Mobile Payment @ the POS - PowerPoint PPT Presentation

About This Presentation
Title:

Mobile Payment @ the POS

Description:

REGIONAL NETWORKS. GLOBAL. NETWORKS. Merchant. Issuer. Acquirer. Every few decades, an industry gets hit by a tsunami of changes. U.S. Payments Industry. Consumer – PowerPoint PPT presentation

Number of Views:190
Avg rating:3.0/5.0
Slides: 36
Provided by: frba9
Learn more at: https://frbatlanta.org
Category:

less

Transcript and Presenter's Notes

Title: Mobile Payment @ the POS


1
Technology in Retail Payment Innovations
  • Mobile Payment _at_ the POS
  • Jack Jania
  • SVP Gemalto
  • Jack.Jania_at_gemalto.com
  • October 2012

2
Agenda
  • The changing POS payment environment
  • Mag-Stripe, EMV, NFC.
  • NFC - TSM ecosystem
  • NFC Payment examples
  • Conclusion

3
Every few decades, an industry gets hit by a
tsunami of changes
U.S. PaymentsIndustry
  • 2011 Key Changes
  • Isis announcement
  • EMV Liability Shift
  • Durbin Amendment

REGIONAL NETWORKS
EMV Durbin Mobile
GLOBALNETWORKS
4
The associations have a technology solution ready
today
VSDC
MChip
D-Pas
AEIPS
WLEMV
EMV 4.3 CompliantApps
5
Agenda
  • The changing POS payment environment
  • Mag-Stripe, EMV, NFC.
  • NFC - TSM ecosystem
  • NFC Payment examples
  • Conclusion

6
Mag-stripe transaction
  • Mag-stripe data is read by the POS
  • The data is STATIC identical for each
    transaction
  • CVC/CVV is the encryption of (PAN, Expiry date,
    Service Code) using a key specific to that card.
    This key can be retrieved by the issuer
    authorization system.

7
Magstripe transaction
  • The POS computes the authorization request and
    sends it to the issuer authorization system

8
Magstripe transaction
  • The authorization system performs risk management
  • It also checks the validity of the CVC/CVV by
    recalculating it using
  • the (PAN, Expiry date, Service code) transmitted
    in the authorization request
  • the secret key associated to that card.
  • If the CVC/CVV is validated, the card is
    considered genuine

9
Magstripe transaction
Authorization Response Approved / Declined
  • The authorization response is sent back to the
    POS.

10
Mag-stripe transactions
  • Mag-stripe cards are easy to clone
  • Card authentication is based on STATIC data
  • ? Cloned cards will be considered authentic,
    since they carry the same data as real cards

11
EMV Contact Contactless Cards
Mag-stripe on the back
Contactless Antenna inside
EMV Chip
12
Mag-Stripe vs EMV transactional data
  • 000000000000000000083902014A200228830C8859DE1F37E
    74D8B657FB70D110108002C035400BA038001C0003200000E1
    6181E20242A8488A8AEB2CADADC000000621C7310080384006
    21C5A0808038400621C4108080384006216030003030000621
    DFA0008038400621F880402048000621450000202000062108
    4040204000062149500010480006205F5000604800062116D0
    0030200006212610003028000621CAC0008038400621E66000
    80384000000000000000000000000000000000062196B00620
    17B0062049C006206930062073C0062097D00620A1800620A5
    E00620B3700620B3B00620E5F00620ECB00621EF50062218C0
    06222350000000000000000000021E921AB21A721E521C2219
    E03800380043A0756075B07880C880080043A105A00C004BA1
    85A057A5A000005FA005A000005FA005A05FA05FA000020202
    00005010100000110160600010000558988FFA000000004101
    0006200000000000000000000000000000014145A100000035
    1080000005A554E2003040000EA60004E200F0000000000000
    000000000000000000000067A0A16051316232636000000000
    000005A83C13175E543256125AB0EE34F54EAA431EA2AE5572
    64CC12A1F6E868A268994000000000000000062E0D0833DB0F
    19D15DC4C706DE3BCAB0000000000000000A291D970A2C20DF
    76EE60E022CB646C1000000000000000000000000000000000
    00000000000000000000000000000000000000000000000000
    000005AAD126F5A5A5A5A5A000000000000000000000000FF0
    100000000000000000100005B6373B15ABED28E130038FCE57
    D5A752AD9B0CF98F50000000000000000241234FFFFFFFFFF0
    0000000000000000000000000000000000000000000000000F
    FFFFFFFFFFFFFFF5A000000000000000000000000000000000
    0002B084008400010000000002500000000000075300000000
    30000030000000000000000000000000000000000000000000
    00000084000000008400000000840000000084000000008400
    00000000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFF000000000
    0000000800000000019500019FB0039000C100102011801010
    02001010000000000000000000000000000000000000000000
    00000000000000000000000000000000000000000000000000
    0000000000000000000000000000000000000000000A19F270
    19F02065F2A029A039F36029F5206000000000000000000000
    00000000000000000000000000000000000D55502F60200D65
    50295029F1455029D019F235502AA0100CA5502970600CB550
    2A40600C45502FB0300C55502FE0300C35502F80300C955029
    10200D15502C3199F4F9503541100C85502930200945603042
    000825603010200C75502900100D35502DC1200D7550324039
    FA15502AB069FA25502BD0600CD55032A0300CE55032D0300C
    F5503270300DE9502740900D95603332000D8560330029FA75
    503530100DA5602F20200DB5602F40200DC5602EE0200DD560
    2F0028577C46B600E5D1ECC0FE9EB0F42B13E15FEA9F7479A0
    F3217C4BCD742108178D9FB07D11F32A2426098F1328BF92E6
    CCEF353D1FD4386C68DDD9B9EA1EEAB978E5B8B3074BB128D0
    7F50B207148DEAAD0C034B755ED83A38BD82B2A74D69CE1E65
    F0B9E7454BE9224FB65AA859BEA5DFBBEAB631A51FB1F5F54E
    16F3934C8DFC833A6A110158BAE3217DEE096E409DD20FDFEF
    2EB6716CB23A71B42E318C23546F88BB9AECBF36390E569CBD
    1F5C5A3366CFDBAFBE54A29D4CC696DF2E60163D58950C8AF1
    89BD38BEF90B0A9ED4E0039204F1300E4457551C440BFAF41E
    B52D98E916DAE7F1DDB3779187FC869DF8CF99E0114A77AF8A
    F0EFF5226D5CF2D4F9E8C2A50FF6B6FD1E4AEFA2C2308570DB
    429258FCEF9C41632B76BB3A85F5F9C58B15DC022E4D24CD6F
    A60209F8794C2BE1A7C11DBD2DAFBDF6D8E7A5E7293E4A6FE5
    C7543EE99376B5FB7CD702AF3E93D3B35677B1F6EDD991B1CB
    9AFA76A2A5FBAB440926BC82AC3DAD41C7993EE7AADCB7F215
    5D0AC417092713E4209C6B4EF252DD204CE8DF2FC9DB8F557D
    B74BD409D2B5F948ECC076CF453E991A388B3F69EF827FAC9B
    952237C92A10BC1A6FC2CE80E8F0257A24DDAD08E74E145D48
    D0000000000000000000000000000000000000000000000000
    00000000000000000000000000000000000000000000000000
    00000000000000000000000000000000000000000000000000
    00000000000000000000000000000000000000000000000000
    00000000000000000000000000000000000000000000000000
    00000000000000000000000000000000000000000000000000
    00000000000000000000000000000000000000000000000000
    00000000000000000000000000000000000000000000000000
    00000000000000000000000000000000000000000000000000
    00000000000000000000000000000000000000000000000000
    00000000000000000000000000000000000000000000000000
    00000000000000000000000000000000000000000000000000
    00000000000000000000000000000000000000000000000000
    00000000000000000000000000000000000000000000000041
    41C243C0774076B077C076E078007700784077202010201010
    1010101078800FF088800FF098800FF0A8800FF0B8800FF867
    081835F25031101125F24031312319F0702FF005A085589880
    0000000015F3401018E10000000000000000042015E0342031
    F039F0D05B8508C88009F0E0500000000009F0F05B8708C980
    05F280208409F4A01828C219F02069F03069F1A0295055F2A0
    29A039C019F37049F35019F45029F4C089F34038D0C910A8A0
    295059F37049F4C08000000000000000000000000000000000
    00000000000000000000000000000000000000000000000000
    00000000000000000000000000000000000000000000000000
    00000000000000000000000000000000000000000000000000
    00000000000000000000000000000000000000000000000000
    00000000033703157135589880000000001D13122019990000
    000001F5F200B5354524F55442F4A4546469F080200029F420
    208409F4401020000000000000000000000000000000000000
    00000000000000000000000000000000000000000000000000
    00000000000000000000000000000000000000000000000000
    00000000000000000000000000000000000000000000000000
    00000000000000000000000000000000000000000000000000
    00000000000000000000000000000000000000000000000000
    00000000000000000000000000000000000000000000000000
    00000000000000000000000000000000000000000000000000
    000000000000000000000C37081C08F01F39081902E9E82DF9
    12E0C73BD3C3F77A530A70998DB353D61651CE91623F20FA97
    938001E23C32A1BBDB33B99F04D7BA496E2C205FAAD8413584
    18B47BD39671D88957ECF4AF08D6C13F1B7EBA6BF21A893A3F
    3469978D43DB7634D5CAA1C15396242B99BE3988B7A5CF2B44
    288E9FF29097AF02D9A61B6C27CE89390A94F738772811713E
    D38F1F5D29122FB824DFC7701CF2B92242B97330BA4E9A6F28
    8D450D98F9BB36D9ABF001EEF883F51D99B683ADD8EBE99577
    E83C99F3201030000000000000000000000000000000000000
    00000000000000000000000000000000000000000000000000
    000000000000000000000000000000000BE7081BB9F4681901
    44F280DB621BE009632BF0CD887BFC885DC62885BA2CCC951D
    7DEDA9B34B7CDC07BC822D5D6CB555F5B881141F57069D4E77
    9FE8A85BDBFE69801BAB48385D75BEE0D4806AA9A20141B705
    74B58342205DC344B8BB4D94909B4EA3996A9372B9E4044537
    FA2E0FC3A26BAEABAFEBCEE1060E3DE4D1A2319D277AFB0732
    602D4F2353A955868D21C9C5394A74D98F7AE9F4701039F481
    AB952237C92A10BC1A6FC2CE80E8F0257A24DDAD08E74E145D
    48D9F49039F370400000000000000000000000000000000000
    00000000000000000000000000000000000000000000000000
    0000000000000000000000000000000000000000000001F701
    D9F5501F09F56160180007FFFFFF0000000000000000000300
    0FF00000000000000000000000000000000000000000000000
    00000000000000000000000000000000000000000000000000
    00000000000000000000000000000000000000000000000000
    00000000000000000000000000000000000000000000000000
    00000000000000000000000000000000000000000000000000
    00000000000000000000000000000000000000000000000000
    00000000000000000000000000000000000000000000000000
    00000000000000000000000000000000000000000000000000
    00000000000000000000000000000000000000000000000000
    0000000001761154F07A0000000041010500A4D41535445524
    341524400296F278407A0000000041010A51C500A4D4153544
    552434152448701015F2D02656EBF0C059F4D020B0A0000000
    0
  • B5268xxxxxxxxxxxxSmith/John11012011660400000000
    0000000000000?
  • 5268xxxxxxxxxxxx11012011660400000000?

13
EMV chip transaction Online
  • Transaction initiation POS and card exchange
    data
  • Track 2 equivalent data
  • Card settings and capabilities
  • Transaction data (amount, currency, date, etc)

14
EMV chip transaction Online
  • Card generates an Authorization ReQuest
    Cryptogram (ARQC).
  • ARQC is the encryption of card and terminal data
    using a secret key specific to that card. This
    key can be retrieved by the issuer authorization
    system.
  • ARQC is a DYNAMIC cryptogram it is different for
    each transaction

15
EMV chip transaction
  • ATC is a transaction counter
  • It is incremented for each transaction
  • ? The card will never generate the same ARQC
    value twice

ATC Amount Currency Date
ARQC
16
EMV contact transaction Online
  • Authorization request is sent to the issuer
    authorization system
  • Same data as a mag-stripe transaction
  • Additional EMV data

17
EMV contact transaction Online
  • The authorization system performs risk management
  • It also checks the validity of the ARQC by
    recalculating it using
  • the data transmitted in the authorization request
  • the secret key associated to that card
  • If the ARQC is validated, the card is considered
    genuine, and there is a guarantee that the
    transaction data has not been tempered with
    (amount, )

18
EMV contact transaction Online
  • Issuer host generates an authorization response
  • Response may include an Authorization ResPonse
    Cryptogram that authenticates the issuer and the
    issuer decision. The card may validate the ARPC
    before giving its final decision.

19
EMV contact transaction Online
  • Card authentication is based on DYNAMIC data
    (ARQC) generated by the card secret key
  • Card secret key cannot be retrieved from one card
    and duplicated onto another card

20
Introduction to NFC
  • What is Near Field Communication?
  • Short range wireless (lt4 cm) Low speed (lt424
    kbits/sec)
  • User friendly simple (no discovery, no pairing,
    just tap)
  • Passive capability (one of the devices can be
    unpowered)

NFC has 3 modes
1. Card Emulation allows a mobile phone to
simulate a physical contactless card 2.
Reader/Writer allows reading or writing
information to or from a passive tag/poster 3.
Peer-to-Peer allows bidirectional communication
between devices
21
Anatomy of an NFC Smart Phone
NFC phones contain special hardware NFC
hardware is supported by multiple cell phone
manufacturers
Secure Element
Secure Element Stores sensitive data (like
payment card information) NFC Controller Manages
traffic and RF signals NFC Antenna Collects
transmits the RF
NFC Controller
NFC Antenna
22
EMV contactless and NFC transactions Online
  • Contactless and NFC transactions offer the same
    level of security as contact transactions.
  • Contactless and NFC devices leave the field
    before the authorization response is received by
    the POS.
  • Issuer actions can be performed
  • Card during the next contact transaction
  • Mobile phone using the OTA (over-the-air) channel

23
Agenda
  • The changing POS payment environment
  • Mag-Stripe, EMV, NFC.
  • NFC - TSM ecosystem
  • NFC Payment examples
  • Conclusion

24
NFC Ecosystem
Bank, Transport Operators, Merchants
SP TSM Services
MNO TSM

MNO OTA Platform
Mobile Wallet
Consulting
SE Applications
UICC eSEs
Contactless Infrastructure
NFC Phone
Micro SDs
25
Functional block flow diagram
Personalization System
Tower
Phone
SP TSM
SE/MNO TSM
Wallet (UI)
(Contactless Spec For Reader App)
NFC
SE
Reader
Data Prep
Virtual Card
POS Terminal
Card Mgmt. System
Merchant Acquirer
Cardholder/ Authorization
Transactional System
26
Bank and Wireless Operator TSM architecture
27
SP-TSM and MNO TSMRoles and responsibilities
Payment TSM
SP global subscriber view
SP Security Domain management
SDSP
MNO TSM (Business Enabler)
MNO globalsubscriber view
Application provisioning and personalization
Lock unlock
Global SE control
X
SE handset replacement
Notifications
012...012
Single entry pointfor any TSM
Post-perso (top-up, counter reset )
Token management
End of life
28
Little bit more detail
Bank backend systems
Bank Mainframe / Account Management
NBE
Prepare and transfer mobile card input file
Gemalto Operation center
TSM Certified Zone
MNO TSM 1 (Business Enabler)
MNO 1 Backend System
Service Interface
PaymentTSM
Mobile EMV DP

GP TSM Messaging orAFSCM API
Post-issuance event from CMS or SVA / Customer
Service / Internet
Mobile Customer Workflow Manager

Notification of post-issuanceevents from
customer handset or MNO
MNO TSM 2 (Business Enabler)
MNO 2 Backend System
Authorization System
Key ceremonyPayment MKeyexchange
Post-issuance events from back-end (OTA channel)
Key Management
OTP / Authentication System
Real timetransmission of post-issuanceevent
from customer handset (OTA channel)
One-off provisioning
Key ceremonyCAP / Auth. Keyexchange
Recurrent flow
Alternatively supplied by3rd party
Mobile EMV DP
CustomerHandset
Controlling Authority
For GP2.2ASE only
29
Bank data is encrypted end-to-end during transport
SCP02 (for SD)
03.48 secure OTA
EMV Data
EMV Data
  • Confidential Card Content Management (CCCM of GP
    standards)
  • Guaranty the confidentiality of application code,
    commands and data exchanged OTA
  • Authorized Management
  • Levels for MNO and TSM SD separate in USIM
  • Enables a TSM to create new SD, download
    personalize applications in total freedom

30
Agenda
  • The changing POS payment environment
  • Mag-Stripe, EMV, NFC.
  • NFC - TSM ecosystem
  • NFC Payment examples
  • Conclusion

31
ISIS mobile Card Payment Flow In-store
transaction
VISA MasterCard Amex Discover Network
Issuing bank
Merchant acquirer
2
1
3
Card Present Transaction
In-store POS (Merchant)
32
Google Wallet V2 In-store transactionGoogle
becomes Issuer Merchant
VISA MasterCard Amex Discover Network
MasterCard Network
Linked Card Issuing bank
Merchant acquirer
Card Present Transaction
2
3
Card Not Present Transaction
5
4
ISSUER
MERCHANT
Google Cloud
In-store POS (Merchant)
Wallet ID
Bank CMS DB Wallet ID (Google VC MC) vs Linked
cards
Issuer Authorization Host
Merchant Acquirer Host
33
Conclusion
  • EMV infrastructure is much more secure than the
    existing mag-stripe card infrastructure.
  • NFC mobile payment leverages existing EMV POS
    methodology to enhance mobile payment security
  • Payment risk ownership will be predicated on the
    back office model adopted by the mobile provider
    Issuing bank

34
Technology in Retail Payment Innovations
  • Jack Jania
  • SVP Gemalto
  • Jack.Jania_at_gemalto.com
  • October 2012

35
Gemalto (NYXgto.pa) secures the lives of
billions of people in payments, mobile,
governments/military corporations
  • 2.1 billion revenue 2011
  • Innovation
  • 14 RD centers worldwide
  • 1,500 engineers
  • 107 inventions first filed in 2011
  • 1,200 patent families
  • Global footprint
  • 15 production centers
  • 28 personalization facilities
  • 74 sales marketing offices
  • Experienced team
  • 10,000 employees
  • 100 nationalities
  • 43 countries

Regional revenue
Write a Comment
User Comments (0)
About PowerShow.com