EMV Chip Transactions - m-POS in Europe
EMV Chip Transactions
The use of magnetic stripe is still prevalent globally, and as a result, data elements such as the PAN and PIN must continue to be treated as sensitive data especially since PAN can be used to facilitate card-not-present fraud. In the future, as EMV becomes ubiquitous globally, the sensitivity of these data elements may decrease. However, EMV migrations are still ongoing in various markets around the world, and the use of magnetic stripe will continue for years to come. The core requirements for EMV terminals and acquirer host processing of chip transactions are contained in the MasterCard M/Chip Requirements, downloadable by MasterCard customers from MasterCard Online www.mastercardonline.com.
UNIQUE CHALLENGE
Due to open architecture and remote nature of mobile devices, there are important considerations to be made concerning transaction authorization, card authentication, transaction performance, and the security of the payment system public keys. BEST PRACTICES FOR MPOS SOLUTION PROVIDERS
The EMV level 2 kernel can be located on the mobile device, on the remote server, or split between both. Depending on the architecture, the location or locations chosen may negatively affect performance. MPOS solution providers should ensure that the architecture of their EMV solutions maintain transaction performance, and do not introduce significant latency, and therefore create a poor cardholder and merchant experience. MPOS solutions should be configured for online-only authorization. This affords the issuer better fraud management protection in this new acceptance environment. In instances wherethere is no available network connection, transactions should not be authorized offline. As all transactions will be authorized online, the issuer will perform online card authentication method (CAM). MPOS solutions that support PayPass M/Chip must support the offline card authentication method (CAM) as per PayPass rules and requirements. Offline CAM may be performed at the remote server, the mobile device, or both however the transaction performance must be maintained. If the mobile device is not capable of maintaining the integrity of the payment system public keys, then offline CAM cannot be supported on the mobile device. The MPOS solution provider must ensure that bogus keys cannot be inserted with malicious intent, and therefore MPOS solution providers should consider designs where the server verifies that the keys are correctly stored on the MPOS card reader accessory or the mobile device on a periodic basis.
BEST PRACTICES FOR MERCHANTS
When accepting EMV chip transactions, merchants are advised to only use MPOS solutions that have been approved by EMVCo (EMV Type Approval) and the MasterCard Terminal Integration Process (M-TIP). Mobile Point-of-Sale Solutions Liens partenaires : EMV Level 2 certification for m-POS EMV Level 2 hip and sign swiffpay certification Visa MasterCard mobile payment and m-POS Czech republic europe EMV Level 2 certification for m-POS EMV Level 2 certification for m-POS mobile payment and m-POS in Romania mobile payment and m-pos in Poland mobile payment and m-pos in Solvakia mobile payment and m-pos in Russia mobile payment and m-pos in Europe mobile payment and m-pos in Asia Security mobile payment and m-pos SwiffPay, mobile payment SwiffPay, mobile payment
The use of magnetic stripe is still prevalent globally, and as a result, data elements such as the PAN and PIN must continue to be treated as sensitive data especially since PAN can be used to facilitate card-not-present fraud. In the future, as EMV becomes ubiquitous globally, the sensitivity of these data elements may decrease. However, EMV migrations are still ongoing in various markets around the world, and the use of magnetic stripe will continue for years to come. The core requirements for EMV terminals and acquirer host processing of chip transactions are contained in the MasterCard M/Chip Requirements, downloadable by MasterCard customers from MasterCard Online www.mastercardonline.com.
UNIQUE CHALLENGE
Due to open architecture and remote nature of mobile devices, there are important considerations to be made concerning transaction authorization, card authentication, transaction performance, and the security of the payment system public keys. BEST PRACTICES FOR MPOS SOLUTION PROVIDERS
The EMV level 2 kernel can be located on the mobile device, on the remote server, or split between both. Depending on the architecture, the location or locations chosen may negatively affect performance. MPOS solution providers should ensure that the architecture of their EMV solutions maintain transaction performance, and do not introduce significant latency, and therefore create a poor cardholder and merchant experience. MPOS solutions should be configured for online-only authorization. This affords the issuer better fraud management protection in this new acceptance environment. In instances wherethere is no available network connection, transactions should not be authorized offline. As all transactions will be authorized online, the issuer will perform online card authentication method (CAM). MPOS solutions that support PayPass M/Chip must support the offline card authentication method (CAM) as per PayPass rules and requirements. Offline CAM may be performed at the remote server, the mobile device, or both however the transaction performance must be maintained. If the mobile device is not capable of maintaining the integrity of the payment system public keys, then offline CAM cannot be supported on the mobile device. The MPOS solution provider must ensure that bogus keys cannot be inserted with malicious intent, and therefore MPOS solution providers should consider designs where the server verifies that the keys are correctly stored on the MPOS card reader accessory or the mobile device on a periodic basis.
BEST PRACTICES FOR MERCHANTS
When accepting EMV chip transactions, merchants are advised to only use MPOS solutions that have been approved by EMVCo (EMV Type Approval) and the MasterCard Terminal Integration Process (M-TIP). Mobile Point-of-Sale Solutions Liens partenaires : EMV Level 2 certification for m-POS EMV Level 2 hip and sign swiffpay certification Visa MasterCard mobile payment and m-POS Czech republic europe EMV Level 2 certification for m-POS EMV Level 2 certification for m-POS mobile payment and m-POS in Romania mobile payment and m-pos in Poland mobile payment and m-pos in Solvakia mobile payment and m-pos in Russia mobile payment and m-pos in Europe mobile payment and m-pos in Asia Security mobile payment and m-pos SwiffPay, mobile payment SwiffPay, mobile payment
Labels: Business development director mobile payment Europe; swiffpay europe, m-pos EMV Level2, M-POS projects in Europe, mobile payment, mobile wallet, security on mobile payment
posted by Hugues Courcier at 9:18 AM
0 Comments:
Post a Comment
<< Home