La formazione in banca a due anni dall

1
Implementing the SEPA Cards Framework (SCF)
Towards greater security for card payments
Cédric SARAZIN Chairman of EPC Card Fraud
Prevention Task Force Development Strategy
Director, Cartes Bancaires CB
2
1- Card fraud prevention need for a cooperative
approach
3
Card fraud in SEPA some facts

• Approximately 10 million fraudulent transactions
  per year in the SEPA area affecting 500,000
  merchants and representing roughly 1 billion
  losses for the banking industry
• Scale, extent and level ? Pan-European issue
• Card fraud damages image of banking industry and
  acceptance of electronic payment instruments
• Fraud prevention within the cooperative space,
  and a societal obligation for all stakeholders

4
EPC approach to fraud prevention

• An essential, if not paramount, ingredient
  needed to build the SEPA is the degree of Trust
  and Confidence perceived by all the parties
  involved in a card transaction. ()
• There should be a concerted effort to attain a
  uniform level of equipment in the different zones
  of SEPA, so that any cardholder who wishes to pay
  with a card is provided with the same facility,
  and the same level of security, in each of the
  different Member States.
• Source EPC Cards WG Findings Recommendations,
  Jan. 2003

5
EPC Cards WG Recommendation Nr. 1, January 2003

• The banking industry should reinforce actions to
  prevent and combat fraud through active
  co-operation between banks, card schemes,
  retailers, the Eurosystem, the European
  Commission, law enforcement authorities,
  governments, and other stakeholders. Minimum
  security standards (including EMV chip) and a
  common approach for tackling fraud will be
  defined, and their implementation monitored.

6
EPC Card Fraud Prevention TF

• Task Force of EPC Cards WG
• Created in March 2003
• Participation of ECB, EC, and card schemes
• EPC Forum on Fighting Card Fraud across Europe,
  Paris, 8-9 October 2003
• Industry Battle Plan to combat card fraud
• EPC Resolution on Fighting and preventing card
  fraud across Europe (approved in Dec. 2003)
• Participation in EU Fraud Prevention Experts Group

7
Fighting and preventing card fraud across Europe
actions completed

• European antifraud database opportunity and
  feasibility study
• Consolidated security standards and procedures
• European antifraud toolkit
• EMV implementation snapshot
• Inventory of standardisation initiatives
• Strengthen EPC involvement in the EU Fraud
  Prevention Experts Group
• Best practices section on EC website

8
Types of Fraud

• 2 very different phases
• Attack (Data Capture)
• Theft of card
• Compromise of card details PIN
• etc.
• Usage (Misuse)
• Use of stolen card
• Use of manufactured counterfeit
• etc.
• Need to react / prevent at every level
• Prevent Identify React Limit consequences
  etc.

9
2- EMV roll-out migration status in SEPA

• EPC figures as of end September 2006 (Q3 2006)

10
EMV roll-out status in EU-25

• As of end September 2006
• 50.0 of payments cards (debit credit)
• 47.1 of POS terminals
• 56.6 of ATMs
• had already been converted to EMV
• Source EPC quarterly EMV Implementation
  Snapshots

11
(No Transcript)
12
EMV Migration in EU25 Cards in EU25
100
90
80
70
60
50
40
30
20
10
0
Q1 04
Q2 04
Q3 04
Q4 04
Q1 05
Q2 05
Q3 05
Q4 05
Q1 06
Q2 06
Q3 06
Q4 06
Q1 07
Q2 07
Q3 07
Q4 07
Q1 08
Q2 08
Q3 08
Q4 08
Q1 09
Q2 09
Q3 09
Q4 09
Q1 10
Q2 10
Q3 10
13
EMV Migration in EU25 POS in EU25
14
EMV Migration in EU25 of EMV ATMs in EU25
15
EMV accompanying measures

• Implementation monitoring by EPC Card Fraud
  Prevention Task Force
• Overview of EMV liability shift rule
  implementation (deadline 01-01-2008) not only
  for cross-border transactions, but also for
  national transactions!
• Overview of EMV transactions and magstripe
  fallback rates at POS/ATMs comparison with EMV
  implementation snapshot identification of
  possible issues
• Overview of EMV acceptance holes best
  practices to convince petrol and vending sectors
  to migrate overview of terminal types present in
  SEPA

16
3- Latest EPC initiatives in the area of card
fraud prevention
17
Card fraud prevention 3 new axis of work (1/3)

• Issue problems at POS ATMs with magstripe
  fallback on EMV transactions
• ? Proposal shift the liability of fraud losses
  in case of EMV magstripe fallback from the issuer
  to the acquirer as from 1st January 2008 for ATM
  transactions. Consider a similar measure on POS
  transactions at a date to be defined.

18
Card fraud prevention 3 new axis of work (2/3)

• Issue fast increasing CNP fraud
• ? Proposal card schemes to mandate as from 1st
  Jan. 08- acquirers to acquire and transmit CVX2
  values for e-commerce transactions- issuers to
  decline any authorization request made with a
  false CVX2 and any authorization request not
  carrying a CVX2 value for those transactions.
• ? Proposal card schemes to analyse a similar
  rule for MOTO transactions.
• ? Proposal card schemes to incentivise 3DSecure
  implementation by protecting acquirers from
  liability when the merchant is 3DSecure enabled,
  as from 1st January 2009.

19
Card fraud prevention 3 new axis of work (3/3)

• Issue lack of aggregated statistics on card
  fraud in SEPA difficulty to monitor trends
• ? Proposal collection of aggregated statistics
  on card fraud in SEPA through card schemes and
  using the intermediary of the ECB as a trusted
  third party fraud categories those currently
  commonly used by international schemes (Lost
  Stolen Card Not Received Counterfeit Card Not
  Present and others).

20
Thank you for your attention !
www.europeanpaymentscouncil.org
cedric-sarazin_at_cartes-bancaires.com