPTX, PDF
Milos Dunjic
Milos Dunjic
1 of 15
ProxyEMVPay (PEP) Solution (Decoupled Tokenization) by Milos Dunjic (Lungo Consulting Inc.) and Nebo Djurdjevic (Lina Consulting Inc) 1P A T E N T P E N D I N G
Current approach to payment tokenization 2 Bank A – credit card Bank A – debit card Bank B – credit card Bank B – DDA account Store card Private Label card Corporate card Bitcoin wallet Financial accounts Payment devices Cards iPhone Android phone tablet laptop AppleWatch Car SmartTV keyfob ??? ??? ??? ??? ??? ??? ??? ??? Each card account requires multiple tokens, to be supported by the Issuer, Scheme and device OEM – myriad of systems, inconvenient and not covering all consumer accounts/devices pushing digital card tokens to connected devices only P A T E N T P E N D I N G
PEP approach: decoupled tokenization 3 Bank A – credit card Bank A – debit card Bank B – credit card Bank B – DDA account Store card Private Label card Corporate card Bitcoin wallet Financial accounts Payment devices card iPhone Android phone tablet laptop AppleWatch car smartTV keyfob Consumer can enable any smart device containing a PEP token to be linked to any of his/her payment accounts, and change or deactivate the links at any time via mobile app consumer can link any device in flexible way to any payment account P A T E N T P E N D I N G
Coupled vs. Decoupled Tokenization • Payment Token cannot be issued by TSP UNLESS it is uniquely linked to a real Payment Account (i.e. card PAN) – Main purpose of token is to hide real PAN during digital channel payments – Token is permanently and statically linked to a single payment card account and device (at time of issuance) – Token can be for use in single or multiple transactions 4 • Payment Token is pre-issued as ‘inactive’ and can be linked at any time to any Payment Account / Instrument – Tokenized EMV PEP cards automatically protect payment credentials and can be used at any EMV-compliant POS terminal – Multiple PEP-tokenized devices can be securely & dynamically linked on- demand to the same or different underlying payment accounts (at usage time) via PEP mobile app – EMV security and acceptance interface can be extended to other payment systems in the background (e.g. ACH, MNO carrier billing, Bitcoin, etc.) Coupled Tokenization (Card Scheme implementations) Decoupled Tokenization (EMV-compliant extension of tokenization) P A T E N T P E N D I N G
ProxyEMVPay (PEP) Card - Issuing & Perso • PEP Card is standard EMV compliant card – Issued as Visa, MasterCard, Amex or Discover EMV card • Loaded with brand specific payment applets for contact / contactless – Can be issued by non financial 3rd party, Payment Network or traditional financial Card Issuer – Can be offered off the shelf in stores / kiosks or ordered online – Very cost effective to issue and operate • Every PEP Card personalized with: – EMV PEP Token Cryptogram Unique Key – PEP Token (i.e. ISO/IEC 7812 compatible PEP Card Number) – PEP Token Expiry Data • PEP Card is issued as ‘inactive’ – In PEP TSP PEP Token isn’t linked to any underlying payment credentials • PEP Card must be securely linked, via PEP Mobile App to a valid underlying set of payment credentials (i.e. ‘activated’) • PEP Token can be ‘de-activated’ – automatically (when any of the usage restrictions are exceeded) or on- demand (using PEP Management App) • PEP Token can be linked to the same or different payment credentials during different ‘activity’ periods 5 PEP TSP PEP Token NULL Payment Credentials PEP Token Expiry PEP Token Cryptogram Master Key PEP TSP HSM PEP Token PEP Token Cryptogram Unique Key PEP Token Expiry P A T E N T P E N D I N G
ProxyEMVPay (PEP) Card - Linking 6 PEP TSP PEP Token Underlying Card PAN PEP Card PEP Mobile App Maximum Spending Allowance Maximum Number Of Transactions Proof Of Underlying Card Ownership (3D Secure CAVV, ECI, and XID) PEP Token Expiry Step 1: Consumer provides PEP Token + Underlying Card [PAN, Expiry Date, CVV] + Defines usage Restrictions like: Maximum Spending Allowance Maximum Number Of Transactions Maximum Linking Time Period Proof Of Underlying Card Ownership (3D Secure CAVV, ECI, and XID) Step 2: Establish Linking Record between PEP Token Data and Underlying Payment Card Data Step 3: Establish Usage Restrictions Record Step 4: Confirmation Underlying Payment Card PEP Token Cryptogram Master Key PEP TSP HSM P A T E N T P E N D I N G Maximum Linking Time Period
ProxyEMVPay (PEP) Card Transaction Flow - PEP TSP integrated with Issuer Host 7 PEP TSPr PEP Card Underlying Card Account ACQ Card Issuer Host Payment Network Step 1: POS reads PEP card EMV data PEP Token Step 7: Underlying Card Issuer authorizes the request (treats it as Card Present type if it has relationship with / trusts its own PEP TSP) Underlying Card PAN PEP Token Cryptogram Master Key PEP TSP HSM Maximum Spending Allowance Maximum Number Of Transactions Proof Of Underlying Card Ownership (3D Secure CAVV, ECI, and XID) Step 6: PEP TSP verifies PEP card EMV data, verifies usage restrictions, de-tokenizes PEP card EMV data, responds with EMVCo Tokenization compatible response containing Underlying Card PAN P A T E N T P E N D I N GMaximum Linking Time Period
ProxyEMVPay (PEP) Card Transaction Flow - PEP TSP integrated with Payment Network 8 PEP TSPr PEP Card Underlying Card Account ACQ Card Issuer Host Payment Network Step 1: POS reads PEP card EMV data PEP Token Step 2: POS forwards PEP card EMV data to ACQ Step 3: ACQ sends PEP card EMV data to Payment Network Step 5: PEP TSP verifies PEP card EMV data, verifies usage restrictions, de-tokenizes PEP card EMV data, responds with EMVCo Tokenization compatible response containing Underlying Card PAN Step 6: Payment Network sends EMVCo Tokenization compatible response with Underlying Card PAN data to Underlying Card Issuer Step 7: Underlying Card Issuer authorizes the request (treats it as Card Present type since it trusts Payment Network certified PEP TSP) Underlying Card PAN PEP Token Cryptogram Master Key PEP TSP HSM Maximum Spending Allowance Maximum Number Of Transactions Proof Of Underlying Card Ownership (3D Secure CAVV, ECI, and XID) P A T E N T P E N D I N G Maximum Linking Time Period
ProxyEMVPay (PEP) Card Transaction Flow - PEP TSP integrated with Acquirer 9 PEP TSPr PEP Card Underlying Card Account ACQ Card Issuer Host Payment Network Step 1: POS reads PEP card EMV data PEP Token Step 2: POS forwards PEP card EMV data to ACQ Step 3: ACQ sends PEP card EMV data to PEP TSP for de- tokenizing (PEP TSP own BIN range) Step 4: PEP TSP verifies PEP card EMV data, verifies usage restrictions, de-tokenizes PEP card EMV data, responds with EMVCo Tokenization compatible response containing Underlying Card PAN Step 6: Payment Network sends EMVCo Tokenization compatible response with Underlying Card PAN data to Underlying Card Issuer Step 7: Underlying Card Issuer authorizes the request (treats it as Card Present type since it trusts Payment Network certified PEP TSP) Underlying Card PAN PEP Token Cryptogram Master Key PEP TSP HSM Maximum Spending Allowance Maximum Number Of Transactions Proof Of Underlying Card Ownership (3D Secure CAVV, ECI, and XID) P A T E N T P E N D I N G Step 5: ACQ sends EMVCo Tokenization compatible response with Underlying Card PAN data to Payment Network Maximum Linking Time Period
ProxyEMVPay Card Use Cases: Remittances 10 • Set-up – Solution to be offered by banks or specialized money transfer companies – Principle: recipient will access funds on account from sender (in sending country) by using a PEP card • Recipient obtains (locally) a pre-tokenized, ‘inactive’ ProxyEMVPay (PEP) card (anonymous) • Sender ‘activates’ the recipient’s PEP card in a secure way – Sender uses PEP Mobile App and links the recipient’s PEP card to sender’s payment card account – Sender defines Maximum Spending Allowance, Maximum Number Of Transactions • Recipient can use the PEP card after it’s been activated up to the Maximum Spending Allowance and/or Maximum Number Of Transactions (ATM, POS) • Benefits – Money transfer provider • Full EMV security, payment credential protection • Provision of cash on receiving end without using costly agents network • Ability to enable sender to link his account to PEP cards from multiple recipients (also in ≠ countries) – Senders and recipients of funds • high convenience (fast, secure, ability to withdraw money in multiple parts, no need to carry all cash) • cost-effectiveness (mainly ATM fees) • ability to spend funds with card at POS • ability to receive funds from multiple senders on same card P A T E N T P E N D I N G
ProxyEMVPay Card Use Cases: Decoupled payment wallet 11 • Set-up – Two (decoupled) payment legs: purchase from merchant and funding by consumer – Purchase from merchant • Initiated at POS by consumer PEP device (e.g. card, mobile phone) provided by Third Party Wallet Provider (TPP - can be a MNO, merchant, device OEM, any other digital wallet provider) • Processed as a card transaction, against a central card account (wallet account) held by the Third Party Provider (and issued by a bank partner or using own scheme license) • Merchant is paid by his Acquirer, through normal scheme settlement with the Issuer of the TPP card account – Funding of wallet by consumer • Consumer securely links a funding account to (each) PEP-enabled device (e.g. bank account via ACH, carrier billing, card account) • TPP wallet will initiate a funding transaction request from the linked account for each transaction that hits the central wallet account • Benefits – Purchase at POS is enabled using the card network and acceptance infrastructure, providing ubiquity without infrastructure investments • ignites adoption of digital wallets and enables new payment business models by removing acceptance hurdle – Funding of the purchases is decoupled from the POS process, and provides flexibility to consumers to choose their preferred funding method (regardless of merchant acceptance) – In Europe, the TPP could act as Payment Initiation service provider under PSD2 P A T E N T P E N D I N G
ProxyEMVPay Card Use Cases: Retailer Store Card Programs 12 • Set-up – Closed loop program to be offered by Acquirer or directly by Merchant – Consumer gets PEP-enabled card (and/or mobile HCE token) to serve as payment and loyalty device – Consumer securely links an existing payment card to the PEP device – Acquirer will connect with PEP TSP (or run internally) for de-tokenization into linked card PAN before routing the transaction to the card network – Program can also be extended to group of merchants (e.g. shopping mall, lunch voucher program, brands belonging to same group) • Benefits – Consumers • single card for loyalty and payment • integrated wallet in merchant mobile app • no need to get a new payment account or to put funds in a prepaid account – Merchants • no need to offer financial accounts to consumers and take on liability/risk • no restriction to cooperation with single financial institution • platform for merchant to design marketing/loyalty benefits for cardholders, potentially co-funded by partner banks (win-win) – Acquirers • white label loyalty and payment solution for merchants as value-added service and to create stickiness – Issuers • ability to create multiple partnerships with merchants, and to offer customized deals to customers based on life style preferences and purchasing habits/interests P A T E N T P E N D I N G
ProxyEMVPay Card Use Cases: Corporate Travel Cards 13 • Set-up – Corporation has small number of REAL corporate travel card accounts (i.e. ‘PAN per cost center’) – Corporation provides employees with pre-tokenized, ‘inactive’ EMV compatible PEP cards, compatible with the payment network brand behind REAL corporate travel card accounts – Before actual travel takes place, authorized corporate person • links the employee’s PEP travel card to one of the REAL underlying corporate travel card account PANs (i.e. cost center) • 3D Secure is used to authenticate the authorized corporate person • Authorized corporate person sets the spending parameters (e.g. Maximum Spending Allowance, Maximum Linking Time Period, Maximum Number Of Transactions) – All transactions made by the employee’s PEP corporate card are authorized from the REAL corporate travel card account (i.e. cost center), which is linked to the employee’s PEP travel card • Benefits – Corporation • Real corporate card payment credential protection • full spending control • automatic expense consolidation to appropriate cost centers – Employee • convenience of a regular corporate card • automatic expense report generation – Corporate Card Provider • full EMV security • Simplicity and cost-effectiveness of issuance • easy replacement if lost or stolen • risk control P A T E N T P E N D I N G
14P A T E N T P E N D I N G
15P A T E N T P E N D I N G

Recommended

Smart Card EMV for Dummies
Smart Card EMV for DummiesSmart Card EMV for Dummies
Smart Card EMV for DummiesSilly Beez
 
ACR83 product presentation by Advanced Card Systems Ltd.
ACR83 product presentation by Advanced Card Systems Ltd.ACR83 product presentation by Advanced Card Systems Ltd.
ACR83 product presentation by Advanced Card Systems Ltd.Advanced Card Systems Ltd.
 
So you want to be an EMV Issuer...
So you want to be an EMV Issuer...So you want to be an EMV Issuer...
So you want to be an EMV Issuer...Ainsley Ward
 
Emv overview-payscape-2015 (1)
Emv overview-payscape-2015 (1)Emv overview-payscape-2015 (1)
Emv overview-payscape-2015 (1)Karina Khemani
 
Abdullin modern payments security. emv, nfc, etc
Abdullin modern payments security. emv, nfc, etcAbdullin modern payments security. emv, nfc, etc
Abdullin modern payments security. emv, nfc, etcDefconRussia
 
EMV Overview
EMV OverviewEMV Overview
EMV OverviewKona Software Lab Limited.
 
Secure QR code payment
Secure QR code paymentSecure QR code payment
Secure QR code paymentJames Wu
 
S.m.o.k.e. technologies
S.m.o.k.e. technologiesS.m.o.k.e. technologies
S.m.o.k.e. technologiesshub99
 

Recommended

Smart Card EMV for Dummies
Smart Card EMV for DummiesSmart Card EMV for Dummies
Smart Card EMV for DummiesSilly Beez
 
ACR83 product presentation by Advanced Card Systems Ltd.
ACR83 product presentation by Advanced Card Systems Ltd.ACR83 product presentation by Advanced Card Systems Ltd.
ACR83 product presentation by Advanced Card Systems Ltd.Advanced Card Systems Ltd.
 
So you want to be an EMV Issuer...
So you want to be an EMV Issuer...So you want to be an EMV Issuer...
So you want to be an EMV Issuer...Ainsley Ward
 
Emv overview-payscape-2015 (1)
Emv overview-payscape-2015 (1)Emv overview-payscape-2015 (1)
Emv overview-payscape-2015 (1)Karina Khemani
 
Abdullin modern payments security. emv, nfc, etc
Abdullin modern payments security. emv, nfc, etcAbdullin modern payments security. emv, nfc, etc
Abdullin modern payments security. emv, nfc, etcDefconRussia
 
EMV Overview
EMV OverviewEMV Overview
EMV OverviewKona Software Lab Limited.
 
Secure QR code payment
Secure QR code paymentSecure QR code payment
Secure QR code paymentJames Wu
 
S.m.o.k.e. technologies
S.m.o.k.e. technologiesS.m.o.k.e. technologies
S.m.o.k.e. technologiesshub99
 
Webteh eWallet
Webteh eWalletWebteh eWallet
Webteh eWalletRade Strizak
 
Secure Electronic Transaction (SET)
Secure Electronic Transaction (SET)Secure Electronic Transaction (SET)
Secure Electronic Transaction (SET)Syed Taimoor Hussain Shah
 
EMV chip cards
EMV chip cardsEMV chip cards
EMV chip cardsDilip Kumar
 
Emv Explained in few words
Emv Explained in few words Emv Explained in few words
Emv Explained in few words Banque Populaire Du Rwanda
 
Digital wallet
Digital walletDigital wallet
Digital walletSohil Gupta
 
Emv and fraud
Emv and fraudEmv and fraud
Emv and fraudUjwal Tamminedi
 
Online Payment Gateway System
Online Payment Gateway SystemOnline Payment Gateway System
Online Payment Gateway SystemMannu Khani
 
Card payment evolution v1.0
Card payment evolution v1.0Card payment evolution v1.0
Card payment evolution v1.0Nugroho Gito
 
Digital payment system
Digital payment systemDigital payment system
Digital payment systemBharatHajare1
 
Moneypad
MoneypadMoneypad
Moneypadankur bhalla
 
mWallet
mWalletmWallet
mWalletInna Rumiantseva
 
From plastic to secured bits. A mobile wallet for virtual cards on the mobil...
From plastic to secured bits. A mobile wallet for virtual cards on the mobil...From plastic to secured bits. A mobile wallet for virtual cards on the mobil...
From plastic to secured bits. A mobile wallet for virtual cards on the mobil...Axel Nennker
 
E-money Payment System
E-money Payment SystemE-money Payment System
E-money Payment SystemMikhail Miroshnichenko
 
AnyID: Security Point of View
AnyID: Security Point of ViewAnyID: Security Point of View
AnyID: Security Point of ViewNarudom Roongsiriwong, CISSP
 
Finovate solutions
Finovate solutions Finovate solutions
Finovate solutions Inna Rumiantseva
 
Class 13
Class 13Class 13
Class 13Dr. Ajith Sundaram
 
AnyID and Privacy
AnyID and PrivacyAnyID and Privacy
AnyID and PrivacyNarudom Roongsiriwong, CISSP
 
Digital wallet (e-wallet)
Digital wallet (e-wallet)Digital wallet (e-wallet)
Digital wallet (e-wallet)Krishna Kumar
 
GXXD Pay initial presentation
GXXD Pay initial presentationGXXD Pay initial presentation
GXXD Pay initial presentationJason Maggio
 
Class 11
Class 11Class 11
Class 11Dr. Ajith Sundaram
 
Electronic Payment Systems Shortened
Electronic Payment Systems ShortenedElectronic Payment Systems Shortened
Electronic Payment Systems ShortenedRitesh Verma
 
electronicpaymentsystem-12697023522629-phpapp01.pdf
electronicpaymentsystem-12697023522629-phpapp01.pdfelectronicpaymentsystem-12697023522629-phpapp01.pdf
electronicpaymentsystem-12697023522629-phpapp01.pdfUjwalReddyPB
 

More Related Content

What's hot

Online Payment Gateway System
Online Payment Gateway SystemOnline Payment Gateway System
Online Payment Gateway SystemMannu Khani
 
Card payment evolution v1.0
Card payment evolution v1.0Card payment evolution v1.0
Card payment evolution v1.0Nugroho Gito
 
Digital payment system
Digital payment systemDigital payment system
Digital payment systemBharatHajare1
 
From plastic to secured bits. A mobile wallet for virtual cards on the mobil...
From plastic to secured bits. A mobile wallet for virtual cards on the mobil...From plastic to secured bits. A mobile wallet for virtual cards on the mobil...
From plastic to secured bits. A mobile wallet for virtual cards on the mobil...Axel Nennker
 
Digital wallet (e-wallet)
Digital wallet (e-wallet)Digital wallet (e-wallet)
Digital wallet (e-wallet)Krishna Kumar
 
GXXD Pay initial presentation
GXXD Pay initial presentationGXXD Pay initial presentation
GXXD Pay initial presentationJason Maggio
 

What's hot (20)

Webteh eWallet
Webteh eWalletWebteh eWallet
Webteh eWallet
 
Secure Electronic Transaction (SET)
Secure Electronic Transaction (SET)Secure Electronic Transaction (SET)
Secure Electronic Transaction (SET)
 
EMV chip cards
EMV chip cardsEMV chip cards
EMV chip cards
 
Emv Explained in few words
Emv Explained in few words Emv Explained in few words
Emv Explained in few words
 
Digital wallet
Digital walletDigital wallet
Digital wallet
 
Emv and fraud
Emv and fraudEmv and fraud
Emv and fraud
 
Online Payment Gateway System
Online Payment Gateway SystemOnline Payment Gateway System
Online Payment Gateway System
 
Card payment evolution v1.0
Card payment evolution v1.0Card payment evolution v1.0
Card payment evolution v1.0
 
Digital payment system
Digital payment systemDigital payment system
Digital payment system
 
Moneypad
MoneypadMoneypad
Moneypad
 
mWallet
mWalletmWallet
mWallet
 
From plastic to secured bits. A mobile wallet for virtual cards on the mobil...
From plastic to secured bits. A mobile wallet for virtual cards on the mobil...From plastic to secured bits. A mobile wallet for virtual cards on the mobil...
From plastic to secured bits. A mobile wallet for virtual cards on the mobil...
 
E-money Payment System
E-money Payment SystemE-money Payment System
E-money Payment System
 
AnyID: Security Point of View
AnyID: Security Point of ViewAnyID: Security Point of View
AnyID: Security Point of View
 
Finovate solutions
Finovate solutions Finovate solutions
Finovate solutions
 
Class 13
Class 13Class 13
Class 13
 
AnyID and Privacy
AnyID and PrivacyAnyID and Privacy
AnyID and Privacy
 
Digital wallet (e-wallet)
Digital wallet (e-wallet)Digital wallet (e-wallet)
Digital wallet (e-wallet)
 
GXXD Pay initial presentation
GXXD Pay initial presentationGXXD Pay initial presentation
GXXD Pay initial presentation
 
Class 11
Class 11Class 11
Class 11
 

Similar to CARTES2015 PEP Card - FINAL

Electronic Payment Systems Shortened
Electronic Payment Systems ShortenedElectronic Payment Systems Shortened
Electronic Payment Systems ShortenedRitesh Verma
 
electronicpaymentsystem-12697023522629-phpapp01.pdf
electronicpaymentsystem-12697023522629-phpapp01.pdfelectronicpaymentsystem-12697023522629-phpapp01.pdf
electronicpaymentsystem-12697023522629-phpapp01.pdfUjwalReddyPB
 
Payment gateway testing
Payment gateway testingPayment gateway testing
Payment gateway testingAtul Pant
 
Online payment system
Online payment systemOnline payment system
Online payment systemmyangel27
 
Tim sloane preparing for rapid payments innovation
Tim sloane preparing for rapid payments innovationTim sloane preparing for rapid payments innovation
Tim sloane preparing for rapid payments innovationCO-OPFinancialServices
 
Electronic Payment System
Electronic Payment SystemElectronic Payment System
Electronic Payment SystemRitesh Goyal
 
Payment gateway/payment service providers and future trends in mobile payment...
Payment gateway/payment service providers and future trends in mobile payment...Payment gateway/payment service providers and future trends in mobile payment...
Payment gateway/payment service providers and future trends in mobile payment...Danail Yotov
 
electronic commerce payment systems
electronic commerce payment systemselectronic commerce payment systems
electronic commerce payment systemstumetr1
 
Finovate solutions 2015 v2.2
Finovate solutions 2015 v2.2Finovate solutions 2015 v2.2
Finovate solutions 2015 v2.2Yuriy Chayka
 
Electronic Payment Fundamentals: When Tech Embracing Payment Industry
Electronic Payment Fundamentals: When Tech Embracing Payment IndustryElectronic Payment Fundamentals: When Tech Embracing Payment Industry
Electronic Payment Fundamentals: When Tech Embracing Payment IndustryGoutama Bachtiar
 
Smart card to the cloud for convenient, secured nfc payment
Smart card to the cloud for convenient, secured nfc paymentSmart card to the cloud for convenient, secured nfc payment
Smart card to the cloud for convenient, secured nfc paymentKona Software Lab Limited.
 
Set Secure Electronic Transaction (SET)
Set Secure Electronic Transaction (SET)Set Secure Electronic Transaction (SET)
Set Secure Electronic Transaction (SET)Suraj Dhalwar
 
Smart Card to the Cloud for Convenient, Secured NFC Payment
Smart Card to the Cloud for Convenient, Secured NFC PaymentSmart Card to the Cloud for Convenient, Secured NFC Payment
Smart Card to the Cloud for Convenient, Secured NFC PaymentSazzadur Rahaman
 
MIS 10 Electronic Payment System
MIS 10 Electronic Payment SystemMIS 10 Electronic Payment System
MIS 10 Electronic Payment SystemTushar B Kute
 
Secure electronic transactions (SET)
Secure electronic transactions (SET)Secure electronic transactions (SET)
Secure electronic transactions (SET)Omar Ghazi
 

Similar to CARTES2015 PEP Card - FINAL (20)

Electronic Payment Systems Shortened
Electronic Payment Systems ShortenedElectronic Payment Systems Shortened
Electronic Payment Systems Shortened
 
electronicpaymentsystem-12697023522629-phpapp01.pdf
electronicpaymentsystem-12697023522629-phpapp01.pdfelectronicpaymentsystem-12697023522629-phpapp01.pdf
electronicpaymentsystem-12697023522629-phpapp01.pdf
 
Payment gateway testing
Payment gateway testingPayment gateway testing
Payment gateway testing
 
Online payment system
Online payment systemOnline payment system
Online payment system
 
Tim sloane preparing for rapid payments innovation
Tim sloane preparing for rapid payments innovationTim sloane preparing for rapid payments innovation
Tim sloane preparing for rapid payments innovation
 
Electronic Payment System
Electronic Payment SystemElectronic Payment System
Electronic Payment System
 
Electronic payment by ahmad
Electronic payment by ahmadElectronic payment by ahmad
Electronic payment by ahmad
 
Payment gateway/payment service providers and future trends in mobile payment...
Payment gateway/payment service providers and future trends in mobile payment...Payment gateway/payment service providers and future trends in mobile payment...
Payment gateway/payment service providers and future trends in mobile payment...
 
electronic commerce payment systems
electronic commerce payment systemselectronic commerce payment systems
electronic commerce payment systems
 
Micro Finance with Smart Card
Micro Finance with Smart CardMicro Finance with Smart Card
Micro Finance with Smart Card
 
Finovate solutions 2015 v2.2
Finovate solutions 2015 v2.2Finovate solutions 2015 v2.2
Finovate solutions 2015 v2.2
 
Electronic Payment Fundamentals: When Tech Embracing Payment Industry
Electronic Payment Fundamentals: When Tech Embracing Payment IndustryElectronic Payment Fundamentals: When Tech Embracing Payment Industry
Electronic Payment Fundamentals: When Tech Embracing Payment Industry
 
Electronic payment systems
Electronic payment systemsElectronic payment systems
Electronic payment systems
 
Smart card to the cloud for convenient, secured nfc payment
Smart card to the cloud for convenient, secured nfc paymentSmart card to the cloud for convenient, secured nfc payment
Smart card to the cloud for convenient, secured nfc payment
 
Set Secure Electronic Transaction (SET)
Set Secure Electronic Transaction (SET)Set Secure Electronic Transaction (SET)
Set Secure Electronic Transaction (SET)
 
E walllet / Digital Wallet
E walllet / Digital WalletE walllet / Digital Wallet
E walllet / Digital Wallet
 
Smart Card to the Cloud for Convenient, Secured NFC Payment
Smart Card to the Cloud for Convenient, Secured NFC PaymentSmart Card to the Cloud for Convenient, Secured NFC Payment
Smart Card to the Cloud for Convenient, Secured NFC Payment
 
The Top 25 Payment Processing Terms
The Top 25 Payment Processing TermsThe Top 25 Payment Processing Terms
The Top 25 Payment Processing Terms
 
MIS 10 Electronic Payment System
MIS 10 Electronic Payment SystemMIS 10 Electronic Payment System
MIS 10 Electronic Payment System
 
Secure electronic transactions (SET)
Secure electronic transactions (SET)Secure electronic transactions (SET)
Secure electronic transactions (SET)
 

CARTES2015 PEP Card - FINAL

  • 1. ProxyEMVPay (PEP) Solution (Decoupled Tokenization) by Milos Dunjic (Lungo Consulting Inc.) and Nebo Djurdjevic (Lina Consulting Inc) 1P A T E N T P E N D I N G
  • 2. Current approach to payment tokenization 2 Bank A – credit card Bank A – debit card Bank B – credit card Bank B – DDA account Store card Private Label card Corporate card Bitcoin wallet Financial accounts Payment devices Cards iPhone Android phone tablet laptop AppleWatch Car SmartTV keyfob ??? ??? ??? ??? ??? ??? ??? ??? Each card account requires multiple tokens, to be supported by the Issuer, Scheme and device OEM – myriad of systems, inconvenient and not covering all consumer accounts/devices pushing digital card tokens to connected devices only P A T E N T P E N D I N G
  • 3. PEP approach: decoupled tokenization 3 Bank A – credit card Bank A – debit card Bank B – credit card Bank B – DDA account Store card Private Label card Corporate card Bitcoin wallet Financial accounts Payment devices card iPhone Android phone tablet laptop AppleWatch car smartTV keyfob Consumer can enable any smart device containing a PEP token to be linked to any of his/her payment accounts, and change or deactivate the links at any time via mobile app consumer can link any device in flexible way to any payment account P A T E N T P E N D I N G
  • 4. Coupled vs. Decoupled Tokenization • Payment Token cannot be issued by TSP UNLESS it is uniquely linked to a real Payment Account (i.e. card PAN) – Main purpose of token is to hide real PAN during digital channel payments – Token is permanently and statically linked to a single payment card account and device (at time of issuance) – Token can be for use in single or multiple transactions 4 • Payment Token is pre-issued as ‘inactive’ and can be linked at any time to any Payment Account / Instrument – Tokenized EMV PEP cards automatically protect payment credentials and can be used at any EMV-compliant POS terminal – Multiple PEP-tokenized devices can be securely & dynamically linked on- demand to the same or different underlying payment accounts (at usage time) via PEP mobile app – EMV security and acceptance interface can be extended to other payment systems in the background (e.g. ACH, MNO carrier billing, Bitcoin, etc.) Coupled Tokenization (Card Scheme implementations) Decoupled Tokenization (EMV-compliant extension of tokenization) P A T E N T P E N D I N G
  • 5. ProxyEMVPay (PEP) Card - Issuing & Perso • PEP Card is standard EMV compliant card – Issued as Visa, MasterCard, Amex or Discover EMV card • Loaded with brand specific payment applets for contact / contactless – Can be issued by non financial 3rd party, Payment Network or traditional financial Card Issuer – Can be offered off the shelf in stores / kiosks or ordered online – Very cost effective to issue and operate • Every PEP Card personalized with: – EMV PEP Token Cryptogram Unique Key – PEP Token (i.e. ISO/IEC 7812 compatible PEP Card Number) – PEP Token Expiry Data • PEP Card is issued as ‘inactive’ – In PEP TSP PEP Token isn’t linked to any underlying payment credentials • PEP Card must be securely linked, via PEP Mobile App to a valid underlying set of payment credentials (i.e. ‘activated’) • PEP Token can be ‘de-activated’ – automatically (when any of the usage restrictions are exceeded) or on- demand (using PEP Management App) • PEP Token can be linked to the same or different payment credentials during different ‘activity’ periods 5 PEP TSP PEP Token NULL Payment Credentials PEP Token Expiry PEP Token Cryptogram Master Key PEP TSP HSM PEP Token PEP Token Cryptogram Unique Key PEP Token Expiry P A T E N T P E N D I N G
  • 6. ProxyEMVPay (PEP) Card - Linking 6 PEP TSP PEP Token Underlying Card PAN PEP Card PEP Mobile App Maximum Spending Allowance Maximum Number Of Transactions Proof Of Underlying Card Ownership (3D Secure CAVV, ECI, and XID) PEP Token Expiry Step 1: Consumer provides PEP Token + Underlying Card [PAN, Expiry Date, CVV] + Defines usage Restrictions like: Maximum Spending Allowance Maximum Number Of Transactions Maximum Linking Time Period Proof Of Underlying Card Ownership (3D Secure CAVV, ECI, and XID) Step 2: Establish Linking Record between PEP Token Data and Underlying Payment Card Data Step 3: Establish Usage Restrictions Record Step 4: Confirmation Underlying Payment Card PEP Token Cryptogram Master Key PEP TSP HSM P A T E N T P E N D I N G Maximum Linking Time Period
  • 7. ProxyEMVPay (PEP) Card Transaction Flow - PEP TSP integrated with Issuer Host 7 PEP TSPr PEP Card Underlying Card Account ACQ Card Issuer Host Payment Network Step 1: POS reads PEP card EMV data PEP Token Step 7: Underlying Card Issuer authorizes the request (treats it as Card Present type if it has relationship with / trusts its own PEP TSP) Underlying Card PAN PEP Token Cryptogram Master Key PEP TSP HSM Maximum Spending Allowance Maximum Number Of Transactions Proof Of Underlying Card Ownership (3D Secure CAVV, ECI, and XID) Step 6: PEP TSP verifies PEP card EMV data, verifies usage restrictions, de-tokenizes PEP card EMV data, responds with EMVCo Tokenization compatible response containing Underlying Card PAN P A T E N T P E N D I N GMaximum Linking Time Period
  • 8. ProxyEMVPay (PEP) Card Transaction Flow - PEP TSP integrated with Payment Network 8 PEP TSPr PEP Card Underlying Card Account ACQ Card Issuer Host Payment Network Step 1: POS reads PEP card EMV data PEP Token Step 2: POS forwards PEP card EMV data to ACQ Step 3: ACQ sends PEP card EMV data to Payment Network Step 5: PEP TSP verifies PEP card EMV data, verifies usage restrictions, de-tokenizes PEP card EMV data, responds with EMVCo Tokenization compatible response containing Underlying Card PAN Step 6: Payment Network sends EMVCo Tokenization compatible response with Underlying Card PAN data to Underlying Card Issuer Step 7: Underlying Card Issuer authorizes the request (treats it as Card Present type since it trusts Payment Network certified PEP TSP) Underlying Card PAN PEP Token Cryptogram Master Key PEP TSP HSM Maximum Spending Allowance Maximum Number Of Transactions Proof Of Underlying Card Ownership (3D Secure CAVV, ECI, and XID) P A T E N T P E N D I N G Maximum Linking Time Period
  • 9. ProxyEMVPay (PEP) Card Transaction Flow - PEP TSP integrated with Acquirer 9 PEP TSPr PEP Card Underlying Card Account ACQ Card Issuer Host Payment Network Step 1: POS reads PEP card EMV data PEP Token Step 2: POS forwards PEP card EMV data to ACQ Step 3: ACQ sends PEP card EMV data to PEP TSP for de- tokenizing (PEP TSP own BIN range) Step 4: PEP TSP verifies PEP card EMV data, verifies usage restrictions, de-tokenizes PEP card EMV data, responds with EMVCo Tokenization compatible response containing Underlying Card PAN Step 6: Payment Network sends EMVCo Tokenization compatible response with Underlying Card PAN data to Underlying Card Issuer Step 7: Underlying Card Issuer authorizes the request (treats it as Card Present type since it trusts Payment Network certified PEP TSP) Underlying Card PAN PEP Token Cryptogram Master Key PEP TSP HSM Maximum Spending Allowance Maximum Number Of Transactions Proof Of Underlying Card Ownership (3D Secure CAVV, ECI, and XID) P A T E N T P E N D I N G Step 5: ACQ sends EMVCo Tokenization compatible response with Underlying Card PAN data to Payment Network Maximum Linking Time Period
  • 10. ProxyEMVPay Card Use Cases: Remittances 10 • Set-up – Solution to be offered by banks or specialized money transfer companies – Principle: recipient will access funds on account from sender (in sending country) by using a PEP card • Recipient obtains (locally) a pre-tokenized, ‘inactive’ ProxyEMVPay (PEP) card (anonymous) • Sender ‘activates’ the recipient’s PEP card in a secure way – Sender uses PEP Mobile App and links the recipient’s PEP card to sender’s payment card account – Sender defines Maximum Spending Allowance, Maximum Number Of Transactions • Recipient can use the PEP card after it’s been activated up to the Maximum Spending Allowance and/or Maximum Number Of Transactions (ATM, POS) • Benefits – Money transfer provider • Full EMV security, payment credential protection • Provision of cash on receiving end without using costly agents network • Ability to enable sender to link his account to PEP cards from multiple recipients (also in ≠ countries) – Senders and recipients of funds • high convenience (fast, secure, ability to withdraw money in multiple parts, no need to carry all cash) • cost-effectiveness (mainly ATM fees) • ability to spend funds with card at POS • ability to receive funds from multiple senders on same card P A T E N T P E N D I N G
  • 11. ProxyEMVPay Card Use Cases: Decoupled payment wallet 11 • Set-up – Two (decoupled) payment legs: purchase from merchant and funding by consumer – Purchase from merchant • Initiated at POS by consumer PEP device (e.g. card, mobile phone) provided by Third Party Wallet Provider (TPP - can be a MNO, merchant, device OEM, any other digital wallet provider) • Processed as a card transaction, against a central card account (wallet account) held by the Third Party Provider (and issued by a bank partner or using own scheme license) • Merchant is paid by his Acquirer, through normal scheme settlement with the Issuer of the TPP card account – Funding of wallet by consumer • Consumer securely links a funding account to (each) PEP-enabled device (e.g. bank account via ACH, carrier billing, card account) • TPP wallet will initiate a funding transaction request from the linked account for each transaction that hits the central wallet account • Benefits – Purchase at POS is enabled using the card network and acceptance infrastructure, providing ubiquity without infrastructure investments • ignites adoption of digital wallets and enables new payment business models by removing acceptance hurdle – Funding of the purchases is decoupled from the POS process, and provides flexibility to consumers to choose their preferred funding method (regardless of merchant acceptance) – In Europe, the TPP could act as Payment Initiation service provider under PSD2 P A T E N T P E N D I N G
  • 12. ProxyEMVPay Card Use Cases: Retailer Store Card Programs 12 • Set-up – Closed loop program to be offered by Acquirer or directly by Merchant – Consumer gets PEP-enabled card (and/or mobile HCE token) to serve as payment and loyalty device – Consumer securely links an existing payment card to the PEP device – Acquirer will connect with PEP TSP (or run internally) for de-tokenization into linked card PAN before routing the transaction to the card network – Program can also be extended to group of merchants (e.g. shopping mall, lunch voucher program, brands belonging to same group) • Benefits – Consumers • single card for loyalty and payment • integrated wallet in merchant mobile app • no need to get a new payment account or to put funds in a prepaid account – Merchants • no need to offer financial accounts to consumers and take on liability/risk • no restriction to cooperation with single financial institution • platform for merchant to design marketing/loyalty benefits for cardholders, potentially co-funded by partner banks (win-win) – Acquirers • white label loyalty and payment solution for merchants as value-added service and to create stickiness – Issuers • ability to create multiple partnerships with merchants, and to offer customized deals to customers based on life style preferences and purchasing habits/interests P A T E N T P E N D I N G
  • 13. ProxyEMVPay Card Use Cases: Corporate Travel Cards 13 • Set-up – Corporation has small number of REAL corporate travel card accounts (i.e. ‘PAN per cost center’) – Corporation provides employees with pre-tokenized, ‘inactive’ EMV compatible PEP cards, compatible with the payment network brand behind REAL corporate travel card accounts – Before actual travel takes place, authorized corporate person • links the employee’s PEP travel card to one of the REAL underlying corporate travel card account PANs (i.e. cost center) • 3D Secure is used to authenticate the authorized corporate person • Authorized corporate person sets the spending parameters (e.g. Maximum Spending Allowance, Maximum Linking Time Period, Maximum Number Of Transactions) – All transactions made by the employee’s PEP corporate card are authorized from the REAL corporate travel card account (i.e. cost center), which is linked to the employee’s PEP travel card • Benefits – Corporation • Real corporate card payment credential protection • full spending control • automatic expense consolidation to appropriate cost centers – Employee • convenience of a regular corporate card • automatic expense report generation – Corporate Card Provider • full EMV security • Simplicity and cost-effectiveness of issuance • easy replacement if lost or stolen • risk control P A T E N T P E N D I N G
  • 14. 14P A T E N T P E N D I N G
  • 15. 15P A T E N T P E N D I N G