EMVCo – Advancing Chip Standards for the Global Payments ...

EMVCo –Advancing Chip Standards for the Global Payments Industry

Brian Byrne – EMVCo Board of Managers

4 May 2011

Agenda

• Introduction to EMVCo

• Mission & Roles

• 2011 Priorities: Contactless & Mobile

Copyright © 2011 EMVCo 2

EMVCo’s scope and participation have evolved over time in response to emerging payment, technology, and industry needs.

Scope and Participation

Next?

EMV Spec

Interoperability Management

Contactless& Mobile

Terminal TypeApproval Process

CCD/CPASpecs & CardType Approval

Scope


Next?JCBJoins

AmericanExpressJoins

WorkingGroupsExpanded

Contactless & Mobile

Task Forces

ExpandedIndustry

Participation

Board ofAdvisorsEuropay,

MCW, &Visa

Participation

EMVCo Structure & Stakeholders – 2011

Technical and

Operations Focus

Executive Committee

Business Focus

Board of Advisors

Secretariats

Board of Managers

Working Groups


Board of Advisors Working Groups

Security

Card and Terminal

Terminal Approval

Contactless

Card Approval

Security Evaluation

Inter-operability

MobilePayments

Business Associates

Subscribers

Technical Associates

Task ForcesTask Forces

EAP Associates Programme Participants^

Business Associates (26)

ABN AMRO Bank ANZ APCA* Atos Origin

Bancomat BoC Credit Card* BPCEBundesverband deutscher

BankenCartes Bancaires*

CIELO Credit Mutuel Discover*

EFTPOS Payments Australia Ltd.

EPC Equens SE EURO 6000, S.A.

Interac* Moneris Solutions* PASA Paymark Limited

RBS Worldpay SERMEPA SIASSB SRC Research*


RBS Worldpay SERMEPA SIASSB SRC Research*

Swedbank UK Cards Association*

Technical Associates (17)

APCA* BoC Credit Card* Cartes Bancaires* Discover*

Hypercom Infineon Technologies Ingenico Inside Secure

Interac* Moneris Solutions *NCR Financial Solutions

Group LimitedNXP Semiconductor

SRC Research* Smart Payment Association Verifone Walmart

UK Cards Assoc.*

^ Participation as of 1 May2011* Denotes Dual Associates: Registered as Technical and Business Associates

Global Deployment


Mission

• To manage the EMV contact and contactless specifications to help facilitate worldwide interoperabilityand acceptance of IC-based payment instruments

• To maintain type approval

Copyright © 2011 EMVCo

• To maintain type approval processes for:

– Readers and Terminals compliant to the EMV Specifications.

– Cards compliant to Common Payment Application (CPA) Specifications

– Security evaluations of IC chips

7

Global, Regional & Domestic

Payment Systems

Sample Roles:

� Product Development

� EMV Mandates

EMVCo

Sample Roles:

�Managing EMV Specifications:� Contact� Contactless

Respective Roles: EMVCo & Payment Systems


� Commercial Incentives (e.g. Interchange)

� Fraud Liability Shift Policy

� Issuer & Acquirer Related Policies

All are payment system-specific

� Contactless

� Perform type approval:� Readers & Terminals� CPA Cards� Security Evaluation of IC chips

�Monitor Market Interoperability� Now includes ESD and EMD

All are aligned across industry

EMVCo’s 2011 Standardisation Priorities

EMVCo continues its work towards a common contactless acceptance infrastructure for payments globally.

EMVCo’s cross-industry collaboration advances


New maintenance release for core specification –EMV 4.3 incorporating bulletins issued – due second part of 2011.

EMVCo’s cross-industry collaboration advancescontactless mobile payments standardisation.

Contactless Acceptance


Contactless Acceptance – Background

• As the technology evolved, significant investments were made in deployment of different contactless solutions, which now enjoy a large installed base of cards and terminals.

• To broaden and accelerate the deployment of contactless payments, EMVCo can help further by standardising the existing contactless acceptance infrastructure and streamlining


existing contactless acceptance infrastructure and streamlining the contactless type approval processes.

• The Entry Point design allows for the accommodation of regional solutions and the gradual migration to a common acceptance kernel

• EMVCo does have an agreed plan to develop a common contactless kernel. We are currently working within EMVCo and applying industry input to accomplish that goal.

• Goals: To streamline existing licensing and contactless type approval and to build a framework for future development

• EMVCo members licensed existing contactless terminal specifications and testing to EMVCo in 2010

Phase One: Streamline existing licensing and approval

Contactless Acceptance – Approach


• Terminal Specifications Published: March 2011

• Terminal Testing and Approval: July 2011

12

Contactless Acceptance – Approach

• Feasibility study being conducted

• Common contactless kernel for online-only environments

Phase Two: Common online kernel

Phase Three: Common online/offline ECC kernel


• Will address offline-capable environments

• Integration of new cryptography

13

Phase Three: Common online/offline ECC kernel

Mobile Payments


Mobile Payments – Background

• The future growth of contactless mobile payments technology relies on the existence of a standardised technical infrastructure.

• Inter-industry cooperation is essential to avoid a fragmented approach to standardisation and the resulting limitations that this would bring.


• EMVCo is developing payment specifications, testing and type approval processes for contactless mobile payments that ensure security and interoperability between ‘payment instruments’ (whether plastic cards or mobile devices) and terminals.

15

MPWG Guiding Principles

• User Choice– End user to have active control over when, where, and which payment ‘instrument/credential’ can be used: • Payment Brand, Financial Institution, type (User defined choice and priority)

• Choice and priority changeable by user at any time

• Issuer flexibility: – Secure Element form factor (UICC, embedded, removable memory card etc.)


– Secure Element form factor (UICC, embedded, removable memory card etc.)

– One or more Secure Elements

• Traditional Standardisation Role:– EMVCo requires an approved Secure Element to host payment ‘instrument’

– Agreement on standardised and interoperable processes to manage payment ‘instrument/ credentials’ on Secure Elements

– Compatibility with existing contactless payments acceptance infrastructure• EMV Common Contactless Protocol Level 1

• PPSE

Mobile Payments – Handset Architecture

User Interface

Wide Area

Modem

Application Environment

Over-the-Air Personalisation & Provisioning

Payment Application Management


Contactless Module

AntennaContactless Proximity payments

Mobile Payments – Domains of Activities

EMVCo Industry Orgs Payment Systems

Secure Elements

UICC Profiles

-Security Evaluation (new)

GSMA · ETSI GlobalPlatform

Approval (current)

Mobile DevicesHandset Requirements GSMA · ETSI

User InterfaceAAUI Specifications & Guidelines

Functional Specifications


Contactless

Protocol

Specifications

-Compatibility Validation to EMV requirements

NFC Forum Approval (current)

Payment

Applications

PPSE Specification (contained in AAUI ) -Testing (future)

Payment System specific

Payment

Application Mgt.

GSMA and EPC M-Channel


Personalisation

Provisioning

Existing Specifications as option

GSMA and EPC M-Channel


Status of MPWG Development Efforts (1)

Public Documents Posted on EMVCo Site:

• EMVCo Mobile Payments Architectural Overview document to serve as architectural reference document for the MPWG and describes briefly EMVCo’s and various standards bodies’ roles in the contactless mobile payments ecosystem

• EMVCo Handset Requirements focusing on payment industry’s


• EMVCo Handset Requirements focusing on payment industry’s specific requirements for NFC mobile payments capable handsets. – Effectively store, enable and manage payment applications

– Enable a degree of consistent user experience:

– Can be viewed along side the GSMA handset requirements

Status of MPWG Development Efforts (2)

Public Documents Posted on EMVCo Subscribers Site:

• EMVCo Profile for GP UICC Configuration Secure Elements, a payment industry specific profile based on GlobalPlatform’s development efforts

• EMVCo Application Management Specifications (Application


• EMVCo Application Management Specifications (Application Activation User Interface) documents the necessary components facilitating selection and activation of the user’s choice of financial instrument to be used at the POS

To Learn More About EMVCo:

“A Guide to EMV”

To be published May 2011, this document provides an overview of everything EMV. Visit


provides an overview of everything EMV. Visit www.emvco.com to download this document.

21

Participation Level Description

Level Qualifications /Requirements High Level Benefit Annual

Fees

Members • Commitment to global EMV interoperability • Significant responsibilities in EMV issuance/acceptance in multiple countries

• Responsible for final specs Capital & Resource investment

Board of Advisors

• Business Associates• Technical Associates (up to six seats, beginning 2011)

• Interaction with EMVCoExecutive Committee

N/A


Advisors • Technical Associates (up to six seats, beginning 2011) Executive Committee

Business Associate

• Payment Service Providers • Committed to EMV deployment and interoperability • Interest in providing input to EMVCo’s strategic direction

• Seat on Board of Advisors• Company Subscriber benefits

$12,500

Technical Associate

• Industry stakeholders • Interest in EMVCo working group activities

• Quarterly workshops with WGs• Vote to elect up to six BoA reps• Company Subscriber benefits

$25,000

Subscriber • Company or • Individual

• Access to draft specs, User meetings & communications

$2,500$750

22

Thank You!Visit www.emvco.com

Brian Byrne EMVCo Board of Managers

4 May 2011

EMVCo – Advancing Chip Standards for the Global Payments ...

Documents

Transcript of EMVCo – Advancing Chip Standards for the Global Payments ...