News

Introduction to EMV cryptography

Introduction to cryptography General conceptCryptography plays a Central role in the development of card technologies. In applications related to transaction processing, typical tasks for various fields of technology are solved to protect information from unauthorized access, which include:ensuring the integrity of information (it is impossible for a third party located between the participants of the information exchange to modify the transmitted information in such a way that the receiving party does not notice it);ensuring the...

read more

Impact of migration on the system of the servicing Bank

Migration of the Bank to the IPC has a smaller impact on the host of the servicing Bank compared to the host of the Issuer. The servicing Bank must upgrade the software modules for managing devices of its host application in order to ensure that chip related data is received from the terminal and sent to the Issuer’s host without meaningful processing of this data. Two options are usually used for transmitting chip related data to the Issuer’s host: a composite data element 055 that is specifically designed for the purposes in...

read more

Choosing the IPC hardware and software platform

The choice of the hardware and software platform of the microprocessor card and the configuration of its application is largely determined by the tasks formulated by the Bank in its card programs. Here are a few examples to illustrate this.If the Bank plans to use prepaid cards, it is obvious that most operations on such cards will be performed offline. Therefore, to avoid the possibility of fraudsters cloning SDA cards, it is advisable to use chips that support dynamic authentication methods for a prepaid card. Despite the fact that a card...

read more

Possible schemes for forging a magnetic stripe

In the right hand, we only have a card with a magnetic stripe, which is transferred to the information from the magnetic stripe of the card located in the left hand. We are trying to use the card in a hybrid terminal that accepts microprocessor cards and magnetic stripe cards. The terminal must check the value of the service Code on the magnetic stripe, and if it is equal to 2xx, it must require the transaction to be performed using the chip.The terminal must not allow magnetic stripe operations if the service code value is 2xx and the...

read more

Terminals with EMV specifications

Today, most terminals except ATMs, SAT1 – and SAT2-terminals support the ability to perform transactions in offline mode, i.e. they belong to the second class of terminals. The offline mode of the terminal includes support for offline card authentication methods (SDA support is mandatory everywhere, DDA support is mandatory in Europe, and CDA is recommended), risk management procedures (checking the value of Terminal Floor Limit stop lists, Random Transaction Selection, and Velocity Checking procedures), and storing and uploading...

read more

EMV technology implementation

In addition to dynamic card authentication, the CDA method also ensures the integrity of the most critical information exchange data in the “card — terminal” dialog (CID and transaction details). This is achieved by combining the card authentication procedure with the GENERATE AC command, during which the most important data is exchanged between the card and the terminal.The offline authentication method is selected by the terminal based on the AIP data and the terminal capabilities defined by the value of the third byte of the...

read more

Features of migration to microprocessor cards

Migration of a Bank to issue and service MPC is an expensive and technically complex task that falls into several subtasks. These include: setting the migration task for the IPC; selecting the IPC hardware and software platform, card provider, and application configuration; upgrading the application software of the Central transaction processing system (both online and clearing messages); upgrading the card personalization system; upgrade of terminal equipment; the modernization of cryptographic hardware (Hardware Security Module or HSM)....

read more

EMV Card Personalization Specification

The card’s life cycle (Card Production Life Cycle, or CPLC for short) consists of five main phases. At various stages of the card’s lifecycle, the chip manufacturer, the card supplier, the card Issuer, and finally the card holder work with the card. However, the distribution of actions performed with the card at different stages of the cycle depends significantly on whether the card is static or supports an open operating system, such as Java Card, whether executable application modules/applets are loaded into ROM or EEPR0M, and...

read more

Issue Script Processing EMV Procedure

Using the CSU element is an alternative to the issue Script Processing procedure. This element allows the Issuer to change the card state and change the values of its parameters. If the Issuer authentication is successful and the terminal requests a vehicle from the card, and bit 8 of byte 2 ‘Issuer Approves Online Transaction’ in the received CSU element is equal to 1, the card approves the transaction and returns the vehicle cryptogram. If the Issuer authentication is successful and bit 8 of byte 2 ‘Issuer Approves Online...

read more

ARPC verification in the EMV standard

The CCD application uses parameters called non – velocity checking indicator (NVI) in the CVR): Issuer Authentication Failed (authentication of the Issuer failed); Last Online Transaction not completed (the last online transaction was not completed, i.e. the ARQC was sent to the Issuer, but no response was received from the card Issuer); Issue Script Processing Failed (Script Processing failed); Go Online on Next Transaction was set (a flag indicating that the next transaction should be performed in online authorization mode). These...

read more