5. THE JOURNEY
(TABLE OF CONTENTS)
What is EMV? (EuroPay, MasterCard, VISA)
Where did it start
What brought it to the USA
Why do I care as a consumer?
Card Present and Card Not Present (CNP) Transactions
What should I be aware of?
Helpful Hints to protect your online shopping via CNP
6. THE SIM ……WE FIRST SAW IN OUR
MOBILE PHONES
The USA Was LAST to adopt GSM!!
7. EMV - MAGNETIC STRIPE TO CHIP CARD
ADOPTION
The USA IS LAST to adopt EMV!!
8. WHAT IT TOOK TO GET TO EMV
► Until 2011 financial institutions (FIs) in the U.S. had been
reluctant to implement EMV because of its cost and
impact on interchange fees.
► The U.S. is the only country with consistently rising
counterfeit card fraud, the type of fraud most easily
addressed by EMV.
► This increase in fraud, combined with implementation
milestones announced by major card brands and
decreased profitability on debit portfolios, prompted
many U.S. issuers to prioritize EMV planning in 2013.
► Additionally, global interoperability and card acceptance
were factors that began to influence U.S. issuers.
9. WHAT WERE THE DRIVERS?
Preparation For EMV Chip Technology: Creditcard.com
• Global Credit Card Fraud in 2013 =
$14,000,000,000
• USA Credit card Fraud in 2013 =
$7,100,000,000
• More then “HALF” the global fraud is
in the USA!
• (37% of transactions 51% of Fraud)
10. CHIP AND PIN OR CHIP AND
SIGNATURE?
The US is implementing Chip and Signature for Credit Cards.
The rest of the world implemented Chip and Pin
Why is that?
“Chip and PIN, long the standard in Europe, would help retailers
verify not just the card, but the person using it.”
“Writing to their colleagues in October, two attorneys general
sounded a warning bell: The new security chip would not go far
enough to make transactions safer. Credit cards needed a PIN, too.”
“Given the clear consumer benefits of chip and PIN, why are banks
hesitating to require both?” Martha Coakley, a former attorney
general of Massachusetts, said in an opinion article she co-wrote
that was published in September. “The truth is that, for banks and
card networks, the status quo is lucrative; they don’t want to
change.”
11. YOU !!
….. all stakeholders involved in payment transaction
processing…especially you the Consumer!
EMV Migration Impacts
12. The top four Issuers in the North American Marketplace
662
Million
cards*
321
Million
cards*
52
Million
cards*
62
Million
cards*
*International Card Manufacturers Association
May 2014 for year 2012 Credit and Debit Cards
in circulation
16. The U.S. is implementing EMV, and once it becomes
widespread, counterfeit card fraud should drop here,
too. But as in other countries, other types of fraud --
especially card-not-present (online) fraud -- will
probably grow.
CARD FRAUD STATISTICS 2014
20. SO WHAT SHOULD YOU SEE NEXT?
“Customers are finding it increasingly difficult to
differentiate between legitimate websites, emails, and
phone calls originating from their own bank versus
those created by fraudsters, making it more difficult for
them to spot fraudulent transactions,” said Tim Phipps,
vice president of product marketing, Identity Assurance
with HID Global.
Phishing
Vishing (Voice Phishing)
SMS malware
man-in-the-middle techniques
man-in-the-browser
techniques
ransomware threat
These have all eroded
consumer confidence in
digital banking.
21. KEYSTROKE LOGGERS
(LOADED FROM PHISHING ATTACKS)
Keystroke loggers, or simply keyloggers can come in
the form of software installed on an operating system
or hardware that is connected in between the
computer and keyboard to capture and record typed
keystrokes.
Security software such as a very good antivirus
solution will normally report a detected keylogger as
malware. This is due to the nature of such a program
that has the ability to hide its presence and be
misused to steal login information to banking sites
and etc.
23. The new variant also can get around a number of other security
software measures, like anti-virus, which software researchers
said, makes its penetration into systems faster and more
effective.
The malware is spread via indiscriminate spam campaigns (read
“Phishing”) which include various malicious attachments, either a
ZIP, PPT or PDF file. Once a recipient clicks on the attachment the
file delivers the malware onto the targeted machine.
NEW FOR THE HOLIDAYS!
24. YOUR “ON LINE” DIGITAL IDENTITY
TYPICALLY LOOKS LIKE THIS:
So what can you do to protect yourself?
28. KEYSTROKE LOGGING AND MALWARE
PROTECTION
To keep systems protected from the various malware,
Security Experts recommend that computer users:
1. Educate, Educate, Educate !!
2. Don't click links in emails received from unknown email
addresses.
3. Don't download and access email attachments from
unknown people.
4. Increase online protection level by adjusting web
browser security settings.
5. Where appropriate use a virtual keyboard
6. Keep Windows operating system and software up to
date with the latest security patches.
7. Use a security solution (anti-virus) that updates
automatically.
29. UNDERSTANDING THE 2015 US
FRAUD LIABILITY SHIFTS
The liability shift, which is being imposed by
the credit card industry itself, will make most
U.S. merchants liable for any fraudulent
transactions if their credit card readers do
not accept EMV card payments by October
1, 2015. Previously, credit card issuers were
the ones liable for any fraudulent
transactions.
Regardless, consumers won't be on the hook
for the fraud.
31. REFERENCES
Verizon: Data breach investigations reports 2011, 2012, 2013, 2014 and 2015
Forbes: The Power And Problem Of Privilege In Cybersecurity, Tom Kemp, CEO of
Centrify
World Payments Report 2014
http://www.wired.com/2014/09/emv/
http://www.emv-connection.com/emv-101-fundamentals-of-emv-chip-payments/
http://www.nasdaq.com/article/credit-card-fraud-and-id-theft-statistics-
cm520388#ixzz3rs7bLkDc
http://www.nytimes.com/2015/11/17/business/chip-credit-cards-give-retailers-
another-grievance-against-banks.html?ref=business&_r=2
www.creditcard.com
http://www.scmagazine.com/new-banking-malware-variant-ready-to-profit-from-
holiday-rush/article/454824/?DCMP=EMC-
SCUS_Newswire&spMailingID=13006596&spUserID=MjI5OTI4NDcxOAS2&spJobI
D=661345052&spReportId=NjYxMzQ1MDUyS0
https://www.raymond.cc/blog/how-to-beat-keyloggers-to-protect-your-identity/