Title: La formazione in banca a due anni dall
1Implementing the SEPA Cards Framework (SCF)
Towards greater security for card payments
Cédric SARAZIN Chairman of EPC Card Fraud
Prevention Task Force Development Strategy
Director, Cartes Bancaires CB
21- Card fraud prevention need for a cooperative
approach
3Card fraud in SEPA some facts
- Approximately 10 million fraudulent transactions
per year in the SEPA area affecting 500,000
merchants and representing roughly 1 billion
losses for the banking industry - Scale, extent and level ? Pan-European issue
- Card fraud damages image of banking industry and
acceptance of electronic payment instruments - Fraud prevention within the cooperative space,
and a societal obligation for all stakeholders
4EPC approach to fraud prevention
- An essential, if not paramount, ingredient
needed to build the SEPA is the degree of Trust
and Confidence perceived by all the parties
involved in a card transaction. () - There should be a concerted effort to attain a
uniform level of equipment in the different zones
of SEPA, so that any cardholder who wishes to pay
with a card is provided with the same facility,
and the same level of security, in each of the
different Member States. - Source EPC Cards WG Findings Recommendations,
Jan. 2003
5EPC Cards WG Recommendation Nr. 1, January 2003
- The banking industry should reinforce actions to
prevent and combat fraud through active
co-operation between banks, card schemes,
retailers, the Eurosystem, the European
Commission, law enforcement authorities,
governments, and other stakeholders. Minimum
security standards (including EMV chip) and a
common approach for tackling fraud will be
defined, and their implementation monitored.
6EPC Card Fraud Prevention TF
- Task Force of EPC Cards WG
- Created in March 2003
- Participation of ECB, EC, and card schemes
- EPC Forum on Fighting Card Fraud across Europe,
Paris, 8-9 October 2003 - Industry Battle Plan to combat card fraud
- EPC Resolution on Fighting and preventing card
fraud across Europe (approved in Dec. 2003) - Participation in EU Fraud Prevention Experts Group
7Fighting and preventing card fraud across Europe
actions completed
- European antifraud database opportunity and
feasibility study - Consolidated security standards and procedures
- European antifraud toolkit
- EMV implementation snapshot
- Inventory of standardisation initiatives
- Strengthen EPC involvement in the EU Fraud
Prevention Experts Group - Best practices section on EC website
8Types of Fraud
- 2 very different phases
- Attack (Data Capture)
- Theft of card
- Compromise of card details PIN
- etc.
- Usage (Misuse)
- Use of stolen card
- Use of manufactured counterfeit
- etc.
- Need to react / prevent at every level
- Prevent Identify React Limit consequences
etc.
92- EMV roll-out migration status in SEPA
- EPC figures as of end September 2006 (Q3 2006)
10EMV roll-out status in EU-25
- As of end September 2006
- 50.0 of payments cards (debit credit)
- 47.1 of POS terminals
- 56.6 of ATMs
- had already been converted to EMV
- Source EPC quarterly EMV Implementation
Snapshots
11(No Transcript)
12EMV Migration in EU25 Cards in EU25
100
90
80
70
60
50
40
30
20
10
0
Q1 04
Q2 04
Q3 04
Q4 04
Q1 05
Q2 05
Q3 05
Q4 05
Q1 06
Q2 06
Q3 06
Q4 06
Q1 07
Q2 07
Q3 07
Q4 07
Q1 08
Q2 08
Q3 08
Q4 08
Q1 09
Q2 09
Q3 09
Q4 09
Q1 10
Q2 10
Q3 10
13EMV Migration in EU25 POS in EU25
14EMV Migration in EU25 of EMV ATMs in EU25
15EMV accompanying measures
- Implementation monitoring by EPC Card Fraud
Prevention Task Force - Overview of EMV liability shift rule
implementation (deadline 01-01-2008) not only
for cross-border transactions, but also for
national transactions! - Overview of EMV transactions and magstripe
fallback rates at POS/ATMs comparison with EMV
implementation snapshot identification of
possible issues - Overview of EMV acceptance holes best
practices to convince petrol and vending sectors
to migrate overview of terminal types present in
SEPA
163- Latest EPC initiatives in the area of card
fraud prevention
17Card fraud prevention 3 new axis of work (1/3)
- Issue problems at POS ATMs with magstripe
fallback on EMV transactions -
- ? Proposal shift the liability of fraud losses
in case of EMV magstripe fallback from the issuer
to the acquirer as from 1st January 2008 for ATM
transactions. Consider a similar measure on POS
transactions at a date to be defined.
18Card fraud prevention 3 new axis of work (2/3)
- Issue fast increasing CNP fraud
- ? Proposal card schemes to mandate as from 1st
Jan. 08- acquirers to acquire and transmit CVX2
values for e-commerce transactions- issuers to
decline any authorization request made with a
false CVX2 and any authorization request not
carrying a CVX2 value for those transactions. - ? Proposal card schemes to analyse a similar
rule for MOTO transactions. - ? Proposal card schemes to incentivise 3DSecure
implementation by protecting acquirers from
liability when the merchant is 3DSecure enabled,
as from 1st January 2009.
19Card fraud prevention 3 new axis of work (3/3)
- Issue lack of aggregated statistics on card
fraud in SEPA difficulty to monitor trends - ? Proposal collection of aggregated statistics
on card fraud in SEPA through card schemes and
using the intermediary of the ECB as a trusted
third party fraud categories those currently
commonly used by international schemes (Lost
Stolen Card Not Received Counterfeit Card Not
Present and others).
20Thank you for your attention !
www.europeanpaymentscouncil.org
cedric-sarazin_at_cartes-bancaires.com