trends & compliance - prodevmedia.com · mastercard® and visa®), emv is a global standard for...
TRANSCRIPT
3
What is EMV?
EMV: Named after its original
developers (Europay,
MasterCard® and Visa®), EMV
is a global standard for chip
cards featuring embedded
microprocessor chips that store
and protect cardholder data.
3
4
When is EMV Coming to the U.S.?
Fraud Liabi l i ty Shif t for Non-Gasol ineRetai lers
OCT
Fraud Liabi l i tyShif t for Gasol ine Retai lers
OCT
2015 2017
4
5
Worldwide EMV Deployment and Adoption
Figures reported in Q4 2013 and represent the latest statistics from American Express, Discover, JCB, MasterCard, UnionPay and Visa, as reported bytheir member institutions globally.
Source: Estimates stated from The Smart Card Alliance/EMV Migration Forum, May 2014
Region EMVCards
Adoption Rate
EMVTerminals
Adoption Rate
Western Europe 794M 81.6% 12.2M 99.9%
Canada, Latin America and the Caribbean
471M 54.2% 7.1M 84.7%
Africa and Middle East 77M 38.9% 699K 86.3%
Eastern Europe 84M 24.4% 1.4M 91.2%
Asia Pacific 942M 17.4% 15.6M 71.7%
Region EMVCards
Adoption Rate
EMVTerminals
Adoption Rate
United States [estimates] ~17-20M ~1-2% ~2M ~20%
5
7
How EMV Works
EMV utilizes a decision based process• Two Factor Authentication.
Two factor Authentication requires the use of two of three authentication factors:• Something you know (i.e. PIN)• Something you have (i.e. Credit Card)• Something you are (i.e. Fingerprint)
In the U.S., there are 2 primary ways to authenticate an EMV card: • Signature Verification (“Chip and Sign”)• PIN verification (“Chip and PIN”)
The decision process for the transaction itself is similar to today• Authorize or decline based on Risk Factors.
8
Terminal device will detectchip card vs. magnetic
stripe
Stolen data cannot be reusable in a chip
transaction
Dynamic data generated by the
chip for every transaction
How Does Chip Technology Increase Security?
Secure storage of data
Embedded microprocessor –
strong security
8
9
BHEREISYOURCARDNUMBER^HEREIS/YOURNAME^EXPIREDATESERVICECODECVVBHEREISYOURCARDNUMBER^HEREIS/YOURNAME^EXPIREDATESERVICECODECVVBHEREISYOURCARDNUMBER^HEREIS/YOURNAME^EXPIREDATESERVICECODECVVBHEREISYOURCARDNUMBER^HEREIS/YOURNAME^EXPIREDATESERVICECODECVVBHEREISYOURCARDNUMBER^HEREIS/YOURNAME^EXPIREDATESERVICECODECVVBHEREISYOURCARDNUMBER^HEREIS/YOURNAME^EXPIREDATESERVICECODECVVBHEREISYOURCARDNUMBER^HEREIS/YOURNAME^EXPIREDATESERVICECODECVVBHEREISYOURCARDNUMBER^HEREIS/YOURNAME^EXPIREDATESERVICECODECVVBHEREISYOURCARDNUMBER^HEREIS/YOURNAME^EXPIREDATESERVICECODECVV
Easy to read.Easy to replicate.
Magnetic Stripe Data
9
11
EMV – What it is… and What it isn’t
EMVwill:
Prevent counterfeit fraud at the point of sale
EMVwill not:
Protect against card-not-present fraud
Protect against counterfeiting cards
Prevent data breaches
Create a different point-of-sale experience (“dip” vs “swipe”)
Always require a PIN
Store cardholder data on a chip
Be vulnerable to wireless interception of data
Require a new card Eliminate the need for magnetic stripe
See growing adoption in theU.S. in the next 12-18 months
Be universally adopted in theU.S. for 3-4 years
1
13
Card Stays in the Terminal
Cardholder Experience
Non EMV TerminalTransaction processing
per existing processtakes place
Cardholder swipes card at the
POS terminal
Cardholder provides signature verification
EMV Enabled TerminalTransactionCardholder
inserts cardin the POS
terminal
Cardholder inserts(“dips”) card; OR swipes
card, and is then prompted to insert card
Cardholderprovidessignatureverification
complete; cardholder
removes cardfrom terminal
1
14
EMV Benefits
Advanced security benefits all parties involved in processing payments
Consumers • Peace of mind. • Improved global acceptance.
Merchants• Fewer fraud‐related chargebacks due to stolen cards and skimming. • Increased customer satisfaction with their international patrons• Ready for the future of mobile wallets and other innovations.
Card issuers and payment processors• Reduction in counterfeit card fraud. • Leverage future innovations in mobile commerce.
15
U.S. Timeline for EMV - “carrots” and “sticks”
Visa, MasterCard, American Express and Discover have released EMV strategies and are all aligned on timelines and requirements: April 2013: Acquirer Chip Processing Mandate
Acquirers and processors must support the ability to process EMV transactions and NFC contactless payments.
October 2015: Liability Shift from Issuer to Merchant Merchants will be liable for domestic and cross‐border counterfeit fraud
committed at the point of sale if they are not using a compliant EMV & NFC POS solution A non‐compliant merchant is liable for fraud that occurs on any chip card
used on a magnetic swipe terminal. A non‐compliant issuer is liable for fraud that occurs on any magnetic
stripe card used on a chip card‐enabled terminal.
17
Market Information today
Historical shift towards Corporate Liability programs
Individual Liability was the predominant platform for original card programs
There are some hybrid platforms in place today, both Corporate and Individual Liability
18
Benefits of Corporate Liability
No individual credit reviews or individual credit scoring Card end usage parameters
built into control functions of program Compliance to Local laws
and/or Union Contracts Reduced privacy concerns as
you are not sharing personal employee data with card issuer Program consistency and
conformity to policies
Preserve rebate due to high write-offs Ease Accounting and
expense processes (split payment process to employee and card) Ensure accountability by
employee for only business use Consolidate to a singe "card"
program (One Card) Reduce & streamline the
number of cards carried
20
Travel VirtualPay Solutions
Designed to help improve the travel booking and reconciliation process
Offers a secure and convenient automated payment solution that replaces traditional central billing methods
• CTS/Ghost accounts• Hotel direct bill• Travel agency invoice
20
21
Common Challenges in Central Bill Programs
Manual intervention Fraud exposure Data storage and costs Inconsistent reporting
• Eliminates manual data processing
• Ensures adherence to travel policies
• Centralizes payments, capturing more transactions that fall outside card program
• Automates 100% matching
• Integrates seamlessly into back office systems
• Issues accounts for authorized travel only
• Controls account parameters
Streamline process and
increase control
Reconcile booking and
paymentImprove security
Reduces cost
Improve security
Reduces cost
Reconcile booking and payment
Improve security Reduce cost
21
22
Best Industry Practices Recommend
Corporate Card
Program
Managed Travel
Automated Expense Reporting
24
The Way to Pay is Changing
Apple Announces Apple Pay in September 2014
Approximately 29 percent of all online retail sales in the United States will be transacted on smartphones and tablets by the end of 2014*
Forrester also expects US Mobile payments to reach $90BB in 2017**
*"US Mobile Phone And Tablet Commerce Forecast, May 2014.
**US Mobile Payments Forecast, January 2013.
25
Mobile Functionality
Mobile applications are working to ensure account information is accessible anywhere via mobile/tablet channels. With this technology employees can quickly manage and stay on top of their business expenses. Generally, the market is seeing growth in applications that provide:
Access to account information anywhere your coverage is available Work/manage and submit of business expenses Variety of mobile applications supporting
• Travel booking and day of travel needs• Expense reporting• Card Management• Receipt Management
27
Questions
Danene Miller – U.S. Bank Corporate Payment Systems• [email protected]• (308)289- 6540
Pam Miller – U.S. Bank Corporate Payment Systems• [email protected]• (503)632-8109
www.usbpayment.com
Uniform Grant Guidance
http://www.whitehouse.gov/omb/grants_docs
Late 2013, Federal government passed legislation entitled “Uniform Administrative Requirements, Cost Principles and Audit Requirements for Federal Awards”
Replaces all governing circulars including: A-21, A-110 and A-133
Biggest change in Federal regulations in 50 years
Overview
Two-year government effort to reform and deliver on the President’s directives to:
1. streamline guidance for Federal awards to ease administrative burden
2. strengthen oversight over Federal funds to reduce risks of waste, fraud and abuse
Ensure best use of over $500 billing expended annually
Impact on Researchers
Costing (direct and indirect)
Financial reporting
Sub-recipient monitoring
Effort Reporting
Fringe Benefits
Procurement
Procurement (§200.317-323)
One-year grace period beginning with the first full fiscal year that starts after the effective date of December 26, 2014
i.e. July 1, 2015, therefore implementation by July 1, 2016.
Council on Financial Assistance Reform (COFAR) (§200.320) https://cfo.gov.coraf/#COFAR2CFR200
https://cfo.gov/wp-content/uploads/2014/11/2014-11-26-Frequently-Asked-Questions.pdf
Does the Uniform Guidance require non-Federal entities to limit charge card purchases to a particular threshold amount?
COFAR
https://cfo.gov/wp-content/uploads/2014/11/2014-11-26-Frequently-Asked-Questions.pdf
No. The Uniform Guidance provides requirements for the internal control framework that surround any purchase, but does not provide any guidance around whether the non-Federal entity uses cash, charge cards, checks, or any other payment medium for the transaction.
P-Card Program Changes
Do you need to change your single transaction limits?
Identify grant spend on your program
Identify how many transactions are above micro-purchase limit of $3,000 (aggregate)
Identify contract spend transactions