Docstoc

Titel der Präsentation (PowerPoint)

Document Sample
Titel der Präsentation (PowerPoint) Powered By Docstoc
					Smart Payment Association bringing extra value to card issuers

Paris, November 15, 2005

Holger Ziegler, Director Indirect Sales & Partnerships, Payment Cards, Giesecke & Devrient

Agenda

 Purpose of Smart Payment Association / mission statement  SPA in the context of other payment organizations  Members  Current activities  Achievements  Conclusion
Smart Payment Association

Mission statement
 Accelerate move to chip card based payment application  Ensure optimized interoperability in EMV payment systems, especially for value-added applications

 Communicate on the value of smart cards in payment and associated value-added applications

Smart Payment Association

Why should a bank care
Security of investment  Additional Interoperability insurance  Access to use case Quality and security level  EMV cards are banking cards and therefore SPA works on maintaining very high levels Future  SPA: A group of industry players committed to continue investing in new developments

Smart Payment Association

Agenda

 Purpose of Smart Payment Association / mission statement  SPA in the context of other payment organizations  Members  Current activities  Achievements  Conclusion
Smart Payment Association

Positioning
Payment schemes, EMVCo  SPA’s aim is to be complementary to the payment schemes:

 EMVCo & schemes issue EMV specs.
 Industry works on their implementation.  SPA provides common voice regarding the interpretation of the issued specs to ensure that the specs are stable.  SPA can cover implementation part and associated field issues.  For value added non-payment applications:  Reference guides / white papers for banks to ease the implementation (needs for card holders, business cases …)
Smart Payment Association

Positioning (continued)
Eurosmart  SPA is specifically focused on payment and value-added applications.  For topics of broader interest (certifications, security), SPA working groups provide input for Eurosmart working groups. GlobalPlatform  Scope of GlobalPlatform is to enable a universal platform for cards & application management, cross industry wide.  GlobalPlatform does not address specifics of EMV applications.

Smart Payment Association

Agenda

 Purpose of Smart Payment Association / mission statement  SPA in the context of other payment organizations  Members  Current activities  Achievements  Conclusion
Smart Payment Association

Members
 Current members  Founders

 New

Smart Payment Association

Agenda

 Purpose of Smart Payment Association / mission statement  SPA in the context of other payment organizations  Members  Current activities  Achievements  Conclusion
Smart Payment Association

Working group structure

Marketing working group  Define card holder use cases  Define and describe added value applications  Compile business cases

if required*

Technical working group  Create specifications and test suites related to use cases  Ensure interoperability

* only, if gaps in existing specs need to be filled to cover use cases
Smart Payment Association

Working groups
Current permanent groups  Added-value services  Web authentication (white paper published in October 05)  Common personalization standard for value added services  Review of CPA specifications (proposal to EMVCo) Potential new working groups  Loyalty solutions  Contactless payment & smart cards  …

Smart Payment Association

Agenda

 Purpose of Smart Payment Association / mission statement  SPA in the context of other payment organizations  Members  Current activities  Achievements  Conclusion
Smart Payment Association

Just founded, SPA has already brought value to the industry

First achievements include:  Contribution to Eurosmart security and certification committees  Joint industry review of EMVCo‘s CPA draft specification with special focus on implementation and interoperability  White Paper on EMV authentication – for promotion towards issuers (download at www.smartpaymentassociation.com)

Smart Payment Association

The issue of authentication

The Need for strong authentication
Passwords are no more enough

« Passwords can no longer be the only way that computer users prove their identities to company computers or online accounts » Bill Gates, November 2004

Smart Payment Association

Need for improved online banking authentication
Increasing number of attacks
 Phishing
 Most larger banks were already targeted  MessageLab* alone intercepted 18 million Phishing mails in 2004  Did you receive phishing mails? Example: Germany
Never (41%) Yes, sometimes (14%) Yes, every week (12%) Maybe yes, but not sure (33%)
*”MessageLab intelligence Jahresbericht E-Mail-Sicherheit 2004” Source: Gewis Institut

 Targets mainly financial services



Malicious code (e.g. Trojan horses)
 Trojan horses steal online banking information  More dangerous / sophisticated than Phishing  Increasing number of attacks

 Password stealing malicious code unique applications
200 150

100

154
50

174

77

79

0

April

M ay

June

July

Source: http://www.antiphishing.org

Smart Payment Association

Need for improved online banking authentication (continued)
Loss of trust in online banking services
 Customers are reluctant to start using online banking services  Customers using online banking may return to branches again  Trend back to branch banking ?

?

 How save do you feel using online banking? (Germany)
Unpleasant feeling (16%) Feel save (2%) Sufficient security, but see room for improvement (82%)

 Implications for online banking activities in the US
Negative influence (30%) No influence (70%)
5 25

Stopped paying bills via online banking (5%) Log in less frequently (25%)

70

Source: Gewis-Institut

Source: http://www.gartner.com

Smart Payment Association

Right size of security and costs: different authentication mechanisms
High
34567

OTP auth. on chip cards



PKI in hardware

Security level

OTP lists
(e.g. on plastic cards)



Software certificates

Low Low
Smart Payment Association

Static passwords Cost of ownership High

EMV smart cards for authentication
 Same PIN as for payment possible

 Coexistent with EMV payment
application

Advantages:  Stronger & preserved brand image  Reduced fraud costs  Remove costly static password management  Safer environment for online business development  Market Differentiation Tool
Smart Payment Association

Smart Payment Association’s role in EMV authentication

Common promotion of one solution to card issuers  Additional interoperability insurance  No vendor lock-in

=> Accelerate the move to chip card based payment

Smart Payment Association

Agenda

 Purpose of Smart Payment Association / mission statement  SPA in the context of other payment organizations  Members  Current activities  Achievements  Conclusion
Smart Payment Association

What keeps you waiting?
Smart Payment Association

We help you to get started with EMV
Our commitment is to promote chip card-based payment applications, develop value-added application standards and interoperability, and ensure security and quality. Our transversal approach and unique expertise within the smart card industry will position the Smart Payment Association as an interface of choice for payment organizations.

Smart Payment Association


				
DOCUMENT INFO
Shared By:
Categories:
Tags:
Stats:
views:5
posted:11/4/2009
language:English
pages:23