Key Considerations in Launching Your EMV Program

Shoreline, a Gemalto company

Shoreline Confidential2

2,900R&D ENGINEERS

114NEW PATENTSFILED IN 2014

180+COUNTRIES WHEREOUR CLIENTS ARE

BASED

14,000+EMPLOYEES

116NATIONALITIES

$2.7bn2014 REVENUE

+2bnEND USERS

BENEFIT FROMOUR SOLUTIONS

The Payment Ecosystem Before EMV

3

4

EMV Standards: A 20 Year History

• Europay, MasterCard and Visa initiate the development of specifications for Integrated Circuit Cards aka the EMV spec1994

• The first version of EMV specifications is published1996

• EMVCo LLC is formed by Europay, Visa, MasterCard to manage, maintain and enhance the EMV™ Specification1999

• 2004: JCB joins EMVCo• 2008: The most recent version, EMV 4.2, is published• 2009: American Express joins EMVCo• 2013: Union Pay joins EMVCo

2000’s

Key Benefits of EMV

o Enhanced Payment Security Reduces the risks & costs relating to fraud

o Technology Platform for new payment channels Contactless Payment Mobile Payment eCommerce

o Global Interoperability

Shoreline Confidential5

• Secure chip stores payment information• Chip card authentication prevents

counterfeiting• Adds cardholder verification methods• Offers online or offline authorization

EMV chip cards use an embedded microprocessor for payment transactions

OUTSIDE INSIDE

CONTACT

One Technology = Three Consumer Payment Options

Shoreline Confidential6

Enter individual PIN

code. The cardchecks the PIN

stored on the card.The PIN may also be verified online.

Sometimes PINis omitted and a

signature is required.

CONTACT PAYMENT TERMINAL

CONTACTLESS PAYMENT TERMINAL

CONTACTLESS PAYMENT TERMINAL

NFC-enabled phone

2 inches

EMV contact –card is placed into a device that reads the data on the chip

EMV contactless payments –simply tap the card and pay securely

Mobile EMV = NFC mobile payments –provides secure mobile payments, increased loyalty and marketing options for issuers

EMV Adoption Map

7

?

The date is nearo October, 2015 – Fraud Liability Shift

The party that has made investment in the most secure EMV options is protected from financial liability for card-present fraud losses for both counterfeit and lost, stolen and non-receipt fraud on this date.

Bottom line: the weakest link in the EMV transaction chain is responsible for fraud

Shoreline Confidential8

Kaspersky Lab revealed that lost financial data ranged from $66,000 to $938,000 per organization, depending on the size of the firm. Meanwhile, the American Bankers Association took a look at losses after a major corporate breach and found that the average loss on a fraudulently used debit card was $331. (Source: http://www.information-management.com/)

Not a deadline or a mandate

• EMV is not solving card not present fraud by itself; limited exposure? CNP specific solutions are out there

Aftermath of Recent Data Breaches

9

o Breaches have created a tipping point in consumer and media perception of payment security.

o Securing the payment eco-system is now a matter of urgency.

US EMV Card Projections

2 925

255

575635

120

255300

2011 2012 2013 2014 2015 2016

Before Target Breach

After Target Breach

Shoreline Confidential10

%B5268xxxxxxxxxxxx^Smith/John^110120116604000000000000000000000?

;5268xxxxxxxxxxxx=11012011660400000000

o Static data stored on a magnetic stripe can be easily skimmed to make cloned cards

o No way to verify card authenticity–cloned cards are indistinguishable from the original

o Signature is a weak form of cardholder authentication

Why EMV?

Shoreline Confidential11

COPY = ORIGINAL

OriginalCounterfeit

000000000000000000083902014A200228830C8859DE1F37E74D8B657FB70D110108002C035400BA038001C0003200000E16181E20242A8488A8AEB2CADADC000000621C731008038400621C5A0808038400621C4108080384006216030003030000621DFA0008038400621F8804020480006214500002020000621084040204000062149500010480006205F5000604800062116D00030200006212610003028000621CAC0008038400621E6600080384000000000000000000000000000000000062196B0062017B0062049C006206930062073C0062097D00620A1800620A5E00620B3700620B3B00620E5F00620ECB00621EF50062218C006222350000000000000000000021E921AB21A721E521C2219E03800380043A0756075B07880C880080043A105A00C004BA185A057A5A000005FA005A000005FA005A05FA05FA00002020200005010100000110160600010000558988FFA0000000041010006200000000000000000000000000000014145A1000000351080000005A554E2003040000EA60004E200F0000000000000000000000000000000000067A0A16051316232636000000000000005A83C13175E543256125AB0EE34F54EAA431EA2AE557264CC12A1F6E868A268994000000000000000062E0D0833DB0F19D15DC4C706DE3BCAB0000000000000000A291D970A2C20DF76EE60E022CB646C100000000000000000000000000000000000000000000000000000000000000000000000000000000000000005AAD126F5A5A5A5A5A000000000000000000000000FF0100000000000000000100005B6373B15ABED28E130038FCE57D5A752AD9B0CF98F50000000000000000241234FFFFFFFFFF00000000000000000000000000000000000000000000000000FFFFFFFFFFFFFFFF50000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000A19F27019F02065F2A029A039F36029F520600000000000000000000000000000000000000000000000000000000D55502F60200D6550295029F1455029D019F235502AA0100CA5502970600CB5502A40600C45502FB0300C55502FE0300C35502F80300C95502910200D15502C3199F4F9503541100C85502930200945603042000825603010200C75502900100D35502DC1200D7550324039FA15502AB069FA25502BD0600CD55032A0300CE55032D0300CF5503270300DE9502740900D95603332000D8560330029FA75503530100DA5602F20200DB5602F40200DC5602EE0200DD5602F0028577C46B600E5D1ECC0FE9EB0F42B13E15FEA9F7479A0F3217C4BCD742108178D9FB07D11F32A2426098F1328BF92E6CCEF353D1FD4386C68DDD9B9EA1EEAB978E5B8B3074BB128D07F50B207148DEAAD0C034B755ED83A38BD82B2A74D69CE1E65F0B9E7454BE9224FB65AA859BEA5DFBBEAB631A51FB1F5F54E16F3934C8DFC833A6A110158BAE3217DEE096E409DD20FDFEF2EB6716CB23A71B42E318C23546F88BB9AECBF36390E569CBD1F5C5A3366CFDBAFBE54A29D4CC696DF2E60163D58950C8AF189BD38BEF90B0A9ED4E0039204F1300E4457551C440BFAF41EB52D98E916DAE7F1DDB3779187FC869DF8CF99E0114A77AF8AF0EFF5226D5CF2D4F9E8C2A50FF6B6FD1E4AEFA2C2308570DB429258FCEF9C40001761154F07A0000000041010500A4D41535445524341524400296F278407A0000000041010A51C500A4D4153544552434152448701015F2D02656EBF0C059F4D020B0A00000000

Why EMV?

o Chip dynamically communicates with authorization system or POS to guarantee Card Authenticity Cardholder Authenticity Transaction Authenticity

o Protects against Card Skimming Card Cloning Man in the Middle Attacks

Shoreline Confidential12

Original

Mag stripe data on a chip card is different than on a regular card;

if cloned or stolen the EMV enabled systems will not allow a non-EMV transaction

Three basic steps of an EMV transaction

o Verify the Card is Authentic

o Verify the Cardholder is Authentic

o Authorize the Transaction

Shoreline Confidential13

What is an EMV Profile?

o An EMV Profile is a set of rules and controls that determines how an EMV Chip Card will behave in the field

o Ingredients of an EMV Profile: Card and transaction authentication: Online vs. Offline Cardholder verification: Pin vs. Signature Usage type: Contact vs. Contactless Usage & Transaction Risk Limits

Shoreline Confidential14

Standard EMV Profiles

o Payment Associations have defined “off the shelf” EMV profiles to simplify the decision making process

o Payment processors will support some or all of these “off the shelf” profiles

o Debit profile examples VISA : U.S. Debit Personalization Profile for Online-Only Card, supports Durbin-compliant

Common AID, Signature preferring (VISA), Online PIN preferring (Debit Network)

MasterCard: Profile 35 in combination with 61 (common debit AID), online only, supports Durbin-compliant Common AID, Online PIN preferring

MasterCard: Profile 19 in combination with 61 (common debit AID), supports offline card authentication (C/DDA), supports Durbin-compliant Common AID, Online PIN preferring

Shoreline Confidential15

Try it yourself: http://www.mastercard.us/simplify_emv.html

Contact vs. Contactless

o Contactless EMV solves checkout speed issue

o Contactless EMV helps capture cash

o Contactless EMV increases cardholder stickiness translating to issuer top of wallet

o Contactless EMV creates a consistent consumer experience between card and mobile transactions.

Shoreline Confidential16

“Dip & Wait” nature of contact EMV is not in line with consumer & merchant expectation of immediacy & convenience

Apple Pay is driving merchant activation of contactless POS

Which chip card to buy?

Shoreline Confidential17

“The brand says we only need the 4k chip, but the personalization vendor continues to push the 10k and the instant issuance vendor says 12k. I have been getting the run around from all of my vendors.”

- a frustrated VP of payment solutions

o How Much Memory? 4k 8k, 12k

o What type of CVM?

SDA

DDA

CDA

What type of EMV Card should I Buy?

o What Payment Applications? VSDC 2.8.1am2s MChip Select MChip Advanced

o What Operating System? Java Multos Native

Shoreline Confidential18

Shoreline suggests a simpler approach

Shoreline Confidential19

o Type? Contact EMV Contact + Contactless EMV

o What EMV Profile? Visa US Debit Profile MasterCard Profile #X

o Quantity? 1,000 10,000

o Color of Module? Gold Silver (palladium)

o Shoreline is integrated & certified today for EMV Issuance with major processors

o Pre- Approved by payment associations

o Shoreline offers Gemalto cards which can support any standard EMV profile and facilitate a future proof roll out strategy

Shoreline suggests a simple approach

Shoreline Confidential20

EMV Card procurement and inventory considerations

o Lead times – 8-12 weeks for custom orders after design’s approval

o Cost vs. Volume vs. Minimum Order size

o EMV roll out strategy Friends and family pilot Natural re-issue, lost/stolen replacements Mass re-issue

o Chip (operating system + payment application) expiration dates Not related to card expiration Initial term – 3 years, with subsequent 1- or 3-year

renewal(s) Applies to

- Card manufacturer’s ability to sell- Issuer’s ability to issue (+12 months)

Shoreline Confidential21

Adapt Your Card Artwork to EMV – Proof and approval needed

o Shoreline offers 6 pin chips as standard for contact only cards

o Request a design specification sheet/mock card design

Shoreline Confidential22

We are #1 in Payment Cards

Shoreline Confidential23

Total Chip Card Shipments 2013Rank Manufacturer/Headquarters Millions

1 Gemalto Netherlands 2,178.0

2 Oberthur France 930.0

3 Giesecke & Devrient (G&D) Germany 875.1

4 Morpho Germany 680.0

5 Watchdata System China/Singapore 401.1

6 Bluefish Technology Denmark 319.0

7 Beautiful Card Taiwan 252.5

8 AB Card Group Turkey 191.7

9 Asia Credit Card Production China 179.0

10 Jing King Tech Holdings Hong Kong 148.5

11 Exceet Card Group Germany 143.0

12 COS Software Co. China 115.0

13 Goldpac China 101.2

14 DZ Card Thailand 99.0

15 Valid Brazil 98.5

16 HID Global United States 90.0

17 CPI Card Group United States 76.6

Payment Cards with Chipsvs. Mag Stripes Only (mil.) 2013

Chip Magnetic Stripe

Gemalto

Perfect

Oberthur

G&D

CPI

Valid

Morpho

AB Note

IntelCav

Note: Chip cards include Visa, MasterCard, American Express, JCB, and Maestro cards with mag-stripes as well as ATM-only and domestic-only debit cards, transportation cards, and other proprietary cards. © 2013 The Nilson Report

645/150

2/643

280/280

322/233

15/350

30/247

101/52

13/135

47/78

Experience Matters Scale Matters Global Presence Matters

william.tran@gemalto.com

QUESTIONS PLEASE

24 Shoreline Confidential