Credit Card Mess

Published on April 2017 | Categories: Documents | Downloads: 29 | Comments: 0 | Views: 125
of 27
Download PDF   Embed   Report

Comments

Content

The Mess that is Credit Cards

Blake Laufer Chief Technology Officer T2 Systems, Inc.

Today’s Roadmap

Defining the Mess Alphabet Soup Operational Options and Risk Alternative Payments

Motivation
Credit Card associations are concerned!
Fraud Identity Theft Business Model

In 2005…
Fees collected from merchants: $48.6 billion Average fee 2.2% per sale for Visa and MasterCard

An Unprecedented Event
December 2006: Visa holds a Payment Application Vendor Conference
83 companies attended 11 companies from the parking biz Complus Data Innovations Digital Payment Technologies Federal APD Hamilton Manufacturing IntegraPark Parkeon Scheidt & Bachmann SKIDATA T2 Systems VenTek Zeag USA

John Van Horn arranged meetings before and after the VISA conference for the parking industry attendees

Who’s Who in the Zoo?

Card Association Issuer Acquirer

Cardholder

Merchant

Transaction Authentication

Card Association Issuer Acquirer

Cardholder

Merchant

How the Benjamins Move

Card Association Issuer Acquirer

Cardholder

Merchant

Today’s Roadmap

Defining the Mess Alphabet Soup Operational Options and Risk Alternative Payments

Most Common Acronyms
CISP, SDP, DSOP, DISC
Individual security programs from Visa, MasterCard, American Express, and Discover. These have mostly been replaced by PCI DSS, however the terms are still floating around.

PCI DSS
Payment Card Industry – The association created by Visa, MasterCard, American Express, JCB, and Discover to set industry standards. Data Security Standard. The “digital dozen” items associated with providing data security.

YAA (Yet Another Acronym)
CVV2
Card Verification Value – This is a 3 or 4 digit number used for fraud prevention. It’s printed on the card, but not found in the mag-stripe.

More Acronyms (Payment)
ACH
Automated Clearinghouse – An inter-branch banking standard for handling large batches of small transactions.

HTTPS
Hypertext Transfer Protocol (Secure) – The technology used to ensure web page data can’t be snooped.

Gateway
Not an acronym, but a common term. It is the software or application that talks to a processor.

Even More Acronyms (Security)
AVS
Address Verification System – A system to ensure that the cardholder’s provided address matches the one on file.

PABP
Payment Application Best Practices – Guidelines to assist software developers and vendors to create secure payment applications.

QSA
Qualified Security Assessor – Any company approved to provide certification of PCI DSS compliance.

Today’s Roadmap

Defining the Mess Alphabet Soup Operational Options and Risk Alternative Payments

PCI DSS Compliance
PCI DSS (Payment Card Industry Data Security Standard) is a combination of two things:

Software used for transaction processing

Merchant’s supporting network and environment

PCI DSS Compliance

PCI Compliance Elements
1. Build and maintain a secure network 2. Protect card holder data 3. Maintain a vulnerability management program 4. Implement strong access control measures 5. Regularly monitor and test networks 6. Maintain an information security policy

Your Payment Gateway
What is a Gateway?
Merchant chooses gateway software to connect one (or more) Acquirers Acquirer

Authentication Options:
Dial-up (phone) Dedicated line (phone) Cellular data (wireless) Internet (agnostic)
Gateway

Merchant

Payments
Card Present versus Card Not Present
Card-not-present is considered at higher risk of fraud, so it carries higher fees

Signature Requirement
New rules allow transactions under $25 (and card present) to be processed without a signature.

Three Elements of Authentication
Any one of these alone is thought of as “weak” security. Two (or more) are considered to “strong” security.

Something you

Something you

HAVE

KNOW

Something you

ARE

CVV2: the Good, the Bad, and the Ugly
Good
A CVV2 code is a way of trying to ensure “something you know” in addition to “something you have”.

Bad
You only have the “something you know” when you have the “something you have”. So is it really a second security element?

Ugly
Fraudulent web sites collect and save this data anyway, sell it on the open market.

Biometrics? No thank you!
Biometrics
Using finger and palm prints, retina and voice scanning, facial and gait recognition…

Problems:
Not all biometrics are unique (example: twins have the same fingerprints) If compromised your biometric is invalid forever – and you can’t change it!

Today’s Roadmap

Defining the Mess Alphabet Soup Operational Options and Risk Alternative Payments

Credit Card Competition
The weakness of credit cards are creating opportunities for competitors:
Micropayment Aggregators Pay-by-cell PayPal Smart Cards, RFID, and “e-Wallet”

Micro-payment Aggregators
Aggregators attempt to group payments together to reduce transaction fees. Advantages
Reduced transaction fees Parker access to payment history Loyalty program

Disadvantages
Only provides value when there are multiple transactions on the same card within a given time Slight delay in settlement

Pay-by-Cell (PbC)
Advantages:
Augments usage of existing single-space meters (and other metering devices) No additional cost to the parking office to implement this offering (PbC company usually provides the signage and advertising). Works with multiple zones, rates and tariffs.

Disadvantages
Completely dependent on real-time wireless handheld enforcement.

PayPal
PayPal is the standard for “Internet” money.
End of 2006 there were 133 million accounts (most active) PayPal processes more transactions annually than American Express!

How PayPal works:
Online customer creates an account, puts money in the account using a credit card. Money is drawn from the account as the customer makes purchases online (or can draw off a credit card).

Recent expanded offerings:
Send money online Text to Buy Online debit card

Smart Cards, RFID, and e-Wallet
Smart Cards
Though capable of so much more, these are primarily being used as electronic wallets. Money is “loaded” onto the card electronically and debited with each use.

RFID tags are unique identifiers associated to a user’s account…
PayPass SpeedPass E-Z Pass

Questions

Thank You!

Sponsor Documents

Or use your account on DocShare.tips

Hide

Forgot your password?

Or register your new account on DocShare.tips

Hide

Lost your password? Please enter your email address. You will receive a link to create a new password.

Back to log-in

Close