EMVCo – Advancing Chip Standards for the Global Payments ...
-
Upload
khangminh22 -
Category
Documents
-
view
4 -
download
0
Transcript of EMVCo – Advancing Chip Standards for the Global Payments ...
EMVCo –Advancing Chip Standards for the Global Payments Industry
Brian Byrne – EMVCo Board of Managers
4 May 2011
Agenda
• Introduction to EMVCo
• Mission & Roles
• 2011 Priorities: Contactless & Mobile
Copyright © 2011 EMVCo 2
EMVCo’s scope and participation have evolved over time in response to emerging payment, technology, and industry needs.
Scope and Participation
Next?
EMV Spec
Interoperability Management
Contactless& Mobile
Terminal TypeApproval Process
CCD/CPASpecs & CardType Approval
Scope
Copyright © 2011 EMVCo 3
Next?JCBJoins
AmericanExpressJoins
WorkingGroupsExpanded
Contactless & Mobile
Task Forces
ExpandedIndustry
Participation
Board ofAdvisorsEuropay,
MCW, &Visa
Participation
EMVCo Structure & Stakeholders – 2011
Technical and
Operations Focus
Executive Committee
Business Focus
Board of Advisors
Secretariats
Board of Managers
Working Groups
Copyright © 2011 EMVCo 4
Board of Advisors Working Groups
Security
Card and Terminal
Terminal Approval
Contactless
Card Approval
Security Evaluation
Inter-operability
MobilePayments
Business Associates
Subscribers
Technical Associates
Task ForcesTask Forces
EAP Associates Programme Participants^
Business Associates (26)
ABN AMRO Bank ANZ APCA* Atos Origin
Bancomat BoC Credit Card* BPCEBundesverband deutscher
BankenCartes Bancaires*
CIELO Credit Mutuel Discover*
EFTPOS Payments Australia Ltd.
EPC Equens SE EURO 6000, S.A.
Interac* Moneris Solutions* PASA Paymark Limited
RBS Worldpay SERMEPA SIASSB SRC Research*
Copyright © 2011 EMVCo 5
RBS Worldpay SERMEPA SIASSB SRC Research*
Swedbank UK Cards Association*
Technical Associates (17)
APCA* BoC Credit Card* Cartes Bancaires* Discover*
Hypercom Infineon Technologies Ingenico Inside Secure
Interac* Moneris Solutions *NCR Financial Solutions
Group LimitedNXP Semiconductor
SRC Research* Smart Payment Association Verifone Walmart
UK Cards Assoc.*
^ Participation as of 1 May2011* Denotes Dual Associates: Registered as Technical and Business Associates
Mission
• To manage the EMV contact and contactless specifications to help facilitate worldwide interoperabilityand acceptance of IC-based payment instruments
• To maintain type approval
Copyright © 2011 EMVCo
• To maintain type approval processes for:
– Readers and Terminals compliant to the EMV Specifications.
– Cards compliant to Common Payment Application (CPA) Specifications
– Security evaluations of IC chips
7
Global, Regional & Domestic
Payment Systems
Sample Roles:
� Product Development
� EMV Mandates
EMVCo
Sample Roles:
�Managing EMV Specifications:� Contact� Contactless
Respective Roles: EMVCo & Payment Systems
Copyright © 2011 EMVCo 8
� Commercial Incentives (e.g. Interchange)
� Fraud Liability Shift Policy
� Issuer & Acquirer Related Policies
All are payment system-specific
� Contactless
� Perform type approval:� Readers & Terminals� CPA Cards� Security Evaluation of IC chips
�Monitor Market Interoperability� Now includes ESD and EMD
All are aligned across industry
EMVCo’s 2011 Standardisation Priorities
EMVCo continues its work towards a common contactless acceptance infrastructure for payments globally.
EMVCo’s cross-industry collaboration advances
Copyright © 2011 EMVCo 9
New maintenance release for core specification –EMV 4.3 incorporating bulletins issued – due second part of 2011.
EMVCo’s cross-industry collaboration advancescontactless mobile payments standardisation.
Contactless Acceptance – Background
• As the technology evolved, significant investments were made in deployment of different contactless solutions, which now enjoy a large installed base of cards and terminals.
• To broaden and accelerate the deployment of contactless payments, EMVCo can help further by standardising the existing contactless acceptance infrastructure and streamlining
Copyright © 2011 EMVCo 11
existing contactless acceptance infrastructure and streamlining the contactless type approval processes.
• The Entry Point design allows for the accommodation of regional solutions and the gradual migration to a common acceptance kernel
• EMVCo does have an agreed plan to develop a common contactless kernel. We are currently working within EMVCo and applying industry input to accomplish that goal.
• Goals: To streamline existing licensing and contactless type approval and to build a framework for future development
• EMVCo members licensed existing contactless terminal specifications and testing to EMVCo in 2010
Phase One: Streamline existing licensing and approval
Contactless Acceptance – Approach
Copyright © 2011 EMVCo
• Terminal Specifications Published: March 2011
• Terminal Testing and Approval: July 2011
12
Contactless Acceptance – Approach
• Feasibility study being conducted
• Common contactless kernel for online-only environments
Phase Two: Common online kernel
Phase Three: Common online/offline ECC kernel
Copyright © 2011 EMVCo
• Will address offline-capable environments
• Integration of new cryptography
13
Phase Three: Common online/offline ECC kernel
Mobile Payments – Background
• The future growth of contactless mobile payments technology relies on the existence of a standardised technical infrastructure.
• Inter-industry cooperation is essential to avoid a fragmented approach to standardisation and the resulting limitations that this would bring.
Copyright © 2011 EMVCo
• EMVCo is developing payment specifications, testing and type approval processes for contactless mobile payments that ensure security and interoperability between ‘payment instruments’ (whether plastic cards or mobile devices) and terminals.
15
MPWG Guiding Principles
• User Choice– End user to have active control over when, where, and which payment ‘instrument/credential’ can be used: • Payment Brand, Financial Institution, type (User defined choice and priority)
• Choice and priority changeable by user at any time
• Issuer flexibility: – Secure Element form factor (UICC, embedded, removable memory card etc.)
Copyright © 2011 EMVCo 16
– Secure Element form factor (UICC, embedded, removable memory card etc.)
– One or more Secure Elements
• Traditional Standardisation Role:– EMVCo requires an approved Secure Element to host payment ‘instrument’
– Agreement on standardised and interoperable processes to manage payment ‘instrument/ credentials’ on Secure Elements
– Compatibility with existing contactless payments acceptance infrastructure• EMV Common Contactless Protocol Level 1
• PPSE
Mobile Payments – Handset Architecture
User Interface
Wide Area
Modem
Application Environment
Over-the-Air Personalisation & Provisioning
Payment Application Management
Copyright © 2011 EMVCo 17
Contactless Module
AntennaContactless Proximity payments
Mobile Payments – Domains of Activities
EMVCo Industry Orgs Payment Systems
Secure Elements
UICC Profiles
-Security Evaluation (new)
GSMA · ETSI GlobalPlatform
Approval (current)
Mobile DevicesHandset Requirements GSMA · ETSI
User InterfaceAAUI Specifications & Guidelines
Functional Specifications
Copyright © 2011 EMVCo 18
Contactless
Protocol
Specifications
-Compatibility Validation to EMV requirements
NFC Forum Approval (current)
Payment
Applications
PPSE Specification (contained in AAUI ) -Testing (future)
Payment System specific
Payment
Application Mgt.
GSMA and EPC M-Channel
Payment System specific
Personalisation
Provisioning
Existing Specifications as option
GSMA and EPC M-Channel
Payment System specific
Status of MPWG Development Efforts (1)
Public Documents Posted on EMVCo Site:
• EMVCo Mobile Payments Architectural Overview document to serve as architectural reference document for the MPWG and describes briefly EMVCo’s and various standards bodies’ roles in the contactless mobile payments ecosystem
• EMVCo Handset Requirements focusing on payment industry’s
Copyright © 2011 EMVCo 19
• EMVCo Handset Requirements focusing on payment industry’s specific requirements for NFC mobile payments capable handsets. – Effectively store, enable and manage payment applications
– Enable a degree of consistent user experience:
– Can be viewed along side the GSMA handset requirements
Status of MPWG Development Efforts (2)
Public Documents Posted on EMVCo Subscribers Site:
• EMVCo Profile for GP UICC Configuration Secure Elements, a payment industry specific profile based on GlobalPlatform’s development efforts
• EMVCo Application Management Specifications (Application
Copyright © 2011 EMVCo 20
• EMVCo Application Management Specifications (Application Activation User Interface) documents the necessary components facilitating selection and activation of the user’s choice of financial instrument to be used at the POS
To Learn More About EMVCo:
“A Guide to EMV”
To be published May 2011, this document provides an overview of everything EMV. Visit
Copyright © 2011 EMVCo
provides an overview of everything EMV. Visit www.emvco.com to download this document.
21
Participation Level Description
Level Qualifications /Requirements High Level Benefit Annual
Fees
Members • Commitment to global EMV interoperability • Significant responsibilities in EMV issuance/acceptance in multiple countries
• Responsible for final specs Capital & Resource investment
Board of Advisors
• Business Associates• Technical Associates (up to six seats, beginning 2011)
• Interaction with EMVCoExecutive Committee
N/A
Copyright © 2011 EMVCo
Advisors • Technical Associates (up to six seats, beginning 2011) Executive Committee
Business Associate
• Payment Service Providers • Committed to EMV deployment and interoperability • Interest in providing input to EMVCo’s strategic direction
• Seat on Board of Advisors• Company Subscriber benefits
$12,500
Technical Associate
• Industry stakeholders • Interest in EMVCo working group activities
• Quarterly workshops with WGs• Vote to elect up to six BoA reps• Company Subscriber benefits
$25,000
Subscriber • Company or • Individual
• Access to draft specs, User meetings & communications
$2,500$750
22