1 / 16

AITEC Banking and Mobile Money COMESA 2013

AITEC Banking and Mobile Money COMESA 2013. Nairobi, 12 September 2013. James Wainaina, Vice President and Area Business Head, MasterCard East Africa. Agenda. The MasterCard Story Card Security in East Africa Advancing Security, Advancing Commerce Role of Partnerships. The MasterCard Story.

lisle
Download Presentation

AITEC Banking and Mobile Money COMESA 2013

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. AITEC Banking and Mobile Money COMESA 2013 Nairobi, 12 September 2013 James Wainaina, Vice President and Area Business Head, MasterCard East Africa

  2. Agenda • The MasterCard Story • Card Security in East Africa • Advancing Security, Advancing Commerce • Role of Partnerships

  3. The MasterCard Story

  4. MasterCard Today 7,542employees 210countries and territories 35.9 million acceptance locations 34.2 billiontransactions US $3.6 trillion* gross dollar volume *This represents MasterCard-branded GDV, does not include Maestro or Cirrus All figures as of Dec. 31, 2012

  5. Four-Party Payment System ISSUER MERCHANT ACQUIRER CARDHOLDER

  6. Our Role Consumers want better ways to pay.We invent them. People have nobank accounts.We find ways to serve them. Checkout linesare too slow.We help themmove faster. Commutersare busy.We speed them on their way. Procurementis complicated.We make it simple.

  7. Card Security in East Africa

  8. Securing electronic payments Loss of revenue Banks reported US $17.52 million lost between April 2012 and April 2013 Kenyan National Payments Systems arm of CBK works to modernize and increase efficiencies of the nation’s electronic payments 77% of Kenyans willing to buy goods online Identity theft, electronic funds transfer, bad cheques, credit card fraud, loan fraud and online fraud are some methods used to orchestrate fraud Infrastructure Eliminating online and digital insecurities is key as more and more consumers become accepting of online payment channels Cyber security MasterCard Intelligence: MasterCard Online Shopping Survey 2012

  9. Advancing Security, Advancing Commerce

  10. Fraud management for more secure payments Industry Level Initiatives 1 • Developing industry standards with stakeholders • Partnering with government agencies • Enabling Strong Authentication: EMV (chip & pin), 3D Secure (MasterCard Secure Code) • Mandated Data Security: PCI-DSS Customer Level Fraud Management Initiatives 2 • MasterCard’s SAFE ( Issuing Bank confirmed reporting fraud to MasterCard) • ADC Account Data Comprise event management (between issuer and acquirer) • Fraud management reviews and fraud consulting services. • Cardholder & Merchant Fraud Prevention Education (Academy, website, conferences). • Excessive Chargeback Program (ECP): 3 MasterCard Fraud Management Solutions, Products and Services • Expert Monitoring Solutions • Global Merchant Audit Program (GMAP) • Bin Blocking Services • SIS Master Card stand in facility • FRM (ATM covering prepaid and debit)

  11. EMV / MasterCard Certification • MasterCard Terminal Integration Process (TIP) • Check that a Chip terminal meets MasterCard brand requirements TIP must happen before a terminal can be deployed • MasterCard Terminal Quality Management (TQM) • while EMV L1 tests one or two readers this checks that the 200th, 200Kth and 2 millionth devices that are produced are the same as the first! If the MPOS features Chip then it must have a TQM certificate • EMV Compliance testing has two levels: • EMV Level 1, which covers physical, electrical and transport level interfaces, (i.e. the hardware) and • EMV Level 2, which covers payment application selection and credit financial transaction processing (i.e. the software) If the MPOS features a Chip Reader then both EMV certifications must be in place    Note: Acquirer compliance requirements remains the same as in the case of regular EDC terminal

  12. PCI Certification • PCI Point to Point Encryption Standard (P2PE) • Secure encryption of payment card data at the point-of-interaction (POI) Not currently a requirement of MasterCard Rules, however it is an MPOS Best Practice • PCI Payment Application Security Standard (PA-DSS) • Secure payment applications, when implemented into a PCI DSS-compliant environment, will help to minimize the potential for security breaches leading to compromises . • PCI Data Security Standard (PCI DSS) • the standard was created to increase controls around cardholder data to reduce card fraud via its exposure If card data is being handled, stored, routed then PCI DSS certifications must be in place • PCI PIN Transaction Security Standard (PTS) • was specifically designed to protect consumer PIN data from theft. It is also intended to enforce hardware security of devices that accept consumer PINs and house secret encryption keys of the acquirer If the MPOS solution can accept consumer PINs, then PCI PTS certifications must be in place BP   https://www.pcisecuritystandards.org BP = MasterCard Best Practice

  13. MasterCard mPOS Program – Some best Practices Service Providers • Securing MPOS Payment Applications • PCI SSC is not certifying MPOS payment applications that reside on multi-purpose, consumer mobile devices (referred by PCI SSC as a Mobile Payment Acceptance Application Category 3). • MCW recommends – secure coding / secure software updates / process for handling lost & stolen devices / remote disablement • Securing Transaction Data Captured by an MPOS Card Reader Accessory • P2PE / enciphered data is transmitted via the mobile device to the MPOS solution provider server / cryptographic authentication for device authentication • Securing Personal Account Numbers (PAN) • PAN should not be retained on the mobile device / For Key entered trns – encryption of PAN for transmission • EMV Chip Transactions • EMV level 2 kernel can be on device or on server or split between both • Service providers to ensure there is no latency • Online only trnsallowed

  14. Control in retail payments Solutions for both individuals & corporates • Giving cardholders greater control over how and where their card is used • Multi-level transaction blocking • Geographical limit of the acceptance of cards based on pre-defined regions • Enhanced controls: apply different authorization limits based on multiple criteria such as Amount, Merchant Category, Transaction Type etc. • Cardholders create personalized spending profiles for their accounts, setting up alerts and spending limits according to budget goals and account security concerns

  15. Role of Partnerships

  16. Partnerships to fortify the electronic payments ecosystem Private Investment Industry Initiatives Government Action • Investment in systems upgrade for issuance of EMV chip and PIN cards as banks adopt new systems • Industry-wide shift for adoption of secure ATM and card transactions • Joint education drives at customer, issuer and merchant levels • Enhance efficiency and effectiveness of payment systems • Provider of payment systems (KEPSS) Between 2008-2012, greater usage of electronic payments contributed to 0.8 % increase in GDP in emerging markets and 0.3% increase in GDP in developed markets.. -Moody’s Analytics, February 2013

More Related