pcats annual conference - conexxus€¦ · saved $.73b 2012 • durbin “1” was flawed, but good...
TRANSCRIPT
![Page 1: PCATS Annual Conference - Conexxus€¦ · Saved $.73B 2012 • Durbin “1” was flawed, but good • Durbin done right is essential! • Routing will be accretive (TBD) Takeaways:](https://reader033.vdocuments.net/reader033/viewer/2022060609/60603a329a589e12cc41780e/html5/thumbnails/1.jpg)
Enabling Connections…Finding Solutions…Researching Technology
The Future of Payments PCATS Annual Conference
![Page 2: PCATS Annual Conference - Conexxus€¦ · Saved $.73B 2012 • Durbin “1” was flawed, but good • Durbin done right is essential! • Routing will be accretive (TBD) Takeaways:](https://reader033.vdocuments.net/reader033/viewer/2022060609/60603a329a589e12cc41780e/html5/thumbnails/2.jpg)
Gray Taylor Executive Director PCATS [email protected]
Terence Spies Chief Technology Officer Voltage Security [email protected]
The Future of Payments PCATS Annual Conference
![Page 3: PCATS Annual Conference - Conexxus€¦ · Saved $.73B 2012 • Durbin “1” was flawed, but good • Durbin done right is essential! • Routing will be accretive (TBD) Takeaways:](https://reader033.vdocuments.net/reader033/viewer/2022060609/60603a329a589e12cc41780e/html5/thumbnails/3.jpg)
Snapshots…
• Est. $550B industry sales • Continued Privatization
– Prepaid will eat cash sales – ACH will feed off debit
• Cost “holiday” from Durbin 3
Source: Nilson Report, NACS
![Page 4: PCATS Annual Conference - Conexxus€¦ · Saved $.73B 2012 • Durbin “1” was flawed, but good • Durbin done right is essential! • Routing will be accretive (TBD) Takeaways:](https://reader033.vdocuments.net/reader033/viewer/2022060609/60603a329a589e12cc41780e/html5/thumbnails/4.jpg)
Industry Card Costs to 2017
$12.3
$10
$11
$12
$13
$14
$15
$16
$17
$18
$19
$20
2012 2013 2014 2015 2016 2017
Billi
ons C
ard
Cost
P.A.
No Durbin Durbin Durbin Recast
Sources: Nilson Report, NACS CPP
$5.6B
$8.2B
Saved $.73B 2012
• Durbin “1” was flawed, but good • Durbin done right is essential! • Routing will be accretive (TBD)
Takeaways: • We have a lot of work to do with the Fed in 2014 • How might we fully leverage routing?
![Page 5: PCATS Annual Conference - Conexxus€¦ · Saved $.73B 2012 • Durbin “1” was flawed, but good • Durbin done right is essential! • Routing will be accretive (TBD) Takeaways:](https://reader033.vdocuments.net/reader033/viewer/2022060609/60603a329a589e12cc41780e/html5/thumbnails/5.jpg)
![Page 6: PCATS Annual Conference - Conexxus€¦ · Saved $.73B 2012 • Durbin “1” was flawed, but good • Durbin done right is essential! • Routing will be accretive (TBD) Takeaways:](https://reader033.vdocuments.net/reader033/viewer/2022060609/60603a329a589e12cc41780e/html5/thumbnails/6.jpg)
Payments in Flux – The Perfect Storm Big Theme
1. Digitization of payments 2. Redefining retail banking 3. Consumerization 4. Alternative currency 5. Authentication 6. Many to many, “Cloud” 7. Paucity of standards/regs
Risk/Opportunity 1. Digital = “for profit” 2. Consumer attitudes on payments 3. BYOD defining society & payments 4. Will drive mobile adoption 5. Analog to digital ID, new “trust” 6. Traditional net structure destroyed 7. “Wild West” scenario
Market dominants are at significant risk – so are we…
![Page 7: PCATS Annual Conference - Conexxus€¦ · Saved $.73B 2012 • Durbin “1” was flawed, but good • Durbin done right is essential! • Routing will be accretive (TBD) Takeaways:](https://reader033.vdocuments.net/reader033/viewer/2022060609/60603a329a589e12cc41780e/html5/thumbnails/7.jpg)
Funding
Check
Credit
ACH/Transfer
Debit
• Ubiquity is essential • Settlement essential • Trust is essential • Security essential • Funding clashes with method
Funding Systems Method
Systems
MagStripe
Check
Coupon
New methods?
• Ubiquity is essential • USER EXPERIENCE!! • Standards essential • Security essential • Authentication is essential • HIGHLY DYNAMIC - Mobile
Payments Ecosystem – Business & Consumer
Currency $
DDA
Prepaid
Credit Line
• Can be consumer or business • Does not have to be a “bank” • Not too dynamic – BitCoin? • Trust is essential • Highly regulated
![Page 8: PCATS Annual Conference - Conexxus€¦ · Saved $.73B 2012 • Durbin “1” was flawed, but good • Durbin done right is essential! • Routing will be accretive (TBD) Takeaways:](https://reader033.vdocuments.net/reader033/viewer/2022060609/60603a329a589e12cc41780e/html5/thumbnails/8.jpg)
Interchange is Hosed (long live interchange)
• Level playing field gone – Cards will seek to
maximize revenue in (small) niches
– MC Codes mean nothing – Cards have released
banks to do bilaterals – Cost complexity ↑
• Routing needs volume
Size matters
Estimated Card Sales - 20121 Wal-Mart $131.48 2 Costco $56.83 3 Shell $46.60 4 Target $43.18 5 Chevron $40.49 6 The Home Depot $39.61 7 Kroger $36.87 8 Walgreen $32.51 9 CVS Caremark $31.84
10 Amazon.com $30.97 11 Lowe's $29.62 12 ExxonMobil $28.42 13 CITGO $28.42 14 Phillips $26.25 15 BP $24.85 16 Apple Stores / iTunes $21.60 17 Best Buy $20.65 18 McDonald's $17.80 19 Macy's $16.57 42 7-Eleven $4.28
![Page 9: PCATS Annual Conference - Conexxus€¦ · Saved $.73B 2012 • Durbin “1” was flawed, but good • Durbin done right is essential! • Routing will be accretive (TBD) Takeaways:](https://reader033.vdocuments.net/reader033/viewer/2022060609/60603a329a589e12cc41780e/html5/thumbnails/9.jpg)
The Underbanked
• Many consumers… – Can’t qualify or afford DDAs – Don’t want DDA – Pay predatory fees
• Often more than $600/year
– Demographic: Bubba/Bubette
• Underbanked are… – Adopting general purpose
prepaid cards as alternative – Customers of non-FI entities – Not prime targets for
decoupled
9
![Page 10: PCATS Annual Conference - Conexxus€¦ · Saved $.73B 2012 • Durbin “1” was flawed, but good • Durbin done right is essential! • Routing will be accretive (TBD) Takeaways:](https://reader033.vdocuments.net/reader033/viewer/2022060609/60603a329a589e12cc41780e/html5/thumbnails/10.jpg)
Underbanked Services Fit Retail • Underbanked…
– Seek SPENDING solutions – Need to load/unload card
• Convenience important
– Shop Omni-channel
• Retailers… – Need financial “quality”
to offer – Need systems to support – Have to load and unload – Be convenient
10
![Page 11: PCATS Annual Conference - Conexxus€¦ · Saved $.73B 2012 • Durbin “1” was flawed, but good • Durbin done right is essential! • Routing will be accretive (TBD) Takeaways:](https://reader033.vdocuments.net/reader033/viewer/2022060609/60603a329a589e12cc41780e/html5/thumbnails/11.jpg)
Why Walmart Wants to be Your Bank • Cost: Cash customer moving to
unregulated prepaid • Contact: Consumer touch point • Profits: Issuing is profitable
– 1 million Bluebird cards (AMEX) – 1.4 MasterCard payroll cards – Largest seller of Visa GPR cards – Repeat store visits for reloads – Path to other financial services – New:
• AMEX Serve • In-chain money transfer
11
![Page 12: PCATS Annual Conference - Conexxus€¦ · Saved $.73B 2012 • Durbin “1” was flawed, but good • Durbin done right is essential! • Routing will be accretive (TBD) Takeaways:](https://reader033.vdocuments.net/reader033/viewer/2022060609/60603a329a589e12cc41780e/html5/thumbnails/12.jpg)
![Page 13: PCATS Annual Conference - Conexxus€¦ · Saved $.73B 2012 • Durbin “1” was flawed, but good • Durbin done right is essential! • Routing will be accretive (TBD) Takeaways:](https://reader033.vdocuments.net/reader033/viewer/2022060609/60603a329a589e12cc41780e/html5/thumbnails/13.jpg)
US Mobile “Regulatory” Landscape
Broadcast
Payment
Security/Privacy
Federal Trade Commission Department of Commerce States / Attorneys General
Consumer Financial Protection Bureau
Federal Reserve System Treasury (incl. FinCen, IRS)
Office of Comptroller of Currency Department of Agriculture (EBT/SNAP) Federal Deposit Insurance Corporation
National Credit Union Association Consumer Financial Protection Bureau
Department of Justice
Card Brands EMV PCI
SmartCard
Card Brands EMV
Mobile Operators
ANSI X9 -> ISO NIST W3C
ANSI X9 -> ISO NACHA
Federal Communications Commission Food & Drug Administration
IEEE Bluetooth
NFC
Use
Federal Communications Commission Nat’l Highway Traffic Safety Admin.
State DOT
Regulators Private Regulators Standards
![Page 14: PCATS Annual Conference - Conexxus€¦ · Saved $.73B 2012 • Durbin “1” was flawed, but good • Durbin done right is essential! • Routing will be accretive (TBD) Takeaways:](https://reader033.vdocuments.net/reader033/viewer/2022060609/60603a329a589e12cc41780e/html5/thumbnails/14.jpg)
Mobile Security Best Practices - BITS
![Page 15: PCATS Annual Conference - Conexxus€¦ · Saved $.73B 2012 • Durbin “1” was flawed, but good • Durbin done right is essential! • Routing will be accretive (TBD) Takeaways:](https://reader033.vdocuments.net/reader033/viewer/2022060609/60603a329a589e12cc41780e/html5/thumbnails/15.jpg)
In reality…
![Page 16: PCATS Annual Conference - Conexxus€¦ · Saved $.73B 2012 • Durbin “1” was flawed, but good • Durbin done right is essential! • Routing will be accretive (TBD) Takeaways:](https://reader033.vdocuments.net/reader033/viewer/2022060609/60603a329a589e12cc41780e/html5/thumbnails/16.jpg)
DATA SECURITY IN THE NEW AGE Terence Spies
![Page 17: PCATS Annual Conference - Conexxus€¦ · Saved $.73B 2012 • Durbin “1” was flawed, but good • Durbin done right is essential! • Routing will be accretive (TBD) Takeaways:](https://reader033.vdocuments.net/reader033/viewer/2022060609/60603a329a589e12cc41780e/html5/thumbnails/17.jpg)
Introduction
• Security is simultaneously becoming: – More crucial to understand – More complex – Generally more terrifying
![Page 18: PCATS Annual Conference - Conexxus€¦ · Saved $.73B 2012 • Durbin “1” was flawed, but good • Durbin done right is essential! • Routing will be accretive (TBD) Takeaways:](https://reader033.vdocuments.net/reader033/viewer/2022060609/60603a329a589e12cc41780e/html5/thumbnails/18.jpg)
Cryptography
• Data security is driving short term changes – Protection of legacy payment architecture
• Data security is driving long term changes – Future payment architectures
• Cryptography is the backbone of this shift
1978 1960 2013
![Page 19: PCATS Annual Conference - Conexxus€¦ · Saved $.73B 2012 • Durbin “1” was flawed, but good • Durbin done right is essential! • Routing will be accretive (TBD) Takeaways:](https://reader033.vdocuments.net/reader033/viewer/2022060609/60603a329a589e12cc41780e/html5/thumbnails/19.jpg)
Why do breaches happen?
• One fundamental flaw of payment (and other identification schemes): Symmetry – To make a payment, I need a PAN – To verify a payment, the Bank needs a PAN
Symmetry allows attackers to imitate payers by
stealing information from verifiers.
![Page 20: PCATS Annual Conference - Conexxus€¦ · Saved $.73B 2012 • Durbin “1” was flawed, but good • Durbin done right is essential! • Routing will be accretive (TBD) Takeaways:](https://reader033.vdocuments.net/reader033/viewer/2022060609/60603a329a589e12cc41780e/html5/thumbnails/20.jpg)
The Classic Model
Payer Payee Bank PAN PAN
Attacker
Absent authentication or privacy, attacker simply recycles PANs
![Page 21: PCATS Annual Conference - Conexxus€¦ · Saved $.73B 2012 • Durbin “1” was flawed, but good • Durbin done right is essential! • Routing will be accretive (TBD) Takeaways:](https://reader033.vdocuments.net/reader033/viewer/2022060609/60603a329a589e12cc41780e/html5/thumbnails/21.jpg)
Physical Symmetry…
![Page 22: PCATS Annual Conference - Conexxus€¦ · Saved $.73B 2012 • Durbin “1” was flawed, but good • Durbin done right is essential! • Routing will be accretive (TBD) Takeaways:](https://reader033.vdocuments.net/reader033/viewer/2022060609/60603a329a589e12cc41780e/html5/thumbnails/22.jpg)
Make insecurity a business model?
![Page 23: PCATS Annual Conference - Conexxus€¦ · Saved $.73B 2012 • Durbin “1” was flawed, but good • Durbin done right is essential! • Routing will be accretive (TBD) Takeaways:](https://reader033.vdocuments.net/reader033/viewer/2022060609/60603a329a589e12cc41780e/html5/thumbnails/23.jpg)
Compensating for symmetry
• As long as systems are symmetric, we need to restrict verification.
• Most common example: PINs
X84%#$1vE
![Page 24: PCATS Annual Conference - Conexxus€¦ · Saved $.73B 2012 • Durbin “1” was flawed, but good • Durbin done right is essential! • Routing will be accretive (TBD) Takeaways:](https://reader033.vdocuments.net/reader033/viewer/2022060609/60603a329a589e12cc41780e/html5/thumbnails/24.jpg)
Compensating for symmetry
• Restricting PANs is not so easy…. – Payment systems have evolved to use clear PANs – Fraud detection, receipt printing, loyalty,
recurrence, refunding, etc.
• Two strategies – Encrypt the PAN (Tokenization) – Add an authenticator (EMV)
![Page 25: PCATS Annual Conference - Conexxus€¦ · Saved $.73B 2012 • Durbin “1” was flawed, but good • Durbin done right is essential! • Routing will be accretive (TBD) Takeaways:](https://reader033.vdocuments.net/reader033/viewer/2022060609/60603a329a589e12cc41780e/html5/thumbnails/25.jpg)
EMV Authentication
PAN + AC PAN + AC
POS Terminal Intermediate Systems Trusted Host
Card Key + Transaction details => cryptogram
![Page 26: PCATS Annual Conference - Conexxus€¦ · Saved $.73B 2012 • Durbin “1” was flawed, but good • Durbin done right is essential! • Routing will be accretive (TBD) Takeaways:](https://reader033.vdocuments.net/reader033/viewer/2022060609/60603a329a589e12cc41780e/html5/thumbnails/26.jpg)
Encryption and Tokenization
Encrypted PAN
Encrypted PAN
Token
POS Terminal
Intermediate Systems
Trusted Host
Encrypted PAN No 1:1 correspondence with PAN Token 1:1 surrogate value for PAN
![Page 27: PCATS Annual Conference - Conexxus€¦ · Saved $.73B 2012 • Durbin “1” was flawed, but good • Durbin done right is essential! • Routing will be accretive (TBD) Takeaways:](https://reader033.vdocuments.net/reader033/viewer/2022060609/60603a329a589e12cc41780e/html5/thumbnails/27.jpg)
Securing Storage
Credit Card 934-72-2356
Tax ID
Regular AES
FPE / Token 7412 3423 3526 0000
8juYE%Uks&dDFa2345^WFLERG
298-24-2356
7412 3456 7890 0000
Ija&3k24kQarotugDF2390^32
Format preservation in tokenization and encryption processes enables existing processes to work with minimal changes and access to keys.
![Page 28: PCATS Annual Conference - Conexxus€¦ · Saved $.73B 2012 • Durbin “1” was flawed, but good • Durbin done right is essential! • Routing will be accretive (TBD) Takeaways:](https://reader033.vdocuments.net/reader033/viewer/2022060609/60603a329a589e12cc41780e/html5/thumbnails/28.jpg)
Standards Efforts
• Encryption – X9.119 part 1 (and PCATS efforts) – X9.124 (Format Preserving Encryption)
• Tokenization – X9.119 part 2 – EMVCo spec for “payments tokens” – PCI efforts
![Page 29: PCATS Annual Conference - Conexxus€¦ · Saved $.73B 2012 • Durbin “1” was flawed, but good • Durbin done right is essential! • Routing will be accretive (TBD) Takeaways:](https://reader033.vdocuments.net/reader033/viewer/2022060609/60603a329a589e12cc41780e/html5/thumbnails/29.jpg)
PAN Storage
![Page 30: PCATS Annual Conference - Conexxus€¦ · Saved $.73B 2012 • Durbin “1” was flawed, but good • Durbin done right is essential! • Routing will be accretive (TBD) Takeaways:](https://reader033.vdocuments.net/reader033/viewer/2022060609/60603a329a589e12cc41780e/html5/thumbnails/30.jpg)
Storage Deindentification Key: Protect Inbound Deprotect inbound
Partially deprotect
![Page 31: PCATS Annual Conference - Conexxus€¦ · Saved $.73B 2012 • Durbin “1” was flawed, but good • Durbin done right is essential! • Routing will be accretive (TBD) Takeaways:](https://reader033.vdocuments.net/reader033/viewer/2022060609/60603a329a589e12cc41780e/html5/thumbnails/31.jpg)
Keep In Mind…
• Tokenization can create uncomfortably close relationships!
• Once a token is established, undoing the mapping is difficult.
![Page 32: PCATS Annual Conference - Conexxus€¦ · Saved $.73B 2012 • Durbin “1” was flawed, but good • Durbin done right is essential! • Routing will be accretive (TBD) Takeaways:](https://reader033.vdocuments.net/reader033/viewer/2022060609/60603a329a589e12cc41780e/html5/thumbnails/32.jpg)
Is there an alternative to symmetry?
![Page 33: PCATS Annual Conference - Conexxus€¦ · Saved $.73B 2012 • Durbin “1” was flawed, but good • Durbin done right is essential! • Routing will be accretive (TBD) Takeaways:](https://reader033.vdocuments.net/reader033/viewer/2022060609/60603a329a589e12cc41780e/html5/thumbnails/33.jpg)
![Page 34: PCATS Annual Conference - Conexxus€¦ · Saved $.73B 2012 • Durbin “1” was flawed, but good • Durbin done right is essential! • Routing will be accretive (TBD) Takeaways:](https://reader033.vdocuments.net/reader033/viewer/2022060609/60603a329a589e12cc41780e/html5/thumbnails/34.jpg)
The Public-Key Model
Remit: $5 From: 5678-90241 To: 4234-23123
Remit: $5 From: 5678-90241 To: 4234-23123
Signature: 5FA439CD2144…
Remit: $5 From: 5678-90241 To: 4234-23123
Signature: 5FA439CD2144…
Sign
Verify
![Page 35: PCATS Annual Conference - Conexxus€¦ · Saved $.73B 2012 • Durbin “1” was flawed, but good • Durbin done right is essential! • Routing will be accretive (TBD) Takeaways:](https://reader033.vdocuments.net/reader033/viewer/2022060609/60603a329a589e12cc41780e/html5/thumbnails/35.jpg)
The Public-Key Model
Remit: $5 From: 5678-90241 To: 4234-23123
Remit: $5 From: 5678-90241 To: 4234-23123
Signature: 5FA439CD2144…
Remit: $500 From: 5678-90241 To: 4234-23123
Signature: 5FA439CD2144…
Sign
Verify
![Page 36: PCATS Annual Conference - Conexxus€¦ · Saved $.73B 2012 • Durbin “1” was flawed, but good • Durbin done right is essential! • Routing will be accretive (TBD) Takeaways:](https://reader033.vdocuments.net/reader033/viewer/2022060609/60603a329a589e12cc41780e/html5/thumbnails/36.jpg)
Breaking Symmetry
• Nothing to steal at the verifier! • No hard requirement for transaction privacy • Transactions do not reveal secrets
Downsides?
– Computationally harder – Messages are somewhat larger (~100s of bytes) – Disrupts existing business models….
![Page 37: PCATS Annual Conference - Conexxus€¦ · Saved $.73B 2012 • Durbin “1” was flawed, but good • Durbin done right is essential! • Routing will be accretive (TBD) Takeaways:](https://reader033.vdocuments.net/reader033/viewer/2022060609/60603a329a589e12cc41780e/html5/thumbnails/37.jpg)
Public Key in the Real World
• Website authentication • SWIFT transaction signing • P2P Encryption key management
• Enables transition to much more convenient
mobile wallet scenarios
![Page 38: PCATS Annual Conference - Conexxus€¦ · Saved $.73B 2012 • Durbin “1” was flawed, but good • Durbin done right is essential! • Routing will be accretive (TBD) Takeaways:](https://reader033.vdocuments.net/reader033/viewer/2022060609/60603a329a589e12cc41780e/html5/thumbnails/38.jpg)
Two Models
• Symmetric – Transaction completed by verification of a secret – Inherently centralized (one secret holder)
• Public Key – Transaction completed by signature verification – No more secrets, but central verifier – Some trusted party maintains the ledger
Can we take this one step farther?
![Page 39: PCATS Annual Conference - Conexxus€¦ · Saved $.73B 2012 • Durbin “1” was flawed, but good • Durbin done right is essential! • Routing will be accretive (TBD) Takeaways:](https://reader033.vdocuments.net/reader033/viewer/2022060609/60603a329a589e12cc41780e/html5/thumbnails/39.jpg)
What is a ledger?
A verified history of transactions, from which we can derive balances …..
![Page 40: PCATS Annual Conference - Conexxus€¦ · Saved $.73B 2012 • Durbin “1” was flawed, but good • Durbin done right is essential! • Routing will be accretive (TBD) Takeaways:](https://reader033.vdocuments.net/reader033/viewer/2022060609/60603a329a589e12cc41780e/html5/thumbnails/40.jpg)
Centralized ledgers
• Account balances, credit, etc. all extend from trusted ledgers maintained by banks and other FIs
• The security function of a bank is to allow only authorized modifications (credits and debits) from that ledger.
• That function is done with walls, guards, IT controls, and business rules.
![Page 41: PCATS Annual Conference - Conexxus€¦ · Saved $.73B 2012 • Durbin “1” was flawed, but good • Durbin done right is essential! • Routing will be accretive (TBD) Takeaways:](https://reader033.vdocuments.net/reader033/viewer/2022060609/60603a329a589e12cc41780e/html5/thumbnails/41.jpg)
But…
Remit: $500 From: 5678-90241 To: 4234-23123
Signature: 5FA439CD2144…
Verify
Public key signatures defend themselves…we don’t need guards or firewalls if we believe the signing keys are safe…
![Page 42: PCATS Annual Conference - Conexxus€¦ · Saved $.73B 2012 • Durbin “1” was flawed, but good • Durbin done right is essential! • Routing will be accretive (TBD) Takeaways:](https://reader033.vdocuments.net/reader033/viewer/2022060609/60603a329a589e12cc41780e/html5/thumbnails/42.jpg)
Ledger = A group of transactions
Remit: $500 From: 5678-90241 To: 4234-23123
Signature: 5FA439CD2144…
Remit: $145.66 From: 5551-2001 To: 4234-23123
Signature: 6411339FE41…
Remit: $213.45 From: 5678-90241 To: 1234-23434
Signature: 98324A344588…
Remit: $100.11 From: 5611-11234 To: 4599-23244
Signature: 67812FA432435..
….this record could be public!
![Page 43: PCATS Annual Conference - Conexxus€¦ · Saved $.73B 2012 • Durbin “1” was flawed, but good • Durbin done right is essential! • Routing will be accretive (TBD) Takeaways:](https://reader033.vdocuments.net/reader033/viewer/2022060609/60603a329a589e12cc41780e/html5/thumbnails/43.jpg)
If only….
there was some way to keep bad transactions (double spending, cancels) out of the record of signed transactions!
![Page 44: PCATS Annual Conference - Conexxus€¦ · Saved $.73B 2012 • Durbin “1” was flawed, but good • Durbin done right is essential! • Routing will be accretive (TBD) Takeaways:](https://reader033.vdocuments.net/reader033/viewer/2022060609/60603a329a589e12cc41780e/html5/thumbnails/44.jpg)
Uh oh…
![Page 45: PCATS Annual Conference - Conexxus€¦ · Saved $.73B 2012 • Durbin “1” was flawed, but good • Durbin done right is essential! • Routing will be accretive (TBD) Takeaways:](https://reader033.vdocuments.net/reader033/viewer/2022060609/60603a329a589e12cc41780e/html5/thumbnails/45.jpg)
Bitcoin?
• The bitcoin paper offers a way to build “distributed consensus” on a public ledger, also called a “blockchain.” – Miners compete to get rewards for validating
transactions.
• Outside of opinions about bitcoin as a currency, this points to the ability to build all kinds of decentralized payment vehicles.
![Page 46: PCATS Annual Conference - Conexxus€¦ · Saved $.73B 2012 • Durbin “1” was flawed, but good • Durbin done right is essential! • Routing will be accretive (TBD) Takeaways:](https://reader033.vdocuments.net/reader033/viewer/2022060609/60603a329a589e12cc41780e/html5/thumbnails/46.jpg)
How Do I Pay With BTC?
• Users have wallets which contain signing keys • A transaction consists of a signed message:
Remit: 5.0 BTC From: 5678-90241 To: 4234-23123
Signature: 5FA439CD2144…
Sender Key ID
Recipient Key ID
This is all pretty conventional…
![Page 47: PCATS Annual Conference - Conexxus€¦ · Saved $.73B 2012 • Durbin “1” was flawed, but good • Durbin done right is essential! • Routing will be accretive (TBD) Takeaways:](https://reader033.vdocuments.net/reader033/viewer/2022060609/60603a329a589e12cc41780e/html5/thumbnails/47.jpg)
Where does it go?
• In previous systems, it would go to a trusted authority (DigiCash, etc.)
• In bitcoin, we send it to everyone • Transactions sent to all nodes
– “Miners” compete to validate transactions – New validated transactions become a block
• Like a page in the ledger
– Finding a valid block awards new BTC
![Page 48: PCATS Annual Conference - Conexxus€¦ · Saved $.73B 2012 • Durbin “1” was flawed, but good • Durbin done right is essential! • Routing will be accretive (TBD) Takeaways:](https://reader033.vdocuments.net/reader033/viewer/2022060609/60603a329a589e12cc41780e/html5/thumbnails/48.jpg)
Sample blocks & transaction
![Page 49: PCATS Annual Conference - Conexxus€¦ · Saved $.73B 2012 • Durbin “1” was flawed, but good • Durbin done right is essential! • Routing will be accretive (TBD) Takeaways:](https://reader033.vdocuments.net/reader033/viewer/2022060609/60603a329a589e12cc41780e/html5/thumbnails/49.jpg)
Competition
• Basis: Competiting consensus instead of centrality
• How much competition?
![Page 50: PCATS Annual Conference - Conexxus€¦ · Saved $.73B 2012 • Durbin “1” was flawed, but good • Durbin done right is essential! • Routing will be accretive (TBD) Takeaways:](https://reader033.vdocuments.net/reader033/viewer/2022060609/60603a329a589e12cc41780e/html5/thumbnails/50.jpg)
Modern Mining
![Page 51: PCATS Annual Conference - Conexxus€¦ · Saved $.73B 2012 • Durbin “1” was flawed, but good • Durbin done right is essential! • Routing will be accretive (TBD) Takeaways:](https://reader033.vdocuments.net/reader033/viewer/2022060609/60603a329a589e12cc41780e/html5/thumbnails/51.jpg)
Does This Make Any Sense?
• Maybe not.. • But the idea of distributed consensus is
driving hundreds of applications – Voting – Internet name binding – Contracts – Payments?
![Page 52: PCATS Annual Conference - Conexxus€¦ · Saved $.73B 2012 • Durbin “1” was flawed, but good • Durbin done right is essential! • Routing will be accretive (TBD) Takeaways:](https://reader033.vdocuments.net/reader033/viewer/2022060609/60603a329a589e12cc41780e/html5/thumbnails/52.jpg)
Conclusions
• The somewhat vintage design of the payment system makes security a challenge
• Payment Security will evolve in phases: – Now: P2PE and Tokenization – Near-future: EMV and Tokenization – Future: Public key? Cryptocurrencies?
![Page 53: PCATS Annual Conference - Conexxus€¦ · Saved $.73B 2012 • Durbin “1” was flawed, but good • Durbin done right is essential! • Routing will be accretive (TBD) Takeaways:](https://reader033.vdocuments.net/reader033/viewer/2022060609/60603a329a589e12cc41780e/html5/thumbnails/53.jpg)
PAYMENTS ARE TECHNOLOGY… TECHNOLOGY IS POLICY
Terence Spies
![Page 54: PCATS Annual Conference - Conexxus€¦ · Saved $.73B 2012 • Durbin “1” was flawed, but good • Durbin done right is essential! • Routing will be accretive (TBD) Takeaways:](https://reader033.vdocuments.net/reader033/viewer/2022060609/60603a329a589e12cc41780e/html5/thumbnails/54.jpg)
• PCATS/NACS advocate government endorsement… – Government adoption of payment standards, NOT EMVCo
or PCI – Payments as a matter of national security
• Open dialogue between stakeholders
– Payment platforms a matter of economic health • “Frictionless” economy through digitization
• Improve relationships with regulators/agencies – Drive for open and comprehensive “wallet” – Federal reserve (Durbin revisions, payment platforms) – Organize stakeholders: DoD, DHS, State Department, States
![Page 55: PCATS Annual Conference - Conexxus€¦ · Saved $.73B 2012 • Durbin “1” was flawed, but good • Durbin done right is essential! • Routing will be accretive (TBD) Takeaways:](https://reader033.vdocuments.net/reader033/viewer/2022060609/60603a329a589e12cc41780e/html5/thumbnails/55.jpg)
Spheres of Advocacy
• Congress • Homeland Security, Energy and Commerce, Financial Svcs
• Regulators • Federal Reserve Board(s)
– Kansas City FRB: Payment Card Fraud Costs – Philadelphia FRB: Payment Card Security – Boston/Atlanta FRB: Mobile Payments – Minneapolis FRB: EMV Standardization
• Agencies • Federal Trade Commission • Treasury • Department of Homeland Security • NIST • Law enforcement & intelligence (FBI, NSA, CIA)
• Standards groups
NEW Playing Fields: • Financial Services Roundtable • The Clearing House • NACHA • ABA
![Page 56: PCATS Annual Conference - Conexxus€¦ · Saved $.73B 2012 • Durbin “1” was flawed, but good • Durbin done right is essential! • Routing will be accretive (TBD) Takeaways:](https://reader033.vdocuments.net/reader033/viewer/2022060609/60603a329a589e12cc41780e/html5/thumbnails/56.jpg)
Rational Policy: A Roadmap
• Our system is broken, and we are at risk: – Payments are critical to our national security – Authentication of account is meaningless – There are no “clean” computing environments
• We need a stakeholder-driven strategy: – Accredited standards developed in transparency – Less focus on business models, more on what’s right – America to lead the world to next generation
payments – Secure transactions in the “dirtiest” of environments – Protect privacy through secure authentication
![Page 57: PCATS Annual Conference - Conexxus€¦ · Saved $.73B 2012 • Durbin “1” was flawed, but good • Durbin done right is essential! • Routing will be accretive (TBD) Takeaways:](https://reader033.vdocuments.net/reader033/viewer/2022060609/60603a329a589e12cc41780e/html5/thumbnails/57.jpg)
Thank you – Questions?