340 likes | 346 Views
Learn about EMVCo and network tokenization, the future of e-commerce, and how it simplifies checkout experiences. Discover the benefits of network tokens, including increased security, control, and trust. Explore the concept of secure remote commerce and its role in eliminating the need for entering card details. Find out how network tokens improve authorization rates and how to optimize their utilization for better performance. Join us to unlock the potential of network tokenization in the world of payments.
E N D
One eCommerce Flow to Rule Them AllEMVCo and Network Token Performance Your source for payments education Joshua Karoly | Sr. Manager Global Payments | Netflix Swathish Ayyappan | Payments Partnerships Mgr. | Facebook Sunil Dixit | Product Manager | Adyen …
One tap vs 8 pages The experience gap today
There are already solutions in the market But they tend to be platform specific
ApplePay One click authentication, authorization, and entry of billing/shipping details But acceptance is platform specific and regionally spotty
So, how do we achieve the benefits of these payment methods more broadly?
Ubiquity matters Successful standards require recognizable brands that are consistent across the board
EMVCo - Where the card brands meet to agree EMV Chip 3D Secure 2.0 Network Tokenization Secure Remote Commerce
EMVCo protocols Unlocking the future of e-commerce with card scheme consortium technology Secure and Retain with Network Tokenization Authenticate with 3D Secure 2.0 Simplify with Secure Remote Commerce
Faster, familiar A new standard for checkout Merchant app PSP Checkout API Card scheme Merchant app
3DS 1.0 3DS 2.0
The End Goal Get the PAN off the card
Network Tokenization A more secure way to transmit account information
Network Tokens are PAN 2.0 Once the PAN is off the card and payments are initiated by SRC, the Network Token will be what merchants hold in their vault Always up to date More trust and control, so high auth-rate Flexible and acquirer agnostic
About PCI A Payment Token that is defined and used in accordance with the EMV Payment Tokenisation Specification and that exists outside of the Token Service Provider’s token data environment is not considered Account Data and is therefore not in scope for PCI DSS. Source: PCI Article 1326 - December 2015
Key Concepts EMVCo defined Payment Tokens, referred to as Network Tokens Token Service Provider (TSP): The network’s service which generates and maintains the EMV payment tokens provisioned by the card issuer Payment Token (Network Token): EMVco standard 16 digit payment token which can be mobile device-bound or “cloud” merchant card-on-file and replaces the card number for payments Cryptogram: EMVco standard, single-use “key” that unlocks a network token for a single eCommerce transaction Token Requestor: The “owner” of the network token - can be the mobile device, the merchant or the payment gateway / acquirer. The token requestor will have their own Token Requestor ID (“TRID”) Token Requestor Aggregator (TRA): The service provider with a direct-connection to card networks to request payment tokens and generate cryptograms
Merchant 05/2022 3456 05/2022 3456 05/2022 XXXX3456 05/2022 XXXX3456 10/2018 XXXX5678 10/2018 XXXX5678 12345…16 12345…16 12345…16 Lifecycle management No more invalid card / expiry date declines Token Aggregator
Network Tokenization A more secure way to transmit account information
Token Provisioning • Mastercard Readiness: • Mastercard is live in 30 countries • Top 10 Countries by Adyen volume: • US, Brazil, Sweden, Canada, Finland • Poland, Italy, Norway, Mexico, Taiwan • Provisioning success: • 17% by count / 14% by volume • Ubiquity expected by end of 2020
Token Provisioning • Visa Readiness: • Visa is live in 96 countries! • Top 15 Countries by Adyen volume: • US, UK, Brazil, Australia, Canada, Poland Norway, Russia, New Z’land, Singapore, Ireland • Germany, Denmark, France, South Africa • Provisioning success: • 34% by count / 28% by volume • Ubiquity expected by end of 2020
“Light” Token Model The fastest path to ubiquity by early 2020 Tokens provided “on behalf of” issuers Visa and Mastercard No lifecycle management features so no auth rate benefit, but… …no PCI burden
How to measure lift? Compare network token performance with “Good PANs” (without insufficient funds declines) Good PAN: can provision a token Bad PAN: fails token provisioning
Issuer Performance Spectrum Some issuers prefer network tokens, but some really don’t Caixa Bank Banco Itaucard
BIN-specific data Best-performing BINs with 10,000+ transactions
Network Token Optimization Utilizing network tokens to increase card authorization rates BIN-specific utilization Account updater integrated with provisioning Retry over PAN
The bottomline 1% approval rate lift over valid PANs 2-6% lift from lifecycle management
Thank you Joshua Karoly | Sr. Manager Global Payments | Netflix Swathish Ayyappan | Payments Partnerships Mgr. | Facebook Sunil Dixit | Product Manager | Adyen • … Don’t forget to submit your session evaluation!
Supplementary Slides For discussion as needed
Secure Remote Commerce Simplifying the checkout experience and eliminating PAN entry
The battle of the card scheme wallets Lack of a holistic solution leads to poor merchant (and thus consumer) adoption
Interoperability Handling the first few years as consumers and banks catch up Add my card Adding a card to SRC Scheme SRC System Issuer pushes all applicable cards into the SRC system Consumer manually adds card during checkout Consumer opts in, and card is individually pushed in
So, what should you do now? Nothing - wait until the standard is more mature and schemes begin mandating compliance with the banks
3D Secure 2.0 Authentication with conversion optimization in mind
December 2019 Global liability shift 3DS 2 (Visa and MasterCard) April 2019 EU liability shift 3DS 2(Visa and MasterCard)Biometrics deadline (MasterCard) 13 January 2016 PSD2 published 14 January 2018 PSD2 transpositions date in EU Late 2018 - Q2/Q3 2018 Market preparation EMVCo preparation 13 March 2018 Official publication RTS September 2019 Effective date for RTSSCA required in EU 3DS 2.0 Timeline During 2017 Discussions over RTSover Strong Customer Authentication December 2020 End of life 3DS 1 Q4 2018 - Q1 2019 Early adopter merchants and Issuers 2016 2021
3DS 2.0 New stronger, seamless authentication built into your app and web-sites In-app and integrated web experiences without redirects Biometric and OTP authentication Rich dataset shared ‘silently’ via API in the background Frictionless authentication with Risk-Based Authentication