News

Payment systems based on Bank cards

The General principles of functioning of the payment system The main purpose of a payment system based on payment cards is to perform payments between the service/product supplier (seller) and the consumer of the service/product (buyer) who presented the payment card for payment. However, it is important to emphasize that these payments are made in non-cash form.In addition, the payment system ensures that the cardholder receives cash both on special devices-ATMs, and in operational cash desks that provide such services.in the most General...

read more

Banking products based on smart cards

Bank payment cards were originally created as a retail product aimed at the holder – an individual. And now all over the world, payment cards for banks are one of the most important areas of retail business. At the same time, the marketing goals of the business may be different. In the General case, depending on these purposes it is possible to distinguish three main directions of the use of payment cards:to work with the Bank’s clients – natural persons;to work with legal entities and their employees in the framework of...

read more

Classification of modern plastic cards

Classification of modern cards (or introduction to terminology) Cards can be classified in different ways. Each of the classification systems will be coherent and logical in its own way. It all depends on what principle it is based on.For example, cards can be divided by the organizations that issue them (issuers) and, accordingly, by the scope of application. For example, Bank cards are issued by banks, shopping cards are issued by stores, gas station chains issue fuel cards, and transport organizations (metro, railway) issue transport...

read more

Development of contactless EMV cards

The idea of using a chip that interacts with the outside world using electromagnetic waves, i.e. contactless, appeared in the first half of the 90s. Cards using such chips became known as contactless cards.At first, contactless cards were exclusively memory cards. These cards were mainly used as a means of identifying an object (Radio Frequency ID, or RFID). For example, they were used to detect an object that fell into the reader’s working area (single-bit chips used in anti-theft systems), identify the object (in addition to detecting...

read more

Forgery of the cryptogram type

Let’s focus on another type of fraud on the part of an unscrupulous merchant. In simplified form, fraud looks like this.When a microprocessor card holder applies to a merchant for a purchase, the merchant completes any terminal/card decision by rejecting the transaction. In this case, the cardholder either leaves the merchant with nothing, or pays for the product in cash.Next, the fraudulent merchant sends data on the unsuccessful transaction to the servicing Bank, as if the transaction was completed successfully in offline mode. In...

read more

ARQC cryptogram generation

The CAP standard defines the most common OTP generation algorithm in the banking sector.The essence of CAP technology is as follows. It is assumed that the client has:a card with a standard EMV application that supports the PIN Offline cardholder verification method;a special device with a screen, keyboard, special buttons and a card reader for IPC (we will continue to call it a reader, in the literature it is often called PCR-Personal Card Reader).After the customer has inserted the card into the reader, the latter offers the cardholder to...

read more

GlobalPlatform Card Security Requirements Specification

GlobalPlatformIn the late 1990s, VISA developed a set of VISA OpenPlatform (VOP) standards that defined how applications can be remotely managed on the card, terminal, and systems related to downloading, installing, deleting, and personalization of applications.It soon became clear that in order for the VOP platform to be widely distributed, it had to be as open as possible. As a result, the VOP specifications were transferred by VISA to the OpenPlatform consortium, consisting of a number of organizations that expressed interest in the VOP...

read more

Generating a cryptogram of the EMV transaction

All three applications support the generation of a transaction cryptogram, which acts as proof that the card operation was performed, as well as to ensure the integrity of the data transmitted to the Issuer. The only difference in cryptograms is that the CPA application cryptogram, unlike the M/Chip 4 and VSDC applications, uses the IAD object instead of the CVR object, which includes the CVR object, among other things.Conclusion. The cryptogram generated in the CPA application, in addition to its main purpose — online authentication of the...

read more

Verification of the card holder

All the applications under consideration support cardholder verification in the same way: verification methods (CVM Code) and their application codes (Condition Code) are the same in all applications and comply with the EMV V. 4.2 standard.Output. All the applications under consideration support cardholder verification in exactly the same way: the verification methods and their application codes are the same in all applications.Card risk management proceduresThe card’s risk management procedures are the main component of its...

read more

Specification of the EMV standard in the CPA application

Additional requirements for the CPA applicationFurther refinements of the EMV standard adopted in application CPA are listed below:if the payment System Environment (PSE) directory is supported on the CCD card, it is the only DDF File on the card. In other words, in the PSE CPA card DEF file, all Directory Entry objects (Tag ‘61’) represent only ADF files. At the same time, the CPA card must support selecting the application by the shortened name of the card application directory (selecting the application by at least 5 higher bytes of DF...

read more