EMV application and monitor

The workplace of the ECV testing complex is a special smart card reader with a license card installed and a payment card verification program that can only function if it detects a special smart card reader connected. Other smart card readers can also be connected to the workplace of the test Suite, but a special device with a license card installed is required. This is only due to the fact that Scantek licenses the use of the ECV testing Suite using a license card. All smart card readers that the ECV testing Suite works with are PCSC devices. PCSC (correctly PC/SC, but in Russia the name PCSC without slash has long been accepted) is an abbreviated name (Personal Computer/ Smart Card) of the Microsoft specification for integrating smart cards into the personal computer environment. Microsoft implemented PCSC in Windows 200x/XP (and even made PCSC available in Windows NT/9x!). Interestingly, a free implementation (free software) exists even for Linux (as well as other Unix) in the form of PC / SC Lite, and not quite a legal version of PC / SC Lite exists even for Mac OS X. All these arguments are interesting, but the payment card verification program only functions under the Windows operating system.

The Windows 10 version is recommended, but in any case, the operating system version must be at least Windows 2000/XP. Any versions of the program running Linux (and other Unix), as well as Mac OS, are not planned, and are unlikely to ever be implemented. After launching the payment card verification program, the program window appears on the display screen of a personal computer running Windows. Of course, the window doesn’t look quite like this (or even quite like this). Because the figure highlights groups of control elements that are used to regulate the process of researching an EMV application and monitor its progress.

  • Define the terminal keys that are required to process the transaction, as well as the keys that the terminal emulator needs to simulate online processing.
  • The main parameters of the payment transaction and, possibly, personal identification of the cardholder.
  • Parameters and features of online processing emulation.
  • Additional checks that must be performed for the card or payment application.
  • Log of events (Protocol) that occur during the operation of the test Suite, as well as buttons for managing the log.
  • Buttons for controlling the test Suite. Further, the program features are discussed in detail in accordance with the selected groups of control elements. This is necessary so that the user can understand what features are available when analyzing an EMV application. Although the payment card verification program is thoroughly “documented” (when you hover the mouse over any control element, a hint is displayed that serves as an additional means of training the user), this does not mean that all the features will be transparent to the user and he will understand the logic of the developer. Choosing a payment application One of the main problems that arise when analyzing a card is to determine which payment applications are on the card. As mentioned earlier, there are two methods for selecting an application for a POS terminal: direct selection and selection from a list (PSE or PPSE). The terminal emulator allows you to do the same, but with some additional features. The definition of parameters for selecting the analyzed payment application is illustrated in Fig. 7. But first you need to select the PCSC device that the card will be installed in. To do this, use combo-box1, which contains a list of all smart card readers connected to the computer. The list of devices is created when the payment card verification program is launched. If a new PCSC device is connected dynamically during operation, it is sufficient to build the list of devices again. A Combo box is a control that is a combination of a list of items and an edit line. In the future, this control will be called combo-box, because for IT professionals, translation can lead to a misinterpretation of the term. The method used for selecting the payment application to be analyzed is indicated by parameters that are determined using the remaining control elements. First, you can explicitly specify that an app with the specified ID (AID) should be selected on the map. To do this, in the combo-box “Application”, select a line with one of the standard AIDS corresponding to the payment application. Second, you can specify that a list of candidate applications should be built and the analyzed application should be selected from this list. The list of candidate applications is constructed as follows:
    ▪ an attempt is made to find on the map all applications whose AID starts with RID1 payment systems listed in the combo-box list
    ▪ any app found is checked and set whether it is a payment

The workplace of the ECV testing complex is a special smart card reader with a license card installed and a payment card verification program that can only function if it detects a special smart card reader connected. Other smart card readers can also be connected to the workplace of the test Suite, but a special device with a license card installed is required. This is only due to the fact that Scantek licenses the use of the ECV testing Suite using a license card. All smart card readers that the ECV testing Suite works with are PCSC devices. PCSC (correctly PC/SC, but in Russia the name PCSC without slash has long been accepted) is an abbreviated name (Personal Computer/ Smart Card) of the Microsoft specification for integrating smart cards into the personal computer environment. Microsoft implemented PCSC in Windows 200x/XP (and even made PCSC available in Windows NT/9x!). Interestingly, a free implementation (free software) exists even for Linux (as well as other Unix) in the form of PC / SC Lite, and not quite a legal version of PC / SC Lite exists even for Mac OS X. All these arguments are interesting, but the payment card verification program only functions under the Windows operating system.

The Windows 10 version is recommended, but in any case, the operating system version must be at least Windows 2000/XP. Any versions of the program running Linux (and other Unix), as well as Mac OS, are not planned, and are unlikely to ever be implemented. After launching the payment card verification program, the program window appears on the display screen of a personal computer running Windows. Of course, the window doesn’t look quite like this (or even quite like this). Because the figure highlights groups of control elements that are used to regulate the process of researching an EMV application and monitor its progress.

  1. Define the terminal keys that are required to process the transaction, as well as the keys that the terminal emulator needs to simulate online processing.
  2. The main parameters of the payment transaction and, possibly, personal identification of the cardholder.
  3. Parameters and features of online processing emulation.
  4. Additional checks that must be performed for the card or payment application.
  5. Log of events (Protocol) that occur during the operation of the test Suite, as well as buttons for managing the log.
  6. Buttons for controlling the test Suite. Further, the program features are discussed in detail in accordance with the selected groups of control elements. This is necessary so that the user can understand what features are available when analyzing an EMV application. Although the payment card verification program is thoroughly “documented” (when you hover the mouse over any control element, a hint is displayed that serves as an additional means of training the user), this does not mean that all the features will be transparent to the user and he will understand the logic of the developer.

  1. Choosing a payment application One of the main problems that arise when analyzing a card is to determine which payment applications are on the card. As mentioned earlier, there are two methods for selecting an application for a POS terminal: direct selection and selection from a list (PSE or PPSE). The terminal emulator allows you to do the same, but with some additional features. The definition of parameters for selecting the analyzed payment application is illustrated in Fig. 7. But first you need to select the PCSC device that the card will be installed in. To do this, use combo-box1, which contains a list of all smart card readers connected to the computer. The list of devices is created when the payment card verification program is launched. If a new PCSC device is connected dynamically during operation, it is sufficient to build the list of devices again. A Combo box is a control that is a combination of a list of items and an edit line. In the future, this control will be called combo-box, because for IT professionals, translation can lead to a misinterpretation of the term. The method used for selecting the payment application to be analyzed is indicated by parameters that are determined using the remaining control elements. First, you can explicitly specify that an app with the specified ID (AID) should be selected on the card. To do this, in the combo-box “Application”, select a line with one of the standard AIDS corresponding to the payment application. Second, you can specify that a list of candidate applications should be built and the analyzed application should be selected from this list. The list of candidate applications is constructed as follows:
    ▪ an attempt is made to find on the card all applications whose AID starts with RID1 payment systems listed in the combo-box list
    ▪ any app found is checked and set whether it is a payment application
    ▪ if the application is a payment application, it is entered in the list of candidate applications. After completing the procedure for building a list of candidate applications, the user is asked to select the application under investigation from the list

  1. RID is the first five bytes of AID that are assigned to the payment system and uniquely identify it. For example, MasterCard is assigned a RID in the form A000000004 and the AID of all MasterCard card products must start with this RID. Not all applications on the card with the payment system’s RID are necessarily payment applications. There may be special service applications on the card that are related to the payment system, but cannot be used by the terminal for conducting a transaction. Third, the application of interest can be explicitly defined. To do this, select the line “Explicit application definition” in the combo-box list, and then enter the application’s AID in the “AID” editing element. In this case, you may need to select the application type from the combo-box “Type” list. Finally, the application can be selected from the PSE list (for contact mode) or the PPSE list (for contactless mode), if they are on the card. In this case, the final choice of the application is left to the user. It must select the application being analyzed from the list