Stop in the name of EMV! Is merchant regulation breaking your heart? April 4, 2017
Introductions Ana Chandler AVP, Treasury Management Sales Julie Fairbanks VP, Merchant Sales William (Bill) Rogers VP of Sales, Government Solutions 2
What began with one Houston location and $50 million in assets 25 years ago is today Amegy Bank with $14 billion in assets in addition to $11 billion in assets under management. About 2,000 employees work across nearly 80 banking centers in the greater Dallas, Houston, and San Antonio metropolitan areas. We specialize in banking privately owned businesses of all sizes and public companies in all industries with additional focus on real estate, energy, and international. As a member of Zions Bancorporation, Amegy Bank is large enough to provide competitive products and services, yet it is small enough for the townships and bankers to experience the intimacy that comes from a close banking relationship. 3
First Data is the largest merchant acquirer, issuer processor, and independent network services provider in the world, enabling businesses to accept electronic payments; helping financial institutions issue credit, debit and prepaid cards; and routing secure transactions between them. In 2015 they processed 79 billion transactions globally, or over 2,500 per second, and processed 28% of the world s ecommerce volume. In the United States, they handled $1.7 trillion of payment volume, accounting for nearly 10% of U.S. GDP last year. First Data manages its own authorization platforms and does not outsource this process to any third parties. 4
Agenda Past Provide an explanation of EMV and its impact on fraud in Europe. Present Discuss EMV regulation and slow adoption of merchants and resistance of consumers. Future Predict what the future holds for EMV and what to expect in new fraud trends. 5
Where did EMV come from and how has it changed the fraud landscape in Europe? Ana Chandler AVP, Treasury Management Sales 6
What is EMV? EMV stands for Europay, MasterCard & Visa. EMV is a global standard for card payments utilizing a secure chip that is imbedded within the card. Card types include credit and debit cards, open-looped prepaid cards, and ATM cards. Fico.com, EMV Adoption And Its Impact On Fraud Management Worldwide 7
How did EMV get started? Created by Europay International in 1991 A European study on card authentication method was driven by the European Council for Payment Systems. Conclusion The only effective way of addressing card fraud was to move toward chip card technology. Technical development drivers consisted of four building blocks that were presented to Europay, MasterCard & Visa. 1. Difficulty mitigating counterfeit cards as well as lost and stolen cards 2. Signature verification - not an effective method 3. Authorization via telecommunications - expensive 4. Multi-application multiple payment cards on one piece of plastic Bankinfosecurity.com, The History of EMV 8
Magnetic Stripe vs Chip Card Traditional cards store unchanging data. Card compromise exposes sensitive information. Example of a magnetic stripe card transaction: B370261765230537^71171 VALUEDCUSTOMER00007^1309101091099116 370261765230537=130910109109911600007 9
Magnetic Stripe vs Chip Card Chip card creates a unique transaction code for each purchase that cannot be used again. The chip makes counterfeit cards impossible to use again and again. Example of a chip card transaction: 00 A4 04 00 0E -31 50 41 59 2E 53 59 53 2E 44 44 46 30 31 6F 24 84 0E 31 50 41 59 2E 53 59 53 2E 44 44 46 30 31 A5 12 88 01 01 5F 2D 08 65 73 65 6E 66 72 64 65 9F 11 01 01 90 00 00 B2 01 0C 00 70 2A 61 28 4F 07 A0 00 00 00 04 10 10 50 0A 4D 43 52 44 43 52 45 44 49 54 87 01 01 9F 12 0D 43 52 45 44 49 54 4F 44 45 4D 43 52 44 90 00 00 B2 02 0C 00 No data6a 83 00 A4 04 00 07 -A0 00 00 00 04 10 10 6F 32 84 07 A0 00 00 00 04 10 10 A5 27 87 01 01 9F 38 12 9F 1A 02 9F 33 03 9F 40 05 9F 1B 04 9F 09 02 9F 35 01 5F 2D 08 65 73 65 6E 66 72 64 65 9F 11 01 01 90 00 80 A8 00 00 13-83 11 08 40 E0 B0 C0 D0 00 F0 A0 00 00 00 00 00 00 01 22 80 0E 5C 00 08 01 01 00 10 01 03 01 18 01 03 00 90 00 00 B2 01 0C 00 70 3E 5F 20 0F 4D 43 52 44 20 46 55 4E 43 54 49 4F 4E 41 4C 57 11 51 05 10 51 05 10 51 00 D1 01 22 01 01 23 45 67 89 9F 1F 16 30 31 30 32 30 33 30 34 30 35 30 36 30 37 30 38 30 39 30 41 30 42 90 00 00 B2 01 14 00 70 0E 5A 08 51 05 10 51 05 10 51 00 5F 34 01 01 90 00 00 B2 02 14 00 70 4C 8C 17 95 05 9B 02 9F 02 06 9F 03 06 9F 1A 02 5F 2A 02 9A 03 9C 01 9F 37 04 8D 19 95 05 9B 02 8A 02 9F 02 06 9F 03 06 9F 1A 02 5F 2A 02 9A 03 9C 01 9F 37 04 9F 0E 05 00 00 00 00 00 9F 0F 05 F0 20 04 98 00 9F 0D 05 F0 20 04 00 00 90 00 00 B2 03 14 00 70 39 5F 25 03 95 07 01 5F 24 03 10 12 31 5F 28 02 08 40 9F 07 02 FF C0 8E 12 00 00 00 00 00 00 00 00 41 03 42 03 5E 03 43 03 1F 00 9F 08 02 00 8C 5F 30 02 02 01 9F 42 02 08 40 90 00 00 B2 01 1C 00 70 65 8F 01 97 90 60 24 0E 0E A6 D2 1E 65 52 B2 ED 3F AD C2 F1 D2 80 D1 AD 91 3E 62 2E 2C 35 21 AA DF 2A 47 B3 AC F6 6B 67 1D 4B 12 36 81 9A D1 B1 FA 9F A6 AC DE 38 66 5B 6B DE 53 C3 80 A1 53 16 9A BA AB 94 83 90 2F B7 63 E9 EA A7 AB 27 8A 5D 39 D3 A5 0E 15 98 B8 4C 22 13 9D 43 A7 48 6F 71 AA 0E C3 90 2D 26 90 00 00 B2 02 1C 00 70 1A 9F 32 01 03 92 14 CF B8 D4 88 5D 96 09 67 17 9F 98 2D 42 CE 54 EC C2 05 46 83 90 00 00 B2 03 1C 00 70 52 93 50 11 0B B9 DF 2D 21 98 19 06 B2 9A 30 14 11 F9 FA 60 CF 49 4D BA BA BF 54 B1 79 7C 9C 4B 5D 99 B5 E6 7A B7 30 49 E7 71 FC 5F DC 23 E5 83 50 B7 81 00 53 24 D3 1D C8 7A D0 FB F6 36 73 38 08 05 6D 66 07 46 32 71 1E 7C BF 14 07 37 96 E1 B6 0D 4D 90 00 80 CA 9F 17 00 9F 17 01 03 90 00 00 20 00 80 08-24 12 34 FF FF FF FF FF No data 90 00 80 AE 80 00 1F -40 80 00 80 00 C8 00 00 00 00 00 10 00 00 00 00 00 00 00 08 40 08 40 06 01 30 00 90 86 27 40 77 1E 9F 27 01 80 9F 36 02 45 67 9F 26 08 CA 3C A2 03 D2 6C 67 7B 9F 10 07 06 01 1A 03 90 00 00 90 00 80 AE 00 00 21-40 80 00 80 00 E8 00 35 31 00 00 00 00 10 00 00 00 00 00 00 00 08 40 08 40 06 01 30 00 90 86 27 40 77 1E 9F 27 01 00 9F 36 02 45 67 9F 26 08 01 B7 8D 05 86 AC E4 F8 9F 10 07 06 01 1A 03 60 00 00 90 00 Counterfeit card fraud has dropped by 43%! 10
Impact in Europe France 2003-2011 11
Impact in Europe Australia 2006-2012 12
Impact in Europe United Kingdom 2001-2012 13
EMV Regulation as of October 1, 2015, and It s Financial Impact to Merchants Should you adopt the new changes? What does it mean if you don t? Julie Fairbanks VP, Merchant Services 14
What does this mean to you as a merchant? Consequences: As of October 1 st 2015, liability is with the merchant. As the merchant, you will be held liable for any fraudulent transactions. Penalties in the form of regulatory fines Legal fees Enhanced reporting requirements Enforced discounts or free services passed down to consumers/buyers - Arby s example 15
US Adoption Challenges Manufacturers were slow to activate EMV technology causing anxiety among merchants who had already purchased new equipment. The approval process at POS is slow and confusing to use. Equipment is costly and implementation too time consuming. Chargebacks are out of control. 16
The Positive Side EMV use is predicted to rise in 2017. Visa & MasterCard recognized the need to develop faster processing time. Visa states that 46% of their card-present merchants are chip-enabled. In November 2016, Visa reported 359% increase of chip card transactions since the prior year. Processors are continuing to develop new EMV technology. EMV is working! MasterCard released a 54% decrease in fraud in 4Q 2016. 9 out of 10 Americans use chip cards (38% increase during 2016). 17
Equipment 18
What does the future hold for EMV? William (Bill) Rogers VP of Sales, Government Solutions 19
A Look Into the Future Card-Not Not-Present Online fraud is increasing. There was a 31% increase in CNP fraud attempts during 2016 holidays in the US as fraudsters moved from cardpresent fraud to card-not-present and mobile fraud. Dual-Interface Cards These are cards that are both contact and contactless. 20
More EMV Regulation to Come EMV Liability Shift for Automated Fuel Dispenser in October 2020 The new 2020 date only applies to outside pumps; in-store sales are still subject to October 2015 liability shift. Visa has two important differences: Counterfeit liability on non-us EMV cards will still shift in October 2017. Visa will expand its current Fraud Monitoring Program to mitigate counterfeit fraud between October 2017 and October 2020. 21
Closing Comments EMV is a marathon, not a sprint. Meet with your provider and discuss implementing EMV card readers. EMV certifications are complicated, but efficiencies are being realized. The chargebacks post-emv liability shift are real; review chargebacks daily and utilize provider systems to the fullest. Criminals will find the path of least resistance through late adopters; as the population of non-emv locations dwindles, the criminals will concentrate on non-emv locations. Don t be a target! 22