diagnosing the emv migration pain points
Post on 05-Dec-2014
448 Views
Preview:
DESCRIPTION
TRANSCRIPT
Diagnosing the EMV Migration Pain Points: How to Make the Bitter EMV Migration Pill Easier to Swallow
Jeremy Gumbley, CTO Creditcall North America Cartes America 2014, May 13-15
COMPELLING EVENTS
LOOMING U.S. EMV LIABILITY SHIFT
Booth #1615
www.creditcall.com/ChipDNA
jeremy.gumbley@creditcall.com
Linkedin.com/in/jgumbley
COMPELLING EVENTS …………………………………………………………………………………………………………………………………………………….
EVER EVOLVING PCI DSS
REQUIREMENTS
Booth #1615
www.creditcall.com/ChipDNA
jeremy.gumbley@creditcall.com
Linkedin.com/in/jgumbley
COMPELLING EVENTS …………………………………………………………………………………………………………………………………………………….
THE 5 PAIN POINTS TO EMV MIGRATION
1. PINPAD SUPPORT
FACTORS TO CONSIDER a) Attended or Unattended? → How important is PIN Debit to you? b) What CVMs do you need to support?
Booth #1615
www.creditcall.com/ChipDNA
jeremy.gumbley@creditcall.com
Linkedin.com/in/jgumbley
1. SELECT PINPAD, CREATE RELIABLE AND
ROBUST DRIVER …………………………………………………………………………………………………………………………………………………….
Booth #1615
www.creditcall.com/ChipDNA
jeremy.gumbley@creditcall.com
Linkedin.com/in/jgumbley
1. SELECT PINPAD, CREATE A RELIABLE AND
ROBUST DRIVER …………………………………………………………………………………………………………………………………………………….
HOW ABOUT CONTACTLESS?
2. UPDATE EXISTING PROCESSOR INTERFACES FOR EMV
Booth #1615
www.creditcall.com/ChipDNA
jeremy.gumbley@creditcall.com
Linkedin.com/in/jgumbley
2. UPDATE PROCESSOR INTERFACES TO SUPPORT
EMV MESSAGING ……………………………………………………………………………………………………………………………………………………. GETTING TO GRIPS WITH EMV
• The terminology and the payment flows –
issuer script processing for instance.
• Who owns the code?
• Who maintains the code?
• Is the original developer still around?
Booth #1615
www.creditcall.com/ChipDNA
jeremy.gumbley@creditcall.com
Linkedin.com/in/jgumbley
2. UPDATE PROCESSOR INTERFACES TO SUPPORT
EMV MESSAGING ……………………………………………………………………………………………………………………………………………………. TIME MANAGEMENT • Have you allocated enough time to the project
considering the Processors will probably be inundated with support requests?
• Do the same for every Processor interface
SUPPORT • Will the Processor have enough resource to
support you?
3. A CERTIFICATION FOR EACH PINPAD AND PROCESSOR
Booth #1615
www.creditcall.com/ChipDNA
jeremy.gumbley@creditcall.com
Linkedin.com/in/jgumbley
3. CERTIFY EACH PINPAD WITH EACH PROCESSOR …………………………………………………………………………………………………………………………………………………….
LAYERS OF BRAND CERTIFICATION • Each PINpad and processor combination
requires various layers of brand certification – M-TIP/ADVT/D-PAS
• Rinse and repeat for each Processor you need to support!
• A certification requires costly test cards and testing tools
Booth #1615
www.creditcall.com/ChipDNA
jeremy.gumbley@creditcall.com
Linkedin.com/in/jgumbley
3. CERTIFY EACH PINPAD WITH EACH PROCESSOR …………………………………………………………………………………………………………………………………………………….
BUDGET ENOUGH TIME • In mature markets like the UK it takes 10-16 weeks per certification
• Repeat every time the EMV Level 2 certification expires
• Will the processor have enough time to support
you?
• What will the processor charge you to certify?
• Don’t forget changes in receipting to show some additional EMV fields such as the AID!
• Allow extra time for a first certification for documentation interpretation errors, unforeseen technical issues and test host availability.
4. WHAT ABOUT TERMINAL MANAGEMENT?
Booth #1615
www.creditcall.com/ChipDNA
jeremy.gumbley@creditcall.com
Linkedin.com/in/jgumbley
4. WHAT ABOUT TERMINAL MANAGEMENT? …………………………………………………………………………………………………………………………………………………….
TERMINAL ESTATE MANAGEMENT • Now that you have successfully updated
your application to support EMV, how will you manage all the additional data elements required by EMV?
• How will you update the firmware in your PINpad estate?
5. WHAT ABOUT PCI P2PE?
Booth #1615
www.creditcall.com/ChipDNA
jeremy.gumbley@creditcall.com
Linkedin.com/in/jgumbley
Booth #1615
www.creditcall.com/ChipDNA
jeremy.gumbley@creditcall.com
Linkedin.com/in/jgumbley
5. WHAT ABOUT PCI P2PE? …………………………………………………………………………………………………………………………………………………….
SECURITY • Are you ready for PCI P2PE?
• Domain 5 compliance? (HSMs, changes in process
and procedure, cost of certification)
SUMMARY
Booth #1615
www.creditcall.com/ChipDNA
jeremy.gumbley@creditcall.com
Linkedin.com/in/jgumbley
SUMMARY …………………………………………………………………………………………………………………………………………………….
1
2
3
4
5
SOLUTIONS
Booth #1615
www.creditcall.com/ChipDNA
jeremy.gumbley@creditcall.com
Linkedin.com/in/jgumbley
SOLUTIONS …………………………………………………………………………………………………………………………………………………….
DIY Do it yourself and spend anything from 12 to 24 months building and certifying an in house technology stack. PRE-CERTIFICATION Pre-certified ready build solutions that are plug and play with a variety of PINpads and processors of which there are two types: • Fat technology stack on PINpad
• Shared technology stack between POS and PINpad
“BUILDING BLOCK” APPROACH PINpad drivers have been developed, off the shelf uncertified updated processor interfaces and other functionality building blocks
jeremy.gumbley@creditcall.com
jeremy.gumbley
If you have any questions:
Come and see us at booth #1615
or visit www.creditcall.com/ChipDNA
Jeremy Gumbley
CTO
top related