Personal authentication using multiple palmprint representation
Improving the customer authentication experience and ...
-
Upload
khangminh22 -
Category
Documents
-
view
0 -
download
0
Transcript of Improving the customer authentication experience and ...
| Presentation Title | Month XX, Year1 Not for further distribution
Improving the customer
authentication experience and
delivering PSD2 solutions with the
next generation of Verified by Visa
28TH June 2017
| Presentation Title | Month XX, Year2 Not for further distribution
This presentation is furnished to you solely in your capacity as a customer of Visa Inc. and/or a participant in the Visa
payments system. By accepting this presentation, you acknowledge that the information contained herein (the
“Information”) is confidential and subject to the confidentiality restrictions contained in Visa’s operating regulations and/or
other confidentiality agreements, which limit your use of the Information. You agree to keep the Information confidential
and not to use the Information for any purpose other than in your capacity as a customer of Visa Inc. or as a participant in
the Visa payments system. The Information may only be disseminated within your organization on a need-to-know basis to
enable your participation in the Visa payments system. Please be advised that the Information may constitute material non
public information under U.S. federal securities laws and that purchasing or selling securities of Visa Inc. while being aware
of material non public information would constitute a violation of applicable U.S. federal securities laws.
Disclaimer:Case studies, research and recommended practice recommendations are intended for informational purposes only and
should not be relied upon for marketing, legal, technical, tax, financial or other advice. When implementing any new
strategy or practice, you should consult with your legal counsel to determine what laws and regulations may apply to your
specific circumstances The actual costs, savings and benefits of a card program may vary based upon your specific
business needs and program requirements. Visa makes no representations and warranties as to the information contained
herein and member is solely responsible for any use of the information in this presentation in connection with its card
programs
©Visa 2016. All rights reserved.
Notice of confidentiality
| Presentation Title | Month XX, Year3 Not for further distribution
Agenda
- Welcome and introduction
- Update on PSD2 requirements for Strong Customer
Authentication
- The new generation of Verified by Visa: VbV 2.0
- VCAS
- Question and answer session
| Presentation Title | Month XX, Year4 Not for further distribution
Update on PSD2 requirements for Strong Customer Authentication
| Presentation Title | Month XX, Year5 Not for further distribution
PSD2 - Commercial and business impacts
Open Competition• Open API
• New players - e.g. PISP’s, AISP’s
Payment security• Strong authentication mandatory
• Exemptions
• EBA to provide RTS
Consumer protection• 50 euro liability
• Refund next business day
• Limits to surcharging
1
2
3
| Presentation Title | Month XX, Year6 Not for further distribution
• Issuers will have to
support an SCA
solution
• Acquirers will have
to support payment
systems that allow
SCA
Eco
mm
erc
ePSD2 will drive changes for payment service providers
The use of two or more of the
following elements:
• something a customer knows
– e.g. password / PIN
• something a customer has
e.g. key material
• something a customer is e.g.
fingerprint / voice recognition
What is SCA?(strong customer authentication)
| Presentation Title | Month XX, Year7 Not for further distribution
TRA is recognised as a
valid form of exemptions
to the SCA mandate
TRA will be allowed for
Issuers and Acquirers
(merchants) within certain
limits and subject to strict
monitoring requirements.
Eco
mm
erc
e
PSD2 will drive changes for payment service providers
Reference Fraud Rate (%) for
EUR
Remote card-
based payments
Credit transfers
250-500 0.01 0.005
100-250 0.06 0.01
0-100 0.13 0.015
• Transaction Liability
• Sits with the entity that triggers the
SCA exemption
• Regulations to confirm if the Issuer
has the final decision
| Presentation Title | Month XX, Year8 Not for further distribution
Final Draft – Other new exemptions
• Exemption for remote low value payments – EUR 30 (instead of EUR 10) – Cumulative amount of EUR 100 or 5 transactions
• “White lists” of trusted beneficiaries – applicable to all payments*
• MOTO, recurring (apart from first transaction) and “one leg out” transactions are out of scope
NB : Commission can still make changes to the draft RTS before they are finalised. *There is still some uncertainty about whether this covers cards
| Presentation Title | Month XX, Year9 Not for further distribution
Next steps (provisional timeline*)
February 23
RTS Submitted by the EBA to the Commission
By end of May
Commission either adopts RTS or proposes amendments
By end of October 2017
RTS Scrutinised by Council and Parliament
By December 2017
Publication into official journal of the EU
Mid 2019?
Entry into force
EBA considers proposed amendments and issuer formal opinion within 6 weeks
*timeline presented assumes that RTS not sent back to EBA. If this occurs then timeline is extended
| Visa 3-D Secure | 201711
The Authentication Challenge: High abandonment rates
Cardinal Commerce estimation is based on large merchants implementation (mainly USA and UK).
* Predominant challenge method in the market ©Visa 2016. All rights reserved.
6.1%
8.6%
5.1% 4.7%
13.8%
6.4%
2.7%
0.0%
2.0%
4.0%
6.0%
8.0%
10.0%
12.0%
14.0%
1 2 3 4 5 6 7
Series1
SMSOTP
mTAN BankID BankIDVarious RBA
Source: Cardinal Commerce and Acquirer interviews
SMSOTP
Challenge method by market*
VbV abandonment rates by country
| Presentation Title | Month XX, Year12 Not for further distribution
VbV 2.0 will deliver key improvements• Enhances issuer risk-based authentication capabilities and improves the user
experience across multiple form factors and use cases
Flexible Device and Channel Support VbV 1.0 VbV 2.0
▪ Browser-based authentication support ✓ ✓
▪ Mobile/application-based authentication support ✓
▪ Digital Wallet, Non-payment-based authentication ✓
▪ Support for future channels and form factors (i.e. MOTO) ✓
More Data for Authentication and Security VbV 1.0 VbV 2.0
▪ Payment-related data ✓ ✓
▪ Non-payment related data ✓
▪ Support for new and future authentication methods ✓
Improved User Experience VbV 1.0 VbV 2.0
▪ Capable of integration with the merchant experience ✓ ✓
▪ Removal of Activation During Shopping ✓
▪ Reduce the number of messages required ✓
limited expanded
limited expanded
expanded
| Presentation Title | Month XX, Year13 Not for further distributionVbV 2.0 In-app purchases | November 2016 | ChilliMint (Europe) Limited Confidential.13
Visa VbV2 Demo – available to download
https://invis.io/986QRLDPU
| Presentation Title | Month XX, Year14 Not for further distribution
The benefits VbV 2.0 brings
PSD2 Compliant solution
Improves Consumer Experience
Fraud reduction with RBA
Greater merchant control and visibility of cardholder authentication experience
Expand authentication capability to mobile channel
Reduce friction and cart abandonment
Enhanced data for TRA (risk-based authentication)
Support new and future dynamic authentication methods (i.e. OTP, biometrics)
Step-up cardholder challenge for higher risk transactions
Greater exchange of data enhances approvals
€
| Presentation Title | Month XX, Year16 Not for further distribution
CardinalCommerce Overview
Payments ecosystem is becoming more complex
Improved interoperability for global stakeholders
Cloud-based technology platform is differentiated with powerful attributes
Cardinal’s IP and technology positions it to be the global platform for CNP authentication
• Cardinal provides a
centralized platform that
increases authorizations,
eliminates fraud and reduces
friction
• Seamlessly share more information from merchant/consumer to issuer
• Proactively manages fraud
• Increases authorizations/sales
• Enables regulatory compliance
• Omni channel, new solutions
• Centralized monitoring & control
• Big data analytics
• Flexible and extendable system
• Common customer interfaces
16
| Presentation Title | Month XX, Year17 Not for further distribution
CardinalCommerce SolutionsEnhanced Data Transfer
Payment Gateways
Merchant Acquirer Processor
Card Networks
Payment Authorization FlowIssuerMerchant
Authentication Infrastructure
What bank knowsWhat merchant knows
17
| Presentation Title | Month XX, Year18 Not for further distribution
Combing Visa and Cardinal Provides a New Perspective
• We use this information to help both issuers and acquirers formulate better strategies to authenticate cards and reduce checkout friction
• You control the decision process with a “white box” approach
More data means better decisions
Cardinal
Centinel
Merchant MPI
Card Network’s
Directory Servers
Payment
Gateway
Merchant
Shopping
Cart
Engage customer when required
| Presentation Title | Month XX, Year19 Not for further distribution
Where Are We Today?Improve authorizations with enhanced data
1. Risk Based Authentication
(RBA)
• Balancing security and convenience through robust risk-
based authentication
• Enabling the foundation for data driven decisions is key
2. Data Exchange • Tighter integration between merchants and issuers
provides more insight into good and bad transactions
• Stronger authorization performance and fraud detection
3. 3-D Secure 2.0 • EMV 3-D Secure 2.0 specification released in late 2016
• 3-D Secure 2.0 transactions expected in late 2017
4. What’s Next? • Visa and Cardinal are well positioned to support issuer
needs for risk-based and strong consumer
authentication capabilities in today and in the future
19
| Presentation Title | Month XX, Year20 Not for further distribution
Acquirer BIN
Acquirer Merchant ID
Card Expiry Date
Cardholder Account Number
DS URL
Merchant Country Code
Message Category, Extension, Type, Version
Purchase Amount, Currency, Date & Time
Recurring Expiry, Frequency
Browser User-Agent
IP address
Browser Time Zone
Cardholder Email Address, Home Phone Number, Mobile Phone Number, Work Phone Number
Cardholder Name
SDK App ID, SDK Encrypted Data, Ephemeral Public Key
SDK Reference Number, SDK Transaction ID
3DS Requestor URL
Browser Accept Headers
Cardholder Account Information (Account Age, Change, Password Change, Number of Transactions per Day / Year, Shipping Name Indicator,
Suspicious Activity, Payment Account Age etc.)
Cardholder Account Identifier, Billing Address
Cardholder Shipping Address
Transaction Type
Account Type
Browser Time Zone
DS Reference Number, Transaction ID
EMV Payment Token Indicator
Purchase Date & Time
Recurring Expiry, Frequency
Directory Server Reference Number, Operator ID, Transaction ID, URL
Address Match Indicator
Device Channel, Device Information, Rendering
Options Supported
Message Category, Type
Merchant Name
Merchant Country Code
Merchant Category Code
Merchant Risk Indicator (Delivery Timeframe, Re-order,
Pre-order, Gift Card)
3DS Requestor Authentication Information (Method), Challenge Indicator, ID, Initiated Indicator
3DS Requestor Name, Non-payment Indicator, Prior Transaction Authentication information
Installment Payment Data
Browser Java Enabled, Language, Screen Color Depth, Height, Width
Current Authentication Data Enhanced Authentication Data
Acquirer BIN
Acquirer Merchant ID
Cardholder Account Number
DS URL
Message, Extension, Version
Browser User-Agent More than
10XData
| Presentation Title | Month XX, Year21 Not for further distribution
Risk-based Authentication• Transaction is initiated by a participating merchant while the authentication method
and decision is made by the participating issuer
Cardholder enters account details
Merchant sends authentication request to issuer
Issuer authenticates cardholder using preferred authentication method
Issuer replies to merchant with authentication outcome
Merchant submits transaction for authorization with flag indicating authentication result
Only the riskiest transactions (typically <5%) are stepped up for cardholder verification. Visa’s ACS solution (VCAS) offers robust RBA capability 21
| Presentation Title | Month XX, Year22 Not for further distribution
VCAS Product FeaturesEnabling intelligent authentication decisioning and management
Risk-based Authentication
– Visa Authentication Risk Scoring Model
• Applicable for all payment brands
– Authentication Risk Rules Engine
• Configurable rule parameters
Multiple dynamic authentication methods
– Biometrics
– Token
– OTP (SMS, email, concurrent)
– Others
Flexible, easy-to-use, Portal for authentication management
– Query and access transaction details in real-time
– Create, test and publish authentication strategies (rules)
– Manage cardholder information in inquiries
22
| Presentation Title | Month XX, Year23 Not for further distribution
VCAS User PortalEasy-to-use applications
Dashboard
– Analytic dashboard available upon login to quantify high-level business metrics, i.e., transaction volume by authentication type, challenge rates (successful, failure), and more
CSR Manager
– Designed for Customer Service Representatives (CSR) to manage individual cardholder accounts (PAN)
– Block accts, mark transactions as good, fraud or undetermined, apply temporary authentication “pass”, access details, etc.
Rules Manager
– Created for fraud and cardholder management, allowing users to write, edit, test, and manage the rules based on a variety of situations. The rules can vary in terms of complexity and can be implemented in almost real-time environment
Reporting Manager
– Allows users to view, query and access transaction details in near real-time
– Reports available for download
•Administration and Configuration Manager
– Primary interface for users to configure, run and access various tools and features available within the portal
– The admin tool will allow the Portal Administrator to create new and manage existing users, look at activity and audit logs
23
| Presentation Title | Month XX, Year24 Not for further distribution
Online Portal: Rule Application
• Provides a managed service for rule setting and manipulation
• Online Rules Portal available
– Includes 15+ rule parameters for configuration
– Issuer self-managed
• Option to manage on issuer’s behalf
– Near real-time rule deployment
• Roll-back capabilities
• Supports Account and Values lists
• Test rules prior to publishing
| Presentation Title | Month XX, Year25 Not for further distribution
Online Portal: CSR Application • Multi-leveled approach
(Hierarchy)
• Permission Based
• Supports multiple user levels
• Look up full PAN
• Access to PAN history
• Block all activity on PAN
• Temporary Bypass
| Presentation Title | Month XX, Year26 Not for further distribution
Online Portal: Reporting
• Provides standard set of reports through the portal including, but are not limited to:
– ACS Transaction report
– Date filters
– Card number (PAN) files
– Time stamp details
– Order details
– Merchant Name
• Available in portal or via SFTP
• Monthly is standard
| Presentation Title | Month XX, Year27 Not for further distribution
Summary
- Customer Experience is EVERYTHING. VbV 2.0 is designed
to create secure frictionless authentication for remote
payments and is optimised for mobile devices
- The additional data in VbV 2.0 supports RBA/TRA, helping
reduce fraud and comply with PSD2
- Make sure VbV2.0 is in your technology roadmap and start
your implementation planning now
- VCAS is designed to support Issuers in delivering a fully
PSD2 compliant and optimised authentication solution
| Presentation Title | Month XX, Year28 Not for further distribution
Questions
Meet the panel:
• Mark Austin, Director of Digital Product Solutions, Europe
• Bruce Poore, Senior Vice President, Global Financial
Institution Services, CardinalCommerce Corporation
• Guido Mangiagalli. Head of Authentication, Europe
• Caroline Birchinall, Head of Verified by Visa, Europe