Payments Courses
Level - Beginner/Intermediate
Course SPA-PK1 - Card Payment Fraud
Course SPA-PK2 – Mastering EMV and Mobile Payment Security Essentials
Course Overview
Course SPA-PK1 - Card Payment Fraud
We have developed a comprehensive course on all aspects of Card Payments Fraud, in four different modules. These modules describe both Card-Present and Card-Not-Present fraud types and fraud prevention methods deployed today.
Here is a description of the four modules in this course:
SPA-PK1 – Module 1 - “Card Present Payments Fraud”
In this module we describe card-present transactions, the fraud associated with card-present payments, and techniques used to mitigate and block card-present fraudulent activities. We describe the EMV technology and its security features that are being deployed globally to block card-present payment fraud.
We also describe mobile contactless card payment technology using NFC interface, and how the mobile contactless is being secured stopping fraudulent payment transactions.
SPA-PK1 – Module 2 – “Online Payments Fraud”
In this module we continue with online or Card-Not-Present payment transactions fraud that has become a huge problem, especially after COVID-19 lockdowns when everyone had to go online for their purchases and pay online. This module includes an explanation of the differences between Card-Present and Card-Not Present
payment transactions and the way fraudsters attack each scenario. We detail different types of online or card-not-present fraud. This is followed by a description of technologies used to mitigate online card payment fraud.
SPA-PK1 – Module 3 - "Mobile Device Authentication & Customer Verification"
This module includes a description of technologies and methods used for authenticating mobile devices. This is really important for preventing fraudulent payment transactions from mobile devices. This is followed by categorizing techniques used for mobile authentication that includes customer verification.
There are four groups of techniques each with a number of sub-groups. These are all described in this third module.
SPA-PK1 – Module 4 - “FIDO-3DS-SRC and Tokenization”
In this chapter we describe FIDO, or Fast Identity Online. FIDO Alliance Association has developed a number of specifications for allowing users to authenticate themselves to an approved device, and the approved device will then provide secure authentication for access to external services that users need. This is followed by three EMVCo sets of standards for providing additional security for online card-not-present purchases. These include: 3D Secure, Secure Remote Commerce and Payment Tokenization.
Course SPA-PK2 – Mastering EMV and Mobile Payment Security Essentials
This is a crash course on Mastering EMV and Mobile Payments Security Essentials. We talk
about EMV standards – that apply to the chip on your payment card. The basis for everything
we do today with payments security is the EMV standards - including contact and contactless
payments card payments, mobile handset payments with different digital wallets such as
Samsung Pay and Apple Pay Wallets. In order to understand the effects of these standards in
card payments, mobile payments and online payments, we need to explain the EMV payments
technology.
In this crash course we provide deep dive description of EMV, card payments, mobile payments
and how the various security features are used to prevent different types of fraud.
Course SPA-PK1 - Card Payment Fraud Objective
At Secure Payments Academy we have been providing payments technology training courses, covering current and new card payment technologies. This course is a deep dive guide into “How to mitigate fraudulent transactions” for the card present as well as the CNP eCommerce world. All our courses are designed based on our hands-on experiences in implementation of payment technologies through our consulting engagements. Our consulting work is through our main company Smart Commerce International or www.scil.us, our training courses are listed in www.securepaymentsacademy.com.
Course SPA-PK2 – Mastering EMV and Mobile Payment Security Essentials Objective
At Secure Payments Academy we have been providing payments technology training courses, covering current and new card payment technologies. This course is a deep dive guide into “How to mitigate fraudulent transactions” for the card present as well as the CNP eCommerce world. All our courses are designed based on our hands-on experiences in implementation of payment technologies through our consulting engagements. Our consulting work is through our main company Smart Commerce International or www.scil.us, our training courses are listed in www.securepaymentsacademy.com.
Who should Attend:
Course SPA-PK1 - Card Payment Fraud
Payment stakeholders with an online presence for online purchase and payment of goods.
Merchant System Operations, Engineering
Issuer/Processor Operations, Engineering
Fraud Analysis personnel
System Architects and Developers
IT and Technical Departments
Vendors of CNP fraud detection Systems
Course SPA-PK2 – Mastering EMV and Mobile Payment Security Essentials
Payment stakeholders who in a short time need to understand the security features of
payments
Issuer/Processor Operations, Engineering
Online eCommerce vendors
Fraud Analysis personnel
Vendors of CNP fraud detection Systems
Personnel who are not payment specialist but need to understand payment security
features
Learning Outcomes:
Course SPA-PK1 - Card Payment Fraud
Describe the fraud types for card present transactions.
Analyze security types provided by EMV for both contact and contactless transactions
Identify differences between CNP and card present fraud patterns
Evaluate how tokenization impacts CNP fraud types
Explain how FIDO and 3DS detect fraud
Illustrate how SRC and PCI function within the CNP environment
Course SPA-PK2 – Mastering EMV and Mobile Payment Security Essentials
Understand the role EMV plays in payments and its security features.
Types of fraud EMV security features stop
Understand the role of Mobile’s Security Module
Describe functions of Digital Wallets and their use in mobile payments
Analyze EMV security features as it applies to card, mobile and eCommerce payments
Course Syllabus
Course SPA-PK1 - Card Payment Fraud
SPA-PK1 – Module 1 - “Card Present Payments Fraud"
• What is Card-Present Fraud
• Card-present fraud types
• EMV Technologies
• Features of EMV technology Security
• Deep dive into EMV Security types
• EMV and how it mitigates Card-Present Fraud
• NFC (Near Field Communication) or Contactless Technology
• NFC Security
• Use of CDCVM (Consumer Device Cardholder Verification Method)
• Mobile Devices for Card-Present Transactions
SPA-PK1 – Module 3 - "Mobile Device Authentication & Customer Verification"
Consumer Verification:
• Static Password, Knowledge-Based Authentication
• Out of Band Authentication: One Time PIN or Passcode
• Mobile PKI for Push-Based Authentication
• Virtual Credit Card Authentication
• CDCVM/ODCVM
• EMV Secure Remote Commerce (SRC)
• Biometrics
• FIDO (Fast Identity Online)
• W3C WebAuthn API
Device Authentication:
• Dynamic Cryptogram
• MNO Risk Scoring, Phone Number Validation, Device Binding and MNO Intelligence
Risk-Based Authentication:
• Adaptive Authentication
• EMVCo 3D Secure
• Identity & Verification (ID&V) Provisioning
Analytics and Familiarity Signals:
• Predictive Analysis
• Machine learning/AI Authentication
• Device Familiarity, Risk & Attack Sig
SPA-PK1 – Module 2 – “Online Payments Fraud”
• Introduction – a description of what is online fraud and how it affect the payment systems
• Card Present Vs Card Not Present Transaction Flows
• Card Not Present Online Fraud – we describe types of online fraud
• True Cost of Fraud – we describe three scenarios and how stakeholders are affected by fraudulent activities for online payments
• Card Not Present Fraud Mitigation Principal Attributes – we describe the main attributes of techniques used for mitigation technologies
• Card Not Present Fraud Prevention Technologies – here we describe different techniques used for online fraud prevention.
SPA-PK1 – Module 4 - “FIDO-3DS-SRC and Tokenization”
• FIDO (Fast Identity Online)
• EMVCo 3D Secure
o Components of 3DS
o Data types collected
o Analysis of data collected
o How to decide Approval or Decline of transactions
o Example of a 3DS system
• SRC – Secure Remote Commerce
o SRC Participants
o SRC Use Cases
o SRC Interaction with other applications
• EMV Payment Tokenization
o What Is Tokenization
o Implementation Considerations for Tokenization
o Tokenization Use Cases
o Security Considerations for Tokenization
o EMV Payment Tokenization Services
o Merchant Card-on-file (COF) Tokenization
Course SPA-PK2 – Mastering EMV and Mobile Payment Security Essentials
• EMV Security Fundamentals, & Mobile Payments
• Presenter Background
• EMV Payments
• Introduction to EMV
• EMV Transaction Structure
• EMV Standards
• EMV Chip Architecture and Card Fabrication
• EMV Contactless Payments
• Contactless Introduction
• Messaging Modes for EMV Contactless Payments
• Mobile NFC / Contactless Technologies
• Personalization and Provisioning for Mobile Payments
• Secure Element
• Host Card Emulation
• Payments Tokenization
• Apple Pay– Contactless & In-App Payments
• Mobile Payment Wallets
• Payment Account Reference
• Future of Payments
• Contacts & Other Information
Meet the Instructor
Mansour Karimzadeh
An experienced Technical Consultant with over 25 years experience in the financial and telecommunications industries, Mansour had major roles in strategy, design, development, project management/implementation and marketing of smart card solutions in financial and payment markets.
He worked with all major credit card brands and many major banks and financial institutions internationally.