News

Modification of DDA/CDA transactions

Here are the simplest examples of possible data modification. If the terminal in the GENERATE AC command has requested a cryptogram TC, and the card in the person of the bank chip decides to process the transaction online or reject it offline, then the emulator chip changes the unprotected cryptogram information data in such a way that the card responds to the terminal with a cryptogram TC. Thus, the transaction is approved despite the fact that by the issuer’s decision it must either be rejected or transferred to the issuer for...

read more

Clone EMV card protection

Clone DDA/CDA card protection Service code 2xx. In our right hand we have a card with only a magnetic stripe, to which information is transferred from the magnetic stripe of the card located in the left hand. We are trying to use the card in a hybrid terminal that accepts microprocessor cards and magnetic stripe cards. The terminal must check the value of the service code on the magnetic strip, and if it is equal to 2XX, it must require the transaction to be performed using the chip. The terminal should not allow magnetic stripe operations if...

read more

Security analysis of operations on EMV cards

Properties of the microprocessor card, allowing to increase the security of operations The most important property of a microprocessor card (MPC) is the support of cryptographic functions by the operating system of the card. The use of these functions by the card application can significantly improve the security of payment transactions. The tasks solved by the IPC application to improve the security of plastic card transactions are listed below. 1. The most important basic task solved by the card application using cryptographic methods is to...

read more

Security of EMV transactions

To implement the CAP method, the client must have a microprocessor card with an EMV application, as well as a special card reader capable of initiating the generation of an OTP password and displaying its value consisting of 8 digits on the reader’s display (sometimes the reader and the card are combined in one physical device). Such a reader can cost several euros (10-15 euros, depending on the manufacturer and the volume of the purchased batch of devices). In addition to the additional costs of providing cardholders with readers,...

read more

Encoding data method for EMV Software

The ANSI/ISO/IEC 7811 standard is a specification for encoding information on an identification card using stamping or magnetic stripe techniques. This specification consists of five parts: relief embossing (writing method);magnetic stripe (recording method);the location of the characters when embossed on the ID-1 card;location of read-only magnetic tracks (tracks 1 and 2);the location of the tracks available for reading/writing (track 3). Relief embossing allows you to form symbols raised above the plane of the card body. The stamped...

read more

EMV application protection on smart cards

Unlike a normal personal computer, loading a program into memory and then executing it is not the main task for a smart card. Security mechanisms do not allow unauthorized program launches. In particular, you may need to authenticate the terminal for a specific application. In addition, the program code must be protected by at least a MAC address authentication code or a digital signature. Some smart card operating systems perform mutual isolation of memory areas of individual applications using software or hardware, so that the applications...

read more

Smart card interaction with EMV Software

The global concept of smart technology development is based on multi-functionality, which implies that several independent applications can be stored on a smart card: personal information (similar to a passport), driver’s license, etc., financial, identification, transport and other applications. With the growing role of the Internet in the global economy, the attention of leading technology and financial organizations to the standardization of smart cards and personal computers, as well as the procedures for their interaction, is...

read more

Smart Card Terminal authentication

The authenticity of the smart card user is verified by entering the PIN code. However, the user may also want to verify the authenticity of the terminal. Consider the potential threats of an attacker using a false terminal. An attacker could use such a machine to collect card PIN values entered by uninformed users. If the attacker who installed the terminal then stole these cards, he could use the PIN codes requested by the false terminal to perform any operations with the smart cards. There is a procedure that can be used to protect against...

read more

Security issues and organization of smart card protection

Smart cards are a rapidly developing field of information technology, which has its own security problems. Let’s first look at the security issues that are common to both contact and contactless smart cards. With regard to smart card technologies, there are currently three main areas for which you can specify typical attacks and appropriate counter-measures: The main component of a smart card is a silicon chip, which is an embedded piece of hardware. Accordingly, when evaluating the security of a smart card, a deliberate or...

read more

Security issues and organization of smart card protection

Smart cards are a rapidly developing field of information technology, which has its own security problems. Let’s first look at the security issues that are common to both contact and contactless smart cards. With regard to smart card technologies, there are currently three main areas for which you can specify typical attacks and appropriate counter-measures: The main component of a smart card is a silicon chip, which is an embedded piece of hardware. Accordingly, when evaluating the security of a smart card, a deliberate or...

read more