News
Development of payment cards technologies
A payment card can be viewed from various points of view: as a product offered by the Issuer to the holder (for example, as a Bank product), as a technical product of the card manufacturer, or even as a work of applied art. However, this consideration of cards from different points of view is very conditional, since all aspects of cards are closely interrelated. A card issued by a Bank could be considered as a remote access tool to the Bank account, allowing any transactions to be made on the account. This is true for most Bank cards, but...
read morePayment systems based on Bank cards
The General principles of functioning of the payment system The main purpose of a payment system based on payment cards is to perform payments between the service/product supplier (seller) and the consumer of the service/product (buyer) who presented the payment card for payment. However, it is important to emphasize that these payments are made in non-cash form.In addition, the payment system ensures that the cardholder receives cash both on special devices-ATMs, and in operational cash desks that provide such services.in the most General...
read moreBanking products based on smart cards
Bank payment cards were originally created as a retail product aimed at the holder – an individual. And now all over the world, payment cards for banks are one of the most important areas of retail business. At the same time, the marketing goals of the business may be different. In the General case, depending on these purposes it is possible to distinguish three main directions of the use of payment cards:to work with the Bank’s clients – natural persons;to work with legal entities and their employees in the framework of...
read moreClassification of modern plastic cards
Classification of modern cards (or introduction to terminology) Cards can be classified in different ways. Each of the classification systems will be coherent and logical in its own way. It all depends on what principle it is based on.For example, cards can be divided by the organizations that issue them (issuers) and, accordingly, by the scope of application. For example, Bank cards are issued by banks, shopping cards are issued by stores, gas station chains issue fuel cards, and transport organizations (metro, railway) issue transport...
read moreDevelopment of contactless EMV cards
The idea of using a chip that interacts with the outside world using electromagnetic waves, i.e. contactless, appeared in the first half of the 90s. Cards using such chips became known as contactless cards.At first, contactless cards were exclusively memory cards. These cards were mainly used as a means of identifying an object (Radio Frequency ID, or RFID). For example, they were used to detect an object that fell into the reader’s working area (single-bit chips used in anti-theft systems), identify the object (in addition to detecting...
read moreForgery of the cryptogram type
Let’s focus on another type of fraud on the part of an unscrupulous merchant. In simplified form, fraud looks like this.When a microprocessor card holder applies to a merchant for a purchase, the merchant completes any terminal/card decision by rejecting the transaction. In this case, the cardholder either leaves the merchant with nothing, or pays for the product in cash.Next, the fraudulent merchant sends data on the unsuccessful transaction to the servicing Bank, as if the transaction was completed successfully in offline mode. In...
read moreARQC cryptogram generation
The CAP standard defines the most common OTP generation algorithm in the banking sector.The essence of CAP technology is as follows. It is assumed that the client has:a card with a standard EMV application that supports the PIN Offline cardholder verification method;a special device with a screen, keyboard, special buttons and a card reader for IPC (we will continue to call it a reader, in the literature it is often called PCR-Personal Card Reader).After the customer has inserted the card into the reader, the latter offers the cardholder to...
read moreGlobalPlatform Card Security Requirements Specification
GlobalPlatformIn the late 1990s, VISA developed a set of VISA OpenPlatform (VOP) standards that defined how applications can be remotely managed on the card, terminal, and systems related to downloading, installing, deleting, and personalization of applications.It soon became clear that in order for the VOP platform to be widely distributed, it had to be as open as possible. As a result, the VOP specifications were transferred by VISA to the OpenPlatform consortium, consisting of a number of organizations that expressed interest in the VOP...
read moreGenerating a cryptogram of the EMV transaction
All three applications support the generation of a transaction cryptogram, which acts as proof that the card operation was performed, as well as to ensure the integrity of the data transmitted to the Issuer. The only difference in cryptograms is that the CPA application cryptogram, unlike the M/Chip 4 and VSDC applications, uses the IAD object instead of the CVR object, which includes the CVR object, among other things.Conclusion. The cryptogram generated in the CPA application, in addition to its main purpose — online authentication of the...
read moreVerification of the card holder
All the applications under consideration support cardholder verification in the same way: verification methods (CVM Code) and their application codes (Condition Code) are the same in all applications and comply with the EMV V. 4.2 standard.Output. All the applications under consideration support cardholder verification in exactly the same way: the verification methods and their application codes are the same in all applications.Card risk management proceduresThe card’s risk management procedures are the main component of its...
read more