Would begin accepting chip and transactions. That they would actively, and grow so the issue such cards moving forward. Layers ofut a multi our system and how retail transaction at all those layers can be more secure coming forward. Local inis in other states and entities, we put out a guidebook of sorts, tot part this is, to guide state and local entities so they can work more aggressively and actively to do what other states are doing and issue chip and pin protected cards. I encourage you to go to gsas website and see how they suggest to follow suit and address transactions more securely. Stakeholder, i will do in my closing. I will close by saying, i think we are at a strategic point. We are positioned for success moving forward with all of the people in the room, and the panel, and the private sector, various Government Agencies and other entities in the past year. But there is a lot of work that needs to be done. Nothing is a Silver Bullet. Puzzled. Pieces of the the last thing is the American Consumer. Thecourage we include American Consumer in the conversation. Not just how they should start using the chip on their card but managementty threat looks like moving forward. How to move past the password of identity future protection looks like for all of us. Thank you. [applause] berwin we have an outstanding panel today. Are not necessarily going to speak in the order of lined up here. I will ask them to nod as i introduce them and we will get started. Is with, lou garner who merchants advisory group. , Senior Vice President and senior legislative counsel for the american bankers association. Team of ansumer issue member of the National Consumers gue, the Vice President of and the president of the American Consumer institute. I have had the pleasure of working for many years with both john and steve on a whole host of consumer issues. It is wonderful to have them here to join me. First off, i would like to call on liz to talk to us and explain what retailers are doing to better protect consumers. Liz thank you for having us today. To start, i would like to engage many people how know how many mastercards have two compromised in the last years . How many people could name a big retailer or big bank to is been compromised in the last two years . What i hear on the panel. It is our members and our brand who are at stake. It is our relationship with our customer. Paramount toata is the community. It is something all of our people take seriously. Are thect members finance and treasury professionals. I can tell you that came in security is the number one issue for us. The brand damage and Customer Service issues like a bank faces. In the wake of a data breach. Here are a couple things we are doing. Technologies at market. Were going to talk a lot about emb today. Andothers are tokenization and corruption. Tokenization masks data. Data out of the scope. If it is stolen, it makes it unusable. And corruption is when you protect data in transit. When i swipe a card at my Neighborhood Grocery store, it goes out through my merchant. Goes to the issuing bank and then it goes back to the merchant point of sale. That is not even talking about some of the new transactions. Mobile carriers, apple on my and dried, samsung, someone else who is also going to touch the data. Protecting it all the way through the transaction is critical. Encryptionn and together. When i talk about tokenization i am not talking about an offtheshelf brand. I am talking about our own proprietary tokenization that several members have been using. We are allinclusive. Not just credit and debit cards. Retail gift cards. Those are two of the Security Technologies we are very focused on employee. Emc is the one everybody is focused on. What is emv . European visa mastercard. The computer chip on a card that helps event against counterfeit fraud on the card. It makes it more difficult or me as a eve to recreate this versus the old mastercards we still use today. The important thing is this cardpresent counterfeit fraud. We are the last country in the industrialized world to go there. One,ve the date, over 2015. Date, october 1, 2015. I think, if we look at some of the global deployment numbers, it is interesting that worldwide. Aboutoption rate is 4050 , on the merchant side, i , it ist up the means closer to 8090 . Were likely to see the same trend in the United States. Merchants are more likely to adopt the card if it will reach. E their only one in 10 cards right now americanip that are in consumer wallets. Were close to october 1 now. What does it mean for consumers date . E hit the october 1 some businesses will be ready to accept the cards. Some will be able to use it. Some businesses will not. I want to go into a few reasons why. It is not for lack of trying. I talked to one of my large consumers yesterday that has not certified they can accept the cards. He cannot roll out emv acceptance and till it is tested. One reason we are lagging behind is this is a global specification. There are a few card brands that govern the acceptance. One thing we saw was a technology delay, whereby in the United States we have debit domestic cards networks. On the side of the machine you see, halls, star, those kinds of groups. Pulse, star, etc. The timeline for Technology Deployment even for a simple , processor, everybody has to test and certify it is safe and secure for the consumer to use these products. We want to make sure it works smoothly for anyone coming into the store. Be there october 1 across the board, but we are going to be moving in that direct and. Some people ask me, will all merchants employee emv . We have to ask, what is the method . There is a huge benefit to merchants if they can employee this. We are thrilled with the white house initiative. Said. Llion cards, marissa that is fantastic to already be there. Athave that many cards out market. The challenge to get terminals , i think it is great the government is making such great headway there. I have a friend at the state department who is one of the credit cards. She was excited to get a because she travels in Eastern Europe all the time and its a and has had trouble using her government cards. We are moving in the right direction. One of the challenges in the United States is we are not a 10 nd only the chip and we are not adopting the chip and in technology. Cardve roadmaps from major brands. There has been more concentrated networks and market share in signature versus penn. On the issuers side, as a business, i am very sensitive to the argument that putting a password on one of these cards might make it a little it more friction when i will that card out as a consumer. As a business, i am going to be worried. On the flip side, i question how that risk . That is a business driven decision, not a security driven decision. Twofactor authorization is the way to go to increase security for card holders. As someone who is had my phone swiped, not passwordprotected, i will never not password this again. Apple gives me the ability that i have to enter a password to use his. Side, not putting passwords on these products is doing them to service. I mentioned before, we are the last industrialized country to cards. Ward chip and pin one of the benefits is we have technology than others. The ability to accept pin numbers online. That is a great feature that several of my members have deployed. If there are pins on these cards, that will help reduce ecommerce fraud. Ecommerce fraud is one of the most Fastest Growing frauds. Of fraud. A lot on the merchant side, were bearing somewhere between 70 and 100 of all that fraud. Protectinge ecommerce transactions is paramount. Aboutst thing i will say pins, you have a chart there from the study that came out last week. Look at the fraud loss line. That shows you why we prefer pin in the industry. Times moreeight secure if you have a penprotected transaction. Pinprotected transaction. Look at the interchange regulators. I would push back significantly that if there is any other rationale behind merchants , we need to be pinprotecting, passwordprotecting products. So that we can better protect consumers and businesses from fraud. Australia launched a pin campaign that was run by all the to move tobrands pins on credit cards. They did it in a thoughtful way. Based on the risk of the transaction. There is a very egg difference we twain a stop in to a mcdonalds or wednesdays at noon on friday the in the areas at noon on friday. If i am borrowing buying a or dollars worth of foods, admin0, but at noon night or 1 00 a. M. , i might want to ask for identification and of there is not a in on that product i cannot do that for pin if there is not a number on that product, i cannot do that. We need to take the Technology One step further and pinprotected. We are going to move to bill who will talk about the Financial Services industry from the american bankers association. Talk about your perspective. Thank you, bill. Bill thank you for inviting me. Impressives is in turnout. I do not know if it is the free lunch, but i am and pressed that you are out here on august recess. Your openingl you, remarks werent terrific. Marissa, yours were magnificent. The stage for the talk. Information sharing is huge for us. We appreciate the work at the white house has done. Throughrying to get it the senate. You have been very concerned. We agree information sharing is another side to the coin. The most important part is sharing threat information. Wereyour arguments terrific. Your analogy to latenight transactions, if there is any transaction that is after 10 00 at night that involves me, it is an inherently suspicious because i am in bed by 10 00. I would appreciate getting a call from my Credit Card Company to tell me about that. I had a recent experience that involved that did not involve eight in number at all. It involved a card of a major brand headquartered and virginia, if youre listening. I had a nice little lunch. I took out my son who is an intern at the american bankers association. And quiet lunch at a restaurant. Not a big ticket item. Enjoyment of having a conversation with my son, you know with teenagers at does not happen very often. I left an excessive tip, which was over 20 . The next thing that happened was that my institution sent me an email asking me if that was me doing the transaction and looking at the fact that it was in excess of 20 . I think it is my point overall, and i can look up my remarks and we can have added, that the talk pin is the talk about a multisector environment. And ands not the beall all of everything. There is technology right now, aometrics that authenticate transaction that is in place that quite frankly, are better than static technology such as pins. Call from your institution, almost immediately after a transaction asking if it is fraudulent or not, that is pretty darn good work. We do not want to sit back and just say, if we put in place a fourdigit number that will solve all the problems. Deal with does not the online transactions. We have got to Work Together to solve these transactions. We want to work with you, we want to work with consumers. We want to make emv a success. We want to continue to evolve our technology. You have to realize that our credit market is one of the most complicated and extensive markets and the world. A couple of facts. 1. 1 billion credit and debit rightare in circulation now. 1. 1 billion. The government noticed, Good Progress with chip and pin. The government is a huge operation, but it is not like the private sector. Of credit cards was. Early 5. 4 trillion in 2014 the number of Card Transactions was over 100 billion in 20 14. In 2014. Folks, this is a big aircraft carrier. It takes a long time. Mentioned, there is an Inflection Point we are dealing with. I have heard various reports about how many chips have been merchants. E by from our perspective, from the banks, by the end of this year, there will be 600 million, maybe even more of these cards that have been issued. Work with ourcan partners in the Merchant Community and the consumer sector, we may be able to cover most of the cards out there by the end of 2017. It will take a lot of work. Cooperation. If we can continue to have these conversations, we can work towards that goal. I do not need to go into a lot of the migration. There has been a lot of work behind the scenes, between the networks to put into place a uniform date for when this chip pin liability occurs. But it is not a deadline. It is a position point for when the shift occurs. It does not mean that to every bank has got to issue that kind of card. But it it but it encourages the right thing. We want to in sent people we incent people to do this. We dont want to encourage technology. We need to Work Together to solve the problem. Thank you very much, bill. We are going to move from the industry perspective to the consumer perspective. John, with the National Consumers league, tell us some of your thoughts about the consumer advocate perspective. Quick baseline. Mcl is the nations oldest consumer advocacy organization. Around a long time. The issue we are seeing here is, olde shift away from the Magnetic Stripe technology to emv, it is a more secure technology. Chip and signature, is it as and pin . Chip not in our view. That is because of the way you authenticate a cardholder. That said, it is a significant improvement in card security versus traditional men neighbor stripe only versus traditional Magnetic Stripe only. Physical cardyour and someone takes your card into a retailer to try to use it, in would and pin world that be practically impossible, although there certainly are, and we just saw this morning, a writer talked about new skimming technology coming out of mexico that may make chip cards more vulnerable than we previously suspected. Emv. E moving to i do not think there is any question that is happening. There are millions of these cards that are being provided to consumers. This is something consumers are going to get used to having in their wallet. Going to be the Silver Bullet against fraud. We have seen it in the u. K. Much of the fraud that was associated previously with card duplication or card content fitting, instead moved to card not present fraud. That is online fraud. Consumers are going to have to maintain vigilance. We are going to continue to have to recommend to consumers they Pay Attention to their credit card statements, flag any suspicious charges, so that certainly that is one area we expect to see based on international experience. On the legislative side, i am glad you raised this earlier in your remarks. This is an area that despite the Technology Advances we are seeing in the industry, there remains a very strong need for baseline security legislation from the u. S. Congress. Billas supported a provided by senator leahy. A bill that will soon be introduced. We think that is a bill which not only provides baseline security protections that would require all businesses to adhere to a certain level of Data Security protection, but also provides a standard that raises as opposed to looking for a least common denominator approach that would reduce Consumer Protections. We are going to be supporting a thatill in illinois strengthens their existing security data legislation. Look to states like illinois and massachusetts as templates for good security or texans that could be considered as a national template. Concerned about with regards to getting back to tail ofssue is the long Small Businesses. Many of the largest retailers will be implementing chip and able to terminals. Enabled terminals. Places, they are already turning on the Chip Technology. Thismentioned earlier, will take a while. Consumers should not expect that by october 1 their cards will be secure when they go to their local retailer. Forthey should Look Retailers that have the chip turned on. That will take Consumer Education to make consumers understand why chips are a better way to pay. The benefits the Chip Technology brings. But they will also continue to stripe. Gas stations, for example, their terminals will subject to liability until the end of 2017. In addition to that, you are going to have many Small Businesses that simply are going to make the decision their liability for fraud is not enough to outweigh the substantial cost of acquiring a new payment terminal. We will continue to see small stores continue to take mag foreseeablethe future. In closing, we are glad to see emv rolling out. We do think it is more secure, but it is not the Silver Bullet. I think the federal government can lead by example here in a. More secureng payment technology. We are happy to be here. Thank you for inviting us to speak on this important issue. One quick plug, if you are interested in consumer Data Security issues, we have Just Launched a new publication called our data insecurity links that will include thank you john. Icles about steve, you are up. Stephen thank you very much for inviting me. I am president of the American Consumer institute. We are in Educational Research institute. It is a pleasure to be here. Havee just i think we heard a good baseline here for this discussion. I just want to emphasize a few point and then add in