©2013 MasterCard. Proprietary and Confidential June 12, 2014 AITEC Banking and Mobile Money COMESA 2013 1 Nairobi, 12 September 2013 James Wainaina, Vice.

©2013 MasterCard.Proprietary and Confidential

April 10, 2023

AITEC Banking and Mobile Money COMESA 2013AITEC Banking and Mobile Money COMESA 2013

1

Nairobi, 12 September 2013

James Wainaina, Vice President and Area Business Head, MasterCard East Africa


Agenda

• The MasterCard Story

• Card Security in East Africa

• Advancing Security, Advancing Commerce

• Role of Partnerships

April 10, 20232


The MasterCard Story

April 10, 20233


MasterCard Today

*This represents MasterCard-branded GDV, does not include Maestro or CirrusAll figures as of Dec. 31, 2012

210countries and territories

35.9 millionacceptance locations

7,542employees

34.2 billiontransactions

US $3.6 trillion* gross dollar volume

April 10, 20234


Four-Party Payment System

ACQUIRER ISSUER

CARDHOLDER

MERCHANT

April 10, 20235


Our Role

Consumers want better ways to pay.We invent them.We invent them.

Checkout linesare too slow.We help themWe help themmove faster.move faster.

Commutersare busy.We speed them We speed them on their way.on their way.

Procurementis complicated.We make it simple.We make it simple.

People have nobank accounts.We find ways to We find ways to serve them.serve them.

April 10, 20236


Card Security in East Africa

April 10, 20237

©2013 MasterCard.Proprietary and Confidential 8

April 10, 2023

Banks reported US $17.52 million lost between April 2012 and April 2013

Loss of Loss of revenuerevenue

Identity theft, electronic funds transfer, bad cheques, credit card fraud, loan fraud and online fraud are some methods used to orchestrate fraud

InfrastructureInfrastructure

Eliminating online and digital insecurities is key as more and more consumers become accepting of online payment channelsCyber securityCyber security

Securing electronic payments

77% of Kenyans willing to 77% of Kenyans willing to buy goods onlinebuy goods online

Kenyan National Payments Kenyan National Payments Systems arm of CBK works Systems arm of CBK works to modernize and increase to modernize and increase efficiencies of the nation’s efficiencies of the nation’s electronic paymentselectronic payments

MasterCard Intelligence: MasterCard Online Shopping Survey 2012


Advancing Security, Advancing Commerce

April 10, 20239


Fraud management for more secure payments

1

2

3

Industry Level Initiatives

Customer Level Fraud Management Initiatives

MasterCard Fraud Management Solutions, Products and Services

• Developing industry standards with stakeholders• Partnering with government agencies• Enabling Strong Authentication: EMV (chip & pin), 3D Secure (MasterCard Secure Code) • Mandated Data Security: PCI-DSS

• MasterCard’s SAFE ( Issuing Bank confirmed reporting fraud to MasterCard)• ADC Account Data Comprise event management (between issuer and acquirer)• Fraud management reviews and fraud consulting services.• Cardholder & Merchant Fraud Prevention Education (Academy, website, conferences). • Excessive Chargeback Program (ECP):

• Expert Monitoring Solutions• Global Merchant Audit Program (GMAP)• Bin Blocking Services• SIS Master Card stand in facility• FRM (ATM covering prepaid and debit)


• EMV Compliance testing has two levels:

– EMV Level 1, which covers physical, electrical and transport level interfaces, (i.e. the hardware) and

– EMV Level 2, which covers payment application selection and credit financial transaction processing (i.e. the software)

If the MPOS features a Chip Reader then both EMV certifications must be in place

EMV / MasterCard Certification

February 19, 2013Page 11

• MasterCard Terminal Integration Process (TIP)

– Check that a Chip terminal meets MasterCard brand requirements

TIP must happen before a terminal can be deployed

• MasterCard Terminal Quality Management (TQM)

– while EMV L1 tests one or two readers this checks that the 200th, 200Kth and 2 millionth devices that are produced are the same as the first!

If the MPOS features Chip then it must have a TQM certificate

Note: Acquirer compliance requirements remains the same as in the case of regular EDC terminal


• PCI Data Security Standard (PCI DSS)– the standard was created to increase

controls around cardholder data to reduce card fraud via its exposure

If card data is being handled, stored, routed then PCI DSS

certifications must be in place

• PCI PIN Transaction Security Standard (PTS)– was specifically designed to protect

consumer PIN data from theft. It is also intended to enforce hardware security of devices that accept consumer PINs and house secret encryption keys of the acquirer

If the MPOS solution can accept consumer PINs, then PCI PTS certifications must be in place

PCI Certification

• PCI Point to Point Encryption Standard (P2PE)

– Secure encryption of payment card data at the point-of-interaction (POI)

Not currently a requirement of MasterCard Rules, however it is an MPOS Best Practice

• PCI Payment Application Security Standard (PA-DSS)

– Secure payment applications, when implemented into a PCI DSS-compliant environment, will help to minimize the potential for security breaches leading to compromises

.

BP

BP = MasterCard Best Practice

https://www.pcisecuritystandards.org

©2013 MasterCard.Proprietary and Confidential Page 13

Securing MPOS Payment Applications PCI SSC is not certifying MPOS payment applications that reside on multi-purpose, consumer

mobile devices (referred by PCI SSC as a Mobile Payment Acceptance Application Category 3). MCW recommends – secure coding / secure software updates / process for handling lost & stolen

devices / remote disablement

Securing Transaction Data Captured by an MPOS Card Reader Accessory P2PE / enciphered data is transmitted via the mobile device to the MPOS solution provider

server / cryptographic authentication for device authentication

Securing Personal Account Numbers (PAN) PAN should not be retained on the mobile device / For Key entered trns – encryption of PAN for

transmission

EMV Chip Transactions EMV level 2 kernel can be on device or on server or split between both Service providers to ensure there is no latency Online only trns allowed

MasterCard mPOS Program – Some best Practices

Service Providers


Control in retail payments

• Giving cardholders greater control over how and where their card is used

• Multi-level transaction blocking

• Geographical limit of the acceptance of cards based on pre-defined regions

• Enhanced controls: apply different authorization limits based on multiple criteria such as Amount, Merchant Category, Transaction Type etc.

• Cardholders create personalized spending profiles for their accounts, setting up alerts and spending limits according to budget goals and account security concerns

Solutions for both individuals & corporates


Role of Partnerships

April 10, 202315


Partnerships to fortify the electronic payments ecosystem

• Enhance efficiency and effectiveness of payment systems

• Provider of payment systems (KEPSS)

Government Action

Industry InitiativesPrivate Investment

• Industry-wide shift for adoption of secure ATM and card transactions

• Joint education drives at customer, issuer and merchant levels

April 10, 2023Page 16

Between 2008-2012, greater usage of electronic payments contributed to 0.8 % increase in GDP in emerging markets and 0.3% increase in GDP in developed markets..

-Moody’s Analytics, February 2013

• Investment in systems upgrade for issuance of EMV chip and PIN cards as banks adopt new systems

©2013 MasterCard. Proprietary and Confidential June 12, 2014 AITEC Banking and Mobile Money COMESA 2013 1 Nairobi, 12 September 2013 James Wainaina, Vice.

Documents

confidential mastercard

mastercard story card

mastercard east africa

confidential fraud management

confidential card security

mastercardbranded gdv

mastercard adc account

online fraud