emv® secure remote commerce presentation · 2018-11-02 · e-commerce digital web-based payments...
TRANSCRIPT
EMV® Secure Remote Commerce
Copyright ©2017 EMVCo 2Copyright ©2018 EMVCo – Confidential 2
What is Remote Commerce?
E-commerce
Digital CommerceWeb-based Payments
Remote Commerce
Online Payments
Copyright ©2017 EMVCo 3Copyright ©2018 EMVCo – Confidential 3
When Does Remote Commerce Happen?
• During the checkout process a merchant asks a consumer to provide or select a payment method for a purchase
• Checkout may also include:
– Verification of the cardholder and present bill of sale
– Delivery of information to enable the receipt of the purchased goods or services
Remote commerce
happens at the checkout process
Copyright ©2017 EMVCo 4Copyright ©2018 EMVCo – Confidential 4
Challenges within the Industry Landscape
Remote commerce continues to grow worldwide with the popularity of online purchasing. However, it has become increasingly targeted and susceptible to compromise.
• Variety of implementations result in fragmentation, complexity, and inconsistency
• Current environment has many different integration models which can be expensive and time intensive for merchants
• Primary Account Numbers (PAN) entry, transmission and subsequent storage of live PAN introduces significant risk
Copyright ©2017 EMVCo 5Copyright ©2018 EMVCo – Confidential 5
Concerns with Remote Commerce
Merchants Consumers
• User friction increases cart abandonment
• Online transactions carry increased risk• Supporting multiple, unique payment
solutions is expensive and time intensive
• Concerned that account will be compromised
• Don’t have the same level of convenience (e.g. multi data entry) across multiple merchants
Each stakeholder needs to balance different concerns associated with payment card acceptance during a remote commerce checkout experience
Copyright ©2017 EMVCo 6Copyright ©2018 EMVCo – Confidential 6
Secure Remote Commerce
EMV® Secure Remote Commerce
Secure Remote Commerce (SRC) establishes the foundation to deliver a consistent consumer checkout experience while increasing simplicity and security
• Creates a consistent, streamlined checkout environment for digital transactions
• Provides secure payment acceptance between a merchant site and the consumer device
• Supports a variety of consumer devices (phones, tablets, PCs, and IoT devices)
Copyright ©2017 EMVCo 7Copyright ©2018 EMVCo – Confidential 7
EMV® SRC Specification
• Provides interfaces to support secure exchanges of data between merchants and issuers to enable payment
• Defines UIs and APIs to enable predictable payment experiences
• Defines secure delivery methods of a payment payload to a merchant
• Define a payment payload with valid payment credentials
• Supports the protection of transactions with dynamic data
• Does not impact the existing processes for authorisation
Specification FeaturesEMVCo will develop
and maintain the EMV Secure Remote
Commerce Specifications to support remotetransactions in a
globally interoperable manner
Copyright ©2017 EMVCo 8Copyright ©2018 EMVCo – Confidential 8
SRC Key Benefits
SRC benefits merchants, consumers, and all industry stakeholders by streamlining integration and facilitating innovation across new devices, channels and technologies
• Provides a choice of online checkout methods
• Delivers a consistent and secure consumer purchase experience across multiple merchants
• Potentially lowers shopping cart abandonment
• Simplifies integrations• Supports the integration of new
technologies• Provides a choice of online checkout
methods
Merchants Consumers
Copyright ©2017 EMVCo 9Copyright ©2018 EMVCo – Confidential 9
Physical Payments
BAU AuthorisationRemote Commerce
Secure Remote Commerce
Issuing Bank
Merchant and Intermediaries
Acquiring Bank
SRC System
Payment Network
Payment Card
Payment Information
10100
Physical Terminal
Consumer Interaction
Payment Information
Digital Card Selection
Merchant
Merchant Website
Cardholder
Payment Card
Remote Commerce vs. Secure Remote Commerce
Copyright ©2017 EMVCo 10Copyright ©2018 EMVCo – Confidential 10
Secure Remote Commerce Scope
SRC Specification Focus Outside of SRC Specification Scope
✓ Preparation and assertion of the data to be passed along through existing transaction processing rails
✓ Consistency in payload to provide structure and ubiquity to help ease global integration
✓ Guidance / Clarity for how to connect with an SRC System
✓ Visual elements for incorporation to allow for customer recognition
• Changes to transaction processing
• Implementation mandates
• Restrictions on who can play which roles
• What the merchant experience looks like
• Compliance or policy requirements
As the development of the EMV® Secure Remote Commerce (SRC) Specification has progressed, it is critical to understand the intention/focus behind the specification and included annexes
Copyright ©2017 EMVCo 11Copyright ©2018 EMVCo – Confidential 11
Secure Remote Commerce Objectives
• Establish interoperable interfaces for all stakeholders to enable a consistent payment card specification for message content, transmission and security
• Deliver a consistent representation of the consumer account data to merchant
• Introduce Dynamic Data to protect the Payment Data through a scalable solution
• Providing transparency between the participants to facilitate Cardholder Authentication and Consumer Device identification
• Enable the integration of other EMV® specifications such as Payment Tokenisation and 3-D Secure authentication
• Minimise consumers entry of their Payment Data by enabling consistent identification of the Consumer and the Consumer Device to minimise friction and potentially reduce abandonment during the payment experience
• Supporting common Consumer Verification to enable access to established Payment Data
Copyright ©2017 EMVCo 12Copyright ©2018 EMVCo – Confidential 12
SRC Participants and Roles
Functions Description Typical Participant Examples
SRC ProgrammeResponsible for the policies and processes associated with the oversight of SRC participants within an SRC System
• Any Payment System• Global/ Regional/ Domestic• Proprietary (Merchant,
Issuer, other)
SRC
Ro
les
SRC SystemOrchestration of all technical activities between participants, manages the technical aspects of the SRC Programme
• Payment Networks supporting Payment Systems
Digital Shopping Application (DSA)
A payment enabled application that facilitates the SRC consumer experience• Merchants• Marketplace• Hosted Order Page Provider
DigitalCard Facilitator (DCF)
Provides consumers access to information for use during a commerce exchange
• Wallets• Browser• Issuer• Merchant
SRC Initiator (SRC I)Facilitates the collection and transmission of digital card and checkout information on behalf of a DSA to enable the initialisation of a payment
• Merchant Service Providers
SRC ParticipatingIssuer (SRC PI)
Enrols the cardholder, PAN and authorisation related data • Issuers
Copyright ©2017 EMVCo 13Copyright ©2018 EMVCo – Unauthorised reproduction is prohibited 13
Current Checkout Solutions EMV Secure Remote Commerce
Why EMV® Secure Remote Commerce?
Issuerdomain
Service Provider Wallet
Checkout
MerchantIssuer
domain Service
Provider
Wallets / Selection
Checkout
Device
Single Provider Solutions
Limited Single Single Source Excluded
Limited Single Tied to Provider
ParticipatingSingle Source
Merchant Issuer domain
Wallets
SecureCheckout
Device
All All Agnostic AllMultiple Providers
Payment Network
Multi-Provider Solutions
PSP
Any
Digital Shopping
Application
Digital Card Facilitator
SRC System
SRCInitiator
SRC Participating
Issuer
Cloud COF
Device Assuranceenables access
VS
SRC Roles
Merchant
Copyright ©2017 EMVCo 14Copyright ©2018 EMVCo – Unauthorised reproduction is prohibited 14
Fragmented Potential-Risk Lack of ScaleOne-off
Solutions
Common Secure Scalable 360o Solution
Varied Experiences PAN Exposure Single Provider Merchant by Merchant
Common ExperienceDynamic Data;
AssuranceUbiquitous Consistent
Implementation
Current Gaps
EMV SRC Achieves
---
+ + +
Higher Cart Conversion &
More Engagement
Higher Authorisation Rates &
Low Fraud Losses
Lower Cost of Integration & Higher
Acceptance Rates Higher Adoption
• Scale is fundamental to the effectiveness of solutions• Innovation in payment technologies mostly affects merchant-facing functions in the value chain• Integration of each new data source is resource and time consuming• Convenience over security is not an acceptable tradeoff for consumers and all want access to all their existing cards
EMV® SRC Addresses Gaps of Many Single Provider Solutions
Copyright ©2017 EMVCo 15Copyright ©2018 EMVCo – Unauthorised reproduction is prohibited 15
Individual SRC Programmes in conjunction with SRC Systems’ participation may offer a spectrum of solutions for consumers from anonymity to full convenience.
Guest Device Agnostic Device Specific Frictionless
Consumer Experience Spectrum
Frequency
Recognition
Assurance
One Time Repeat User Repeat User Repeat User
Enrol with Issuer but do not store my information
Enrol but do not remember/track me (no device recognition)
Enrol and remember me on this device
Enrol and remember me on this device
I can prove it is my card Check to make sure it is me, I can prove it’s me
Check to make sure it is me on this device
Do not ask me for information if you know it’s me
Consumers may want different experiences based on their confidence in the solution providers
EMV® SRC enables a Spectrum of Solutions
Copyright ©2017 EMVCo 16Copyright ©2018 EMVCo – Unauthorised reproduction is prohibited 16
SRC Specification Enabling an Ecosystem
Onboarding and Registration
BAU Authorisation
Enrolment
SRC Systems
Issuing BankMerchant andIntermediaries
Acquiring Bank Payment Network
Wallets / Digital Card Facilitators
Secure Remote Commerce is a catalyst that enables innovators to create compelling products and integrate simple and secure payments with interoperable interfaces defined within EMVCo
EMV® Secure Remote Commerce Specification for Common Integration
Digital Wallets / Mobile Wallets
Value Added Services
Merchant Aggregators
Consumer / Device Identity Managers
Merchants / SRC Initiators
Cardholder
Issuing Bank
Merchants / Digital Shopping
Applications
Payment Network / SRC
System
Secure Remote Commerce is an evolution of remote commerce that enables secure and interoperable payment acceptance from browser or applications based on dynamically created payload, SRC checkout and common user experience based on specified messages
Copyright ©2017 EMVCo 17Copyright ©2018 EMVCo – Unauthorised reproduction is prohibited 17
SRC in Context of Merchant Environment version 1.0
Merchant experience varies by channel (web, mobile application, other technology)
SRC Experience facilitated by SRC System
IdentityCard
SelectionAssurance & Verification
Payment Tokenisation
3-D SecureRequired
Optional
Shipping Payment & Billing
Order & Review
ConfirmationCheckout PageProduct Page
3DS Authorisation
FOR ILLUSTRATIVE PURPOSES ONLY
NOTE: The SRC Specification does not mandate use or limit implementations to a “Single Button”.
Copyright ©2017 EMVCo 18Copyright ©2018 EMVCo – Confidential 18
• Oct 2017
– Publish SRC Technical Framework
• Oct 2018
– SRC Specification v0.9 released to the public
• Why Publish v0.9?
– Present to a broader population from the payments community, technical/industry bodies, and merchants
– Increase visibility of the spec to encourage participation
– Allow for product roadmap and investment planning
– Encourage more companies to participate at an associate level
– Expedite the release of the SRC Spec to address market needs
SRC Specification Release Update
*The timeline and dates presented are provisional and subject to change.
EMVCo Associates Programme (EAP)
Copyright ©2017 EMVCo 20Copyright ©2018 EMVCo – Unauthorised reproduction is prohibited 20
EAP Connects EMVCo to Industry Leaders
EMVCo Associates Programme provides:
Copyright ©2017 EMVCo 21Copyright ©2018 EMVCo – Unauthorised reproduction is prohibited 21
Current EMVCo Business Associates
^ Participation as of 3 October 2018 | * Denotes dual Associates: registered as TA and BA
Business Associates (59)
ANZ AsiaPay* Australian Payments Network* Bancomat Bank of America
Bank of America Merchant Services
Barclaycard* Bankalararasi Kart Merkezi* Banque Populaire Caisse
d’EpargneBundesverband deutscher
Banken
Carrefour Banque* Cartao Elo* Cartes Bancaires* Citi* Conexxus
Creditcall Ltd.* Credit Mutuel Dutch Payments Association EFTPOS Australia* equensWorldline
EURO 6000, S.A.European Card Payment
AssociationEuropean Payments Council Expedia* First Data*
Financial Software & Systems (FSS)
Global Payments, Inc.* Google* Interac* JP Morgan Chase*
Merchant Advisory Group (MAG)
Merchant e-Solutions Microsoft* Moneris Solutions*National Credit Card Center
of R.O.C.*
National Payments Corporation of India*
NSPK* PAN-Nordic Card Association* PASA Poste Italiane*
RedsysSaudi Arabian Monetary
Authority*SHAZAM* SIA-SSB Soft Space*
Sony Interactive Entertainment LLC*
Square* SRC Research* STET Stripe*
Swedbank Target The Clearing House* TSYS* U.S. Bank*
Vantiv* Verve International* WIBMO* Worldpay*
Copyright ©2017 EMVCo 22Copyright ©2018 EMVCo – Unauthorised reproduction is prohibited 22
Current EMVCo Technical Associates
^ Participation as of 3 October 2018 | * Denotes dual Associates: registered as TA and BA
Technical Associates (69)
Ant Financial Services Group AsiaPay* Australian Payments Network* Barclaycard* BKM, A.S.*
CA Technologies Carrefour Banque* Cartao Elo* Cartes Bancaires* Citi*
Consult Hyperion Creditcall Ltd.* CTC advanced GmbH EFTPOS Australia* Everi
Expedia* Feitian Technologies FIME First Data* FIS OTS
Fujian LANDI Commercial Equipment Co.
Global Payments, Inc.* Google* Ingenico Terminals Intel
Interac* JP Morgan Chase* Micro Focus Microsoft* Modirum
Moneris Solutions* mSIGNIA National Credit Card Center of R.O.C.*National Payments Corporation
of India*Netcetera
Nets DK NCR Financial Solutions Group NSPK* NTT DATA Corporation PAAY
Panasonic Mobile Communications
PAN-Nordic Card Association* PAX Computer Technology Poste Italiane* Rambus
RSASaudi Arabian Monetary
Authority*SHAZAM*
Sony Interactive Entertainment LLC*
Soft Space*
Square* SRC Research* Stripe* Thales Tencent
The Clearing House* ThreatMetrix Toshiba Global Commerce Solutions TRUXTUN Capital TSYS*
TTA TÜV SÜD UL U.S. Bank* Vantiv*
Verifone Verve International* WIBMO* Worldpay*
Copyright ©2017 EMVCo 23Copyright ©2018 EMVCo – Unauthorised reproduction is prohibited 23
Thank You!For more information visit www.emvco.com or join us on LinkedIn
Audio commentary is available to accompany these slides. View the ‘EMV SRC Presentation with Audio’ onthe EMV SRC press kit page.