8/9/2019 Credit Card Mess
1/27
8/9/2019 Credit Card Mess
2/27
Todays Roadmap
Defining the MessAlphabet Soup
Operational Options and RiskAlternative Payments
8/9/2019 Credit Card Mess
3/27
Motivation
Credit Cardassociations are
concerned! Fraud
Identity Theft
Business Model
In 2005
Fees collected frommerchants: $48.6 billion
Average fee 2.2% persale for Visa andMasterCard
8/9/2019 Credit Card Mess
4/27
An Unprecedented Event
December 2006: Visaholds a Payment
Application VendorConference
83 companies attended
11 companies from the
parking biz
John Van Horn arrangedmeetings before and afterthe VISA conference for
the parking industryattendees
Complus Data Innovations
Digital Payment Technologies
Federal APD
Hamilton Manufacturing
IntegraPark
Parkeon
Scheidt & Bachmann
SKIDATA
T2 Systems
VenTek
Zeag USA
8/9/2019 Credit Card Mess
5/27
Whos Who in the Zoo?
Card Association
Cardholder Merchant
AcquirerIssuer
8/9/2019 Credit Card Mess
6/27
Transaction Authentication
Card Association
Cardholder Merchant
AcquirerIssuer
8/9/2019 Credit Card Mess
7/27
How the Benjamins Move
Card Association
Cardholder Merchant
AcquirerIssuer
8/9/2019 Credit Card Mess
8/27
Todays Roadmap
Defining the MessAlphabet Soup
Operational Options and RiskAlternative Payments
8/9/2019 Credit Card Mess
9/27
Most Common Acronyms
CISP, SDP, DSOP, DISC
Individual security programs from Visa,MasterCard, American Express, and Discover.These have mostly been replaced by PCI DSS,however the terms are still floating around.
PCI DSS Payment Card Industry The association created
by Visa, MasterCard, American Express, JCB, andDiscover to set industry standards.
Data Security Standard. The digital dozenitems associated with providing data security.
8/9/2019 Credit Card Mess
10/27
YAA (Yet Another Acronym)
CVV2
Card Verification Value This is a 3 or 4 digitnumber used for fraud prevention. Its printedon the card, but not found in the mag-stripe.
8/9/2019 Credit Card Mess
11/27
More Acronyms (Payment)
ACH
Automated Clearinghouse An inter-branchbanking standard for handling large batches ofsmall transactions.
HTTPS
Hypertext Transfer Protocol (Secure) Thetechnology used to ensure web page data cantbe snooped.
Gateway Not an acronym, but a common term. It is the
software or application that talks to a processor.
8/9/2019 Credit Card Mess
12/27
Even More Acronyms (Security)
AVS
Address Verification System A system to ensurethat the cardholders provided address matchesthe one on file.
PABP
Payment Application Best Practices Guidelinesto assist software developers and vendors tocreate secure payment applications.
QSA Qualified Security Assessor Any company
approved to provide certification of PCI DSScompliance.
8/9/2019 Credit Card Mess
13/27
Todays Roadmap
Defining the MessAlphabet Soup
Operational Options and RiskAlternative Payments
8/9/2019 Credit Card Mess
14/27
PCI DSS Compliance
PCI DSS (Payment Card Industry DataSecurity Standard) is a combination of twothings:
Softwareused for
transaction
processing
Merchantssupporting
network and
environment
PCI DSS
Compliance
8/9/2019 Credit Card Mess
15/27
PCI Compliance Elements
1. Build and maintain a securenetwork
2. Protect card holder data
3. Maintain a vulnerabilitymanagement program
4. Implement strong accesscontrol measures
5. Regularly monitor and test
networks6. Maintain an information
security policy
8/9/2019 Credit Card Mess
16/27
Your Payment Gateway
What is a Gateway?
Merchant chooses gatewaysoftware to connect one (ormore) Acquirers
Authentication Options:
Dial-up (phone)
Dedicated line (phone)
Cellular data (wireless)
Internet (agnostic)
Merchant
Acquirer
Gateway
8/9/2019 Credit Card Mess
17/27
Payments
Card Present versus Card NotPresent
Card-not-present is consideredat higher risk of fraud, so itcarries higher fees
Signature Requirement New rules allow transactions
under $25 (and card present) tobe processed without asignature.
8/9/2019 Credit Card Mess
18/27
Three Elements of Authentication
Any one ofthesealone isthought ofas weak
security. Two (or
more) areconsideredto strongsecurity.
Something you
HAVE
Something you
KNOW
Something you
ARE
8/9/2019 Credit Card Mess
19/27
CVV2: the Good, the Bad, and the Ugly
Good
A CVV2 code is a way of trying to ensuresomething you know in addition to somethingyou have.
Bad
You only have the something you know whenyou have the something you have. So is itreally a second security element?
Ugly Fraudulent web sites collect and save this data
anyway, sell it on the open market.
8/9/2019 Credit Card Mess
20/27
Biometrics? No thank you!
Biometrics
Using finger and palm prints, retina and voicescanning, facial and gait recognition
Problems:
Not all biometrics are unique (example: twinshave the same fingerprints)
If compromised your biometric is invalid forever and you cant change it!
8/9/2019 Credit Card Mess
21/27
Todays Roadmap
Defining the MessAlphabet Soup
Operational Options and RiskAlternative Payments
8/9/2019 Credit Card Mess
22/27
Credit Card Competition
The weakness of credit cards are creatingopportunities for competitors:
Micropayment Aggregators
Pay-by-cell
PayPal
Smart Cards, RFID, and e-Wallet
8/9/2019 Credit Card Mess
23/27
Micro-payment Aggregators
Aggregators attempt togroup payments
together to reducetransaction fees.
Advantages
Reduced transaction fees
Parker access topayment history
Loyalty program
Disadvantages Only provides value
when there are multipletransactions on the samecard within a given time
Slight delay insettlement
8/9/2019 Credit Card Mess
24/27
Pay-by-Cell (PbC)
Advantages:
Augments usage of existing single-spacemeters (and other metering devices)
No additional cost to the parking office toimplement this offering (PbC company
usually provides the signage andadvertising).
Works with multiple zones, rates and tariffs.
Disadvantages Completely dependent on real-time wireless
handheld enforcement.
8/9/2019 Credit Card Mess
25/27
PayPal
PayPal is the standardfor Internet money.
End of 2006 there were133 million accounts(most active)
PayPal processes moretransactions annually
than American Express!
How PayPal works: Online customer creates
an account, puts moneyin the account using acredit card.
Money is drawn from theaccount as the customermakes purchases online(or can draw off a creditcard).
Recent expandedofferings:
Send money online Text to Buy
Online debit card
8/9/2019 Credit Card Mess
26/27
Smart Cards, RFID, and e-Wallet
Smart Cards
Though capable of so
much more, these areprimarily being used aselectronic wallets.
Money is loaded ontothe card electronicallyand debited with eachuse.
RFID tags are uniqueidentifiers associated
to a users account PayPass
SpeedPass
E-Z Pass
8/9/2019 Credit Card Mess
27/27
Questions
Thank You!