Global Standards

QR Code Payment Specs in Japan Could Be Unified by Summer

The Japan News

“The Payments Japan Association, a council on promoting cashless payments that includes representatives from the Economy, Trade and Industry Ministry and the finance and information technology sectors, has announced standardized specifications. The specifications are being called “JPQR.” Currently, the multiple competing specifications have forced retailers to take time and make efforts. Standardized specifications will support the spread of cashless payments.”

Tags: Japan

Standards

What Retailers Need To Know About The New Telephone-Based Payment Card Data Guidance

retailtouchpoints

“The highly anticipated new guidance provides a much clearer path for retail contact centers looking to ensure compliance with the Payment Card Industry Data Security Standard (PCI DSS) and provides critical recommendations on new technologies and processes for securing payment card data.”

Tags: PCI SSC

Security Standards

FIDO2: Android Is Helping Kill Passwords on a Billion Devices

WIRED

“On Monday, Google and the FIDO Alliance announced that Android has added certified support for the FIDO2 standard, meaning that the vast majority of devices running Android 7 or later will now be able to handle password-less logins in mobile browsers like Chrome. Android already offered secure FIDO login options for mobile apps, where you authenticate using a phone’s fingerprint scanner or with a hardware dongle like a YubiKey. But FIDO2 support will make it possible to use these easy authentication steps for web services in a mobile browser instead of laboriously typing in your password every time you want to log in. Web developers can now design their sites to interact with Android’s FIDO2 management infrastructure.”

Tags: Authentication FIDO

Security Standards

Cyber Security for Consumer Internet of Things

ETSI

“The present document brings together widely considered good practice in security for internet-connected consumer devices in a set of high-level outcome-focused provisions. The objective of the present document is to support all parties involved in the development and manufacturing of consumer IoT with guidance on securing their products. “

Standards Tech

NFC Forum unveils technical specification that lets IoT devices use a single antenna for both NFC and wireless charging

NFC World

“The NFC Forum has released a new candidate technical specification that is designed to enable a single antenna in an IoT device to be used to manage both NFC communications and wireless charging.”

Standards

The PCI Council Unveils Its New Software Security Standards

Digital Transactions

“The new set of requirements actually has two major components—The PCI Secure Software Standard and the PCI Secure Lifecycle Standard—and is under the umbrella of what the Wakefield, Mass.-based PCI Council calls its new Software Security Framework. The Council has been working on updating software security for more than a year, and indicated last month that new standards would be published in early 2019.”

Tags: PCI SSC

Standards

Deutsche Bundesbank eases banks into ISO 20022

Banking Technology

“Deutsche Bundesbank, the German central bank, is using Swift MyStandards and Readiness Portal to support the European banking community migrate payment flows to the ISO 20022 standard. The central bank will use the platform to ensure a smooth transition for community members. Deutsche Bundesbank is a member of the four central bank service providers for the Target services. The Readiness Portal will enable all banks and market participants in the Eurozone to access documentation and test their payments messages related to the Target2 real-time gross settlement system, in preparation for the T2/T2S consolidation project in 2021.”

Tags: ISO 20022

Domains Standards

Equinox Payments and ACCEO Tender Retail Deliver PCI 5.x-certified P2PE-ready Solutions on First Data Platform

“Equinox Payments (“Equinox”), a leading provider of payment terminals, software and services, and ACCEO Tender Retail today announced that the Equinox Luxe 8500i and Luxe 6200m payment terminals have achieved EMV end-to-end certification on First Data’s processing platform and are expected to be submitted to the PCI Security Standards Council in February for validation. The solution leverages the First Data payments platform and supports First Data TransArmor encryption and tokenization. Value-add features include First Data’s Dynamic Currency Conversion (DCC).”

Tags: PCI SSC

Standards

Public consultation – SEPA Cards Standardisation Volume v8.5 and Tokenisation Considerations for SEPA Card Payments

ecsg

“The European Cards Stakeholders Group (ECSG), the industry association in charge of cards standardisation in the Single Euro Payments Area (SEPA), is today releasing version 8.5 of the SEPA Cards Standardisation Volume (the Volume) for a three-month public consultation. The Volume is considered a key document for the cards industry, with a goal of achieving cards standardisation, interoperability, and security in Europe.”

Standards Tech

US PAYMENTS FORUM RELEASES GUIDELINES FOR CONTACTLESS ATM TRANSACTIONS

“With more than 85 percent of U.S. ATMs now accepting EMV contact chip cards[1], many ATM owners are looking to make transactions easier and faster by adding contactless EMV chip capabilities. The U.S. Payments Forum today released a new white paper for ATM owners and operators that provides guidance on accepting contactless chip transactions at the ATM.”

Security Standards

FIDO Alliance Specifications Now Adopted As ITU International Standards

“The FIDO Alliance, the industry consortium developing open, interoperable authentication standards, announced today that two of its specifications are now recognized as international standards by the International Telecommunication Union’s Telecommunication Standardization Sector (ITU-T). This milestone establishes FIDO UAF 1.1¹ and CTAP² as official ITU standards (ITU-T Recommendations) for the global infrastructure of information and communication technologies (ICT).”

Tags: Authentication

Standards

The PCI Council Publishes Updated Guidance for Securing Telephone-Based Payments

Digital Transactions News

“The guidance does not add to or supersede any current requirements in the Payment Card Industry data-security standard, the PCI Council’s main set of rules for merchants, processors, and other entities that handle general-purpose credit and debit card data. It was developed by one of the council’s so-called special interest groups, which consist of representatives of companies and other organizations concerned with a specific security issue. In this case, the guidance came from the Protecting Telephone-Based Payment Card Data Special Interest Group.”

Standards

Mastercard CEO ‘Very, Very Optimistic’ About the Coming Common Buy Button for E-Commerce

Digital Transactions News

“Mastercard Inc. president and chief executive Ajay Banga says he’s “very, very optimistic” about the Secure Remote Commerce initiative to reduce clutter on online checkout pages. Banga’s comments came Tuesday morning as he reviewed Mastercard’s results for the third quarter, a period in which U.S. purchase volume rose 10.7% year-over-year to $385 billion and profits jumped 33% to $1.86 billion.”

Tags: Secure Remote Commerce (SRC)

Standards

ASC X9 Launches New Security Study Groups on Public Key Infrastructure (PKI) and Transport Layer Security (TLS)

“The Accredited Standards Committee X9 Inc. (X9) has formed new study groups that aim to improve security and safeguard privacy for the financial services industry in two related areas: one will look into issues regarding Public Key Infrastructure (PKI) Certificate Authorities and the other will research concerns related to use of the Transport Layer Security (TLS) protocol. Participants in both new initiatives are sought.”

Tags: ASC X9

Standards

As an E-Commerce Payment Spec Goes out for Comment, ‘Commercial Applications’ Could Emerge by Early Spring

Digital Transactions News

“The specification, known as Secure Remote Commerce, has emerged from work by EMVCo, the standards body managed by six global card networks, and is aimed at both simplifying consumer checkouts online and at tightening transaction security with tokenization. After comments have been considered and perhaps implemented, EMVCo will publish the final spec, probably early in 2019, Anil says.”

Tags: Secure Remote Commerce (SRC)

Standards

3D Secure v2

Stripe blog

“3D Secure v2 — Our new guide covers what internet businesses need to know about the upcoming new version of 3D Secure.”

Tags: 3-D Secure

Companies Standards

Visa Brings a Simpler, Safer Experience to Digital Payments

“The draft EMV SRC Specification provides a foundation for digital transactions that gives consumers, merchants and issuers a single digital point-of-sale, resulting in a consistent, convenient and secure way to pay. EMVCo has spent the last year gathering feedback from across the payment ecosystem on the specification. Visa now encourages merchants, issuers, acquirer gateways and other interested participants to provide feedback and comment during a 45-day public comment window. Once complete, EMVCo will publish the final specification.”

Tags: Secure Remote Commerce (SRC) Visa

Companies Standards

Creating a Better Digital Checkout Experience

“To enable such a consistent and user-friendly experience, EMVCo on Oct. 19 released a draft version of the technical specification that outlines how card payments can be processed and data exchanged in an SRC transaction. As a member of EMVCo, American Express is participating in the development of these specifications and plans to adopt them to ensure our card members, merchants and bank partners can benefit from SRC solutions that are expected to go live by mid-2019.”

Tags: American Express Secure Remote Commerce (SRC)

Companies Standards

Discover Supports EMVCo’s Release of EMV® SRC Draft Specification, Welcomes Additional Step to Address Broader Industry Feedback

“Discover today announced its support of EMVCo’s v0.9 release of the EMV [®*] Secure Remote Commerce (SRC) draft specification and emphasized the importance of EMVCo’s additional step to provide an opportunity to all industry stakeholders to comment on the standards before the first complete version is issued in 2019.”

Tags: Discover Secure Remote Commerce (SRC)

Security Standards

Financial Industry Unites to Enhance Data Security, Innovation and Consumer Control

“Financial institutions, fintech firms and industry groups announced the launch of the Financial Data Exchange (FDX), a non-profit organization to unify the financial sector around the secure exchange of financial data. FDX will address common challenges around the way the industry shares consumer account information to enhance security, innovation and consumer controls. FDX is a subsidiary of the Financial Services Information Sharing and Analysis Center (FS-ISAC).”

Tags: Data security

Standards

Standards bodies converge on financial sector API blueprint

Finextra

“Financial messaging platform Swift has published a blueprint for common API standards in collaboration with European banking standards bodies Stet and the Berlin Group. The aim is to offer an open, harmonised and interoperable set of APIs as means to reduce complexity and guard against multiple competing standards for bank data sharing.”

Risk Security Standards

2018 Payment Security Report

Verizon Communications

“Lack of sustainable control environments remains a top contributor and precursor to ineffective controls, which in turn become susceptible to data breaches. Organizations achieve sustainable PCI Security compliance when they demonstrate a consistent capability to maintain ongoing operation of all required security controls within their compliance environment.”

Tags: Account takeover Data breach Encryption PCI SSC

Standards

ASC X9 Releases New Standard for Securing and Managing Mobile Commerce

“From a security perspective, mobile commerce has all the vulnerabilities of the internet and wireless environments combined; from a business perspective it encompasses three disparate industries: financial services, mobile telecommunications, and mobile platforms manufacturing. The new X9.112-3 standard guides all these parties toward safer and more efficient implementations of mobile commerce. As mobile devices and services become compliant with this standard, mobile-related risks will decrease, consumer confidence will increase, and mobile-related identify theft and fraud should be reduced.”

Tags: ASC X9

Standards

ISO 20022: standard built for FSI disruption

Fintech Innovation (opinion)

“There are currently over two hundred ISO 20022 standards adoption initiatives in the global financial services industry, and over half of these are operating in a live capacity. Asia is no exception with more than twenty cases of ISO 20022-based financial market infrastructures in production mode. These include stock exchanges and central securities depositories (CSDs) in Singapore, Australia and Japan as well as real-time payment and settlement systems in India, China and the broader ASEAN region.”

Tags: ISO 20022

Companies Standards

ADYEN LAUNCHES FIRST-TO-MARKET 3D SECURE 2.0 SOLUTION TO HELP CUSTOMERS BOOST SECURITY AND AUTHORISATION RATES

Financial IT

“Adyen, the payments platform of choice for many of the world’s leading companies, today launched a fully-certified 3D Secure (3DS) 2.0 solution which it has made available to its customers or merchants needing a next-generation authentication solution. The first-to-market solution is based on EMVCo’s 3DS protocols and will help merchants reduce risk and protect their customers from payments fraud. It also overcomes a significant pain point of 3DS 1.0 by improving the payments experience for customers, particularly on mobile.

Tags: 3-D Secure Adyen

Standards

PCI SECURITY STANDARDS COUNCIL UPDATES PIN SECURITY STANDARD

“Today the PCI Security Standards Council (PCI SSC) published PCI PIN Security Requirements and Testing Procedures version 3.0, the PCI Security Standard for the secure management, processing and transmission of PIN data at ATMs and attended and unattended point-of-sale (POS) terminals. PCI SSC is also developing a program to train and qualify security assessors to support implementation of the PCI PIN Security Standard, to be available in 2019.”

Tags: PCI SSC

Standards

EMVCo Launches EMV® 3-D Secure Test Platform

“EMVCo today announces the availability of the full EMV® 3-D Secure (EMV 3DS)
Test Platform, which enables the functional testing of EMV 3DS solutions. 3DS product providers can now confirm whether their solutions will perform in accordance with the EMV® 3-D Secure Protocol and Core Functions Specification v2.1.0, or its EMV® 3-D Secure – SDK Specification, and receive Letters of Approval from EMVCo.”

Tags: 3-D Secure

Security Standards

Gilbarco Veeder-Root Announces Exclusive EMV Dispenser Program For Chevron And Texaco Marketers And Retailers

Gilbarco Veeder-Root

“With EMV hardware becoming rapidly utilized at dispensers and the release of software to initiate chip payments beginning, Chevron worked with Gilbarco Veeder-Root to offer this limited-time program to help retailers protect their customers and sites from fraudulent events. This program is also an opportunity for retailers to work directly with their local Gilbarco Veeder-Root distributor to further future-proof their sites with other technology upgrades, like NFC readers for contactless payments. Gilbarco Veeder-Root is a leader in both core dispenser technology and the latest in payment security, paired with industry-leading reliability and service network.”

Tags: EMV cards

Standards

Counterfeit Fraud Declines Sharply In US Since Shift To Chip Cards: Visa

Cards International

“Visa has published a new infographic that revealed a 76% decline in counterfeit fraud from December 2015 to December 2017 due to increased EMV chip cards and chip-enabled merchants in the US. The company noted that it registered growth across the number of chip cards and chip-enabled merchants, payment and transaction volume even during the most recent period ending in March 2018.”

Tags: EMV cards

Security Standards

Patientco Launches Cloud-Based Validated P2PE Payment Terminals With Seamless EPIC Credit Card Device Framework Integration

Business Wire

“Patientco, the leading healthcare payments technology company that helps health systems deliver a superior patient financial experience and increase patient revenue, announced today it has developed and deployed the market’s first cloud-based validated point-to-point encrypted (vP2PE) EMV terminals with advanced seamless integration into EPIC’s EHR technology. Working with EPIC and South Georgia Medical Center (SGMC) in Valdosta, Georgia, Patientco developed the technology to provide maximum security while providing simplicity for the SGMC staff.”

Tags: P2PE Validation